{"id":"CVE-2017-3142","details":"An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0-\u003e9.8.8, 9.9.0-\u003e9.9.10-P1, 9.10.0-\u003e9.10.5-P1, 9.11.0-\u003e9.11.1-P1, 9.9.3-S1-\u003e9.9.10-S2, 9.10.5-S1-\u003e9.10.5-S2.","modified":"2026-03-20T11:20:32.526253Z","published":"2019-01-16T20:29:00.550Z","related":["MGASA-2017-0478","SUSE-SU-2017:1736-1","SUSE-SU-2017:1737-1","SUSE-SU-2017:1738-1","openSUSE-SU-2024:10650-1"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3904"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99339"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038809"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1679"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1680"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"},{"type":"ADVISORY","url":"https://kb.isc.org/docs/aa-01504"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190830-0003/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/isc-projects/bind9","events":[{"introduced":"0"},{"last_affected":"6d06e7e7e585e30b419e4e20815cb8233c48f7b1"},{"introduced":"0"},{"last_affected":"6d06e7e7e585e30b419e4e20815cb8233c48f7b1"},{"introduced":"0"},{"last_affected":"d7e5f7903de06e504aac4a3822a41d69e159e370"},{"introduced":"0"},{"last_affected":"6d06e7e7e585e30b419e4e20815cb8233c48f7b1"},{"introduced":"0"},{"last_affected":"f8a0c0bed6ed629e314d22619510939c61d88b0e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"8.0"}]}},{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"600305bf9b2e7ab79b95989190f84fdcf4140cc1"},{"last_affected":"8fc2e36186691698d247ab040b83793a9189de73"},{"introduced":"3514c49b2fbcdf95b2735878e2487fce9a3ddad5"},{"last_affected":"1a7c6f9dc8b32b52a4462ec0a9b8fa40da628546"},{"introduced":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"last_affected":"feb005b1b94f0493cd69d70a77a30a15b9a62993"},{"introduced":"1477c19dd9a347ee19a42dac227f299a4680506f"},{"last_affected":"e3dc2e7b9941566190fd2691e1c71ce232f9a7c6"},{"introduced":"0"},{"last_affected":"8a2d9ba36c16111ebb3be1a1c61fa0ebc2610c40"},{"introduced":"0"},{"last_affected":"1c59cea1c0e26e2da3f2afb90200bfe9f7748c03"},{"introduced":"0"},{"last_affected":"733de85889f4f126106ec4389d32d92046a6e1be"},{"introduced":"0"},{"last_affected":"341e64a2de908ceec50ed46d243bf3402342735c"},{"introduced":"0"},{"last_affected":"341e64a2de908ceec50ed46d243bf3402342735c"},{"introduced":"0"},{"last_affected":"a39c587731ff8da751c26592838fbc04d8b62678"},{"introduced":"0"},{"last_affected":"e7f06a85359873b4822acac1b87a885310fd6ac2"},{"introduced":"0"},{"last_affected":"19d6c56085e97cf4ac559cdc27edd624127bcb32"}],"database_specific":{"versions":[{"introduced":"9.4.0"},{"last_affected":"9.8.8"},{"introduced":"9.9.0"},{"last_affected":"9.9.10"},{"introduced":"9.10.0"},{"last_affected":"9.10.5"},{"introduced":"9.11.0"},{"last_affected":"9.11.1"},{"introduced":"0"},{"last_affected":"9.9.0-p1"},{"introduced":"0"},{"last_affected":"9.9.3-s1"},{"introduced":"0"},{"last_affected":"9.9.10-s2"},{"introduced":"0"},{"last_affected":"9.10.5-p1"},{"introduced":"0"},{"last_affected":"9.10.5-s1"},{"introduced":"0"},{"last_affected":"9.10.5-s2"},{"introduced":"0"},{"last_affected":"9.11.1-p1"},{"introduced":"0"},{"last_affected":"9.0"}]}}],"versions":["ondrej/008bfb6249a5f81d9e02ad4d39fda63fab57a0ad","ondrej/00ce93a69cd809810b82dbb229abf59d8e5850cc","ondrej/1a1413ff5910ace7919bb8db0a1bb1f6e9c9ff7d","ondrej/4d292fc37ff5e99462756352c6028af7d0becf74","ondrej/6d06e7e7e585e30b419e4e20815cb8233c48f7b1","ondrej/6d1fdb850516a8d1fbfa853c56a1ef7627d54a72","ondrej/761b47a64845cb647d4fa3362be538eb0e7174d9","ondrej/840e56a979c3719ded668d5aaa04b1bddce465ef","ondrej/a42afbce2e34a5f990517fee7eab013c4adb8c0a","ondrej/a5f554959ec531712f6e14a8cb8c90d87cc27932","ondrej/b177581bb230d89821d1e2e5e91f93bee3fc4192","ondrej/be1e6499742e241d71c7e79434e278a0c89d141b","ondrej/c63b7fad498dbe56710b655bd296a58abba64bb8","ondrej/d7e5f7903de06e504aac4a3822a41d69e159e370","ondrej/fb07c38697c9f4f76dcb921487c4f96813c99b69","v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.10.0b2","v9.10.0rc1","v9.11.0","v9.11.0a1","v9.11.0a2","v9.11.0a3","v9.11.1","v9.11.1b1","v9.11.1rc1","v9.11.1rc2","v9.11.1rc3","v9.12.0a1","v9.12.0b1","v9.12.0b2","v9.12.0rc1","v9.13.0","v9.13.2","v9.13.3","v9.13.4","v9.13.5","v9.13.6","v9.15.0","v9.15.2","v9.15.3","v9.15.4","v9.15.5","v9.15.6","v9.15.7","v9.15.8","v9.17.4","v9.19.0","v9.19.1","v9.19.10","v9.19.11","v9.19.12","v9.19.13","v9.19.14","v9.19.15","v9.19.16","v9.19.17","v9.19.18","v9.19.19","v9.19.2","v9.19.21","v9.19.22","v9.19.23","v9.19.24","v9.19.3","v9.19.4","v9.19.5","v9.19.6","v9.19.7","v9.19.8","v9.19.9","v9.20.0","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1","v9.9.0","v9.9.1","v9.9.10","v9.9.10b1","v9.9.10rc1","v9.9.10rc2","v9.9.10rc3","v9.9.2b1","v9.9.2rc1","v9.9.3","v9.9.3b1","v9.9.3b2","v9.9.3rc1","v9.9.3rc2","v9.9.4","v9.9.4b1","v9.9.4rc1","v9.9.4rc2","v9.9.5","v9.9.5b1","v9.9.5rc1","v9.9.5rc2","v9.9.6","v9.9.6b1","v9.9.6b2","v9.9.6rc1","v9.9.6rc2","v9.9.7","v9.9.7b1","v9.9.7rc1","v9.9.7rc2","v9.9.8","v9.9.8b1","v9.9.8rc1","v9.9.9","v9.9.9b1","v9.9.9b2","v9.9.9rc1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.6"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-3142.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}