Date: Fri, 30 Jun 2017 15:11:50 +0200 From: Yves-Alexis Perez <corsac@...ian.org> To: oss-security@...ts.openwall.com Cc: ISC Security Officer <security-officer@....org> Subject: Re: ISC announces two BIND vulnerabilities On Fri, 2017-06-30 at 12:41 +0200, Yves-Alexis Perez wrote: > CVE-2017-3043: An error in TSIG authentication can permit unauthorized dynamic > updates Sorry, this is a typo. It should be CVE-2017-3143. My apologies to ISC and all for the confusion. > > An attacker who is able to send and receive messages to an authoritative DNS > server and who has knowledge of a valid TSIG key name for the zone and service > being targeted may be able to manipulate BIND into accepting an unauthorized > dynamic update. -- Yves-Alexis Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.