CVE-2017-3142

Source
Severity High
Remote Yes
Type Access restriction bypass
Description
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized zone transfers or forge NOTIFY packets. The attacker needs to have knowledge of the key name, and should be allowed by the other ACL restrictions if any.
Group Package Affected Fixed Severity Status Ticket
AVG-335 bind 9.11.1.P1-1 9.11.1.P2-1 High Fixed
Date Advisory Group Package Severity Description
04 Jul 2017 ASA-201707-3 AVG-335 bind High access restriction bypass
References
https://kb.isc.org/article/AA-01504/74/CVE-2017-3142%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-zone-transfers.html