DSA-3904-1 bind9 -- bind9ID: oval:org.secpod.oval:def:68291 | Date: (C)2021-01-19 (M)2023-12-20 |
Class: PATCH | Family: unix |
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient accepting bogus NOTIFY packets. An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
bind9 |
libbind-export-dev |
libisccc140 |
host |
libisc160 |
libisccfg140 |
libdns162 |
dnsutils |
libbind-dev |
libdns-export162 |
liblwres141 |
libbind9-140 |
libirs-export141 |
libisccc-export140 |
libisccfg-export140 |
libirs141 |
libisc-export160 |
lwresd |