Date: Fri, 30 Jun 2017 15:11:50 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Cc: ISC Security Officer <security-officer@....org> Subject: Re: ISC announces two BIND vulnerabilities On Fri, 2017-06-30 at 12:41 +0200, Yves-Alexis Perez wrote: > CVE-2017-3043: An error in TSIG authentication can permit unauthorized dynamic > updates Sorry, this is a typo. It should be CVE-2017-3143. My apologies to ISC and all for the confusion. > > An attacker who is able to send and receive messages to an authoritative DNS > server and who has knowledge of a valid TSIG key name for the zone and service > being targeted may be able to manipulate BIND into accepting an unauthorized > dynamic update. -- Yves-Alexis [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ