CVE-2017-3141

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
iscCNA
7.2 HIGH
LOCAL
HIGH
HIGH
CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
iscbind
9.2.6 ≤
𝑥
≤ 9.2.9
iscbind
9.3.2 ≤
𝑥
≤ 9.3.6
iscbind
9.4.0 ≤
𝑥
≤ 9.8.8
iscbind
9.9.0 ≤
𝑥
≤ 9.9.10
iscbind
9.10.0 ≤
𝑥
≤ 9.10.5
iscbind
9.11.0 ≤
𝑥
≤ 9.11.1
iscbind
9.2.6:p2
iscbind
9.3.2:p1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
zesty
not-affected
yakkety
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99089
http://www.securitytracker.com/id/1038693
https://kb.isc.org/docs/aa-01496
https://security.gentoo.org/glsa/201708-01
https://security.netapp.com/advisory/ntap-20180926-0001/
https://www.exploit-db.com/exploits/42121/
http://www.securityfocus.com/bid/99089
http://www.securitytracker.com/id/1038693
https://kb.isc.org/docs/aa-01496
https://security.gentoo.org/glsa/201708-01
https://security.netapp.com/advisory/ntap-20180926-0001/
https://www.exploit-db.com/exploits/42121/