Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 30 Jun 2017 15:11:50 +0200
From: Yves-Alexis Perez <>
Cc: ISC Security Officer <>
Subject: Re: ISC announces two BIND vulnerabilities

On Fri, 2017-06-30 at 12:41 +0200, Yves-Alexis Perez wrote:
> CVE-2017-3043: An error in TSIG authentication can permit unauthorized dynamic
> updates

Sorry, this is a typo. It should be CVE-2017-3143. My apologies to ISC and all
for the confusion.
> An attacker who is able to send and receive messages to an authoritative DNS
> server and who has knowledge of a valid TSIG key name for the zone and service
> being targeted may be able to manipulate BIND into accepting an unauthorized
> dynamic update.
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.