[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] ISC announces two BIND vulnerabilities
From: Yves-Alexis Perez <corsac () debian ! org>
Date: 2017-06-30 13:11:50
Message-ID: 1498828310.18870.32.camel () debian ! org
[Download RAW message or body]
On Fri, 2017-06-30 at 12:41 +0200, Yves-Alexis Perez wrote:
> CVE-2017-3043: An error in TSIG authentication can permit unauthorized dynamic
> updates
Sorry, this is a typo. It should be CVE-2017-3143. My apologies to ISC and all
for the confusion.
>
> An attacker who is able to send and receive messages to an authoritative DNS
> server and who has knowledge of a valid TSIG key name for the zone and service
> being targeted may be able to manipulate BIND into accepting an unauthorized
> dynamic update.
--
Yves-Alexis
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic