|
Message-ID: <1498828310.18870.32.camel@debian.org>
Date: Fri, 30 Jun 2017 15:11:50 +0200
From: Yves-Alexis Perez <corsac@...ian.org>
To: oss-security@...ts.openwall.com
Cc: ISC Security Officer <security-officer@....org>
Subject: Re: ISC announces two BIND vulnerabilities
On Fri, 2017-06-30 at 12:41 +0200, Yves-Alexis Perez wrote:
> CVE-2017-3043: An error in TSIG authentication can permit unauthorized dynamic
> updates
Sorry, this is a typo. It should be CVE-2017-3143. My apologies to ISC and all
for the confusion.
>
> An attacker who is able to send and receive messages to an authoritative DNS
> server and who has knowledge of a valid TSIG key name for the zone and service
> being targeted may be able to manipulate BIND into accepting an unauthorized
> dynamic update.
--
Yves-Alexis
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.