Test ID:	1.3.6.1.4.1.25623.1.0.106937
Category:	General
Title:	ISC BIND Security Bypass Vulnerability
Summary:	A flaw was found in the way BIND handled TSIG authentication for dynamic; updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to; manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.
Description:	Summary: A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. Affected Software/OS: ISC BIND versions 9.4.0-9.8.8, 9.9.0-9.9.10-P1, 9.10.0-9.10.5-P1, 9.11.0-9.11.1-P1, 9.9.3-S1-9.9.10-S2 and 9.10.5-S1-9.10.5-S2 Solution: Update to version 9.9.10-P2, 9.10.5-P2, 9.11.1-P2, 9.9.10-S3, 9.10.5-S3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-3143 BugTraq ID: 99337 http://www.securityfocus.com/bid/99337 Debian Security Information: DSA-3904 (Google Search) https://www.debian.org/security/2017/dsa-3904 RedHat Security Advisories: RHSA-2017:1679 https://access.redhat.com/errata/RHSA-2017:1679 RedHat Security Advisories: RHSA-2017:1680 https://access.redhat.com/errata/RHSA-2017:1680 http://www.securitytracker.com/id/1038809
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.