Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2017-3143

Description

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

POC

Reference

No PoCs from references.

Github

- https://github.com/ALTinners/bind9

- https://github.com/ARPSyndicate/cvemon

- https://github.com/AndrewLipscomb/bind9

- https://github.com/DButter/whitehat_public

- https://github.com/Dokukin1/Metasploitable

- https://github.com/Furious992/HW13-01

- https://github.com/Iknowmyname/Nmap-Scans-M2

- https://github.com/Maribel0370/Nebula-io

- https://github.com/Mehedi-Babu/Vulnerability_research

- https://github.com/NikulinMS/13-01-hw

- https://github.com/Zhivarev/13-01-hw

- https://github.com/balabit-deps/balabit-os-7-bind9

- https://github.com/balabit-deps/balabit-os-8-bind9-libs

- https://github.com/balabit-deps/balabit-os-9-bind9-libs

- https://github.com/dkiser/vulners-yum-scanner

- https://github.com/ducducuc111/Awesome-Vulnerability-Research

- https://github.com/gladiopeace/awesome-stars

- https://github.com/lekctut/sdb-hw-13-01

- https://github.com/mrt2h/DZ

- https://github.com/openkylin/bind9-libs

- https://github.com/pedr0alencar/vlab-metasploitable2

- https://github.com/pexip/os-bind9

- https://github.com/pexip/os-bind9-libs

- https://github.com/psmedley/bind-os2

- https://github.com/saaph/CVE-2017-3143

- https://github.com/securitychampions/Awesome-Vulnerability-Research

- https://github.com/sergey-pronin/Awesome-Vulnerability-Research

- https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems

- https://github.com/zzzWTF/db-13-01