admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-29 01:31:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2017/CVE-2017-3142.md
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

34 lines
2.6 KiB
Markdown
Raw Blame History

### [CVE-2017-3142](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142)
![](https://img.shields.io/static/v1?label=Product&message=BIND%209&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=An%20unauthorized%20AXFR%20(full%20zone%20transfer)%20permits%20an%20attacker%20to%20view%20the%20entire%20contents%20of%20a%20zone.%20%20Protection%20of%20zone%20contents%20is%20often%20a%20commercial%20or%20business%20requirement.%20%0AIf%20accepted%2C%20a%20NOTIFY%20sets%20the%20zone%20refresh%20interval%20to%20'now'.%20%20If%20there%20is%20not%20already%20a%20refresh%20cycle%20in%20progress%20then%20named%20will%20initiate%20one%20by%20asking%20for%20the%20SOA%20RR%20from%20its%20list%20of%20masters.%20%20If%20there%20is%20already%20a%20refresh%20cycle%20in%20progress%2C%20then%20named%20will%20queue%20the%20new%20refresh%20request.%20%20If%20there%20is%20already%20a%20queued%20refresh%20request%2C%20the%20new%20NOTIFY%20will%20be%20discarded.%20Bogus%20notifications%20can't%20be%20used%20to%20force%20a%20zone%20transfer%20from%20a%20malicious%20server%2C%20but%20could%20trigger%20a%20high%20rate%20of%20zone%20refresh%20cycles.&color=brighgreen)
### Description
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ALTinners/bind9
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AndrewLipscomb/bind9
- https://github.com/DButter/whitehat_public
- https://github.com/Dokukin1/Metasploitable
- https://github.com/Iknowmyname/Nmap-Scans-M2
- https://github.com/NikulinMS/13-01-hw
- https://github.com/Zhivarev/13-01-hw
- https://github.com/balabit-deps/balabit-os-7-bind9
- https://github.com/balabit-deps/balabit-os-8-bind9-libs
- https://github.com/balabit-deps/balabit-os-9-bind9-libs
- https://github.com/dkiser/vulners-yum-scanner
- https://github.com/pexip/os-bind9
- https://github.com/pexip/os-bind9-libs
- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
- https://github.com/zparnold/deb-checker
- https://github.com/zzzWTF/db-13-01
Reference in New Issue View Git Blame Copy Permalink