CVE-2017-3141

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-3141
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3141.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-3141
Downstream
Related
Published
2019-01-16T20:29:00.503Z
Modified
2026-04-10T04:00:07.857599Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
39e24bfe50135fcb6948b1843c3776edf26a6b90
Last affected
a7637b7db78575420ac807b368b55e4831a5ecfd
Introduced
2cdd6ef127cd3ed1312ade400e9f5b4a66fbe34e
Last affected
7b3438f4d4f1f6961a5fa0aa5ba122b8542e03a0
Introduced
600305bf9b2e7ab79b95989190f84fdcf4140cc1
Last affected
8fc2e36186691698d247ab040b83793a9189de73
Introduced
3514c49b2fbcdf95b2735878e2487fce9a3ddad5
Last affected
1a7c6f9dc8b32b52a4462ec0a9b8fa40da628546
Introduced
63fbb3ea39094353765c04a6066b9e1d1013992a
Last affected
feb005b1b94f0493cd69d70a77a30a15b9a62993
Introduced
1477c19dd9a347ee19a42dac227f299a4680506f
Last affected
e3dc2e7b9941566190fd2691e1c71ce232f9a7c6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e4e80d69b9bbbcda505ded59c308755ca64e839f
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f00a50a9373898c72b37d9f46c5cdd7aea20655b
Database specific 
{
    "versions": [
        {
            "introduced": "9.2.6"
        },
        {
            "last_affected": "9.2.9"
        },
        {
            "introduced": "9.3.2"
        },
        {
            "last_affected": "9.3.6"
        },
        {
            "introduced": "9.4.0"
        },
        {
            "last_affected": "9.8.8"
        },
        {
            "introduced": "9.9.0"
        },
        {
            "last_affected": "9.9.10"
        },
        {
            "introduced": "9.10.0"
        },
        {
            "last_affected": "9.10.5"
        },
        {
            "introduced": "9.11.0"
        },
        {
            "last_affected": "9.11.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.2.6-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.3.2-p1"
        }
    ]
}

Affected versions

v9.*
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.10.0rc2
v9.10.1
v9.10.1b1
v9.10.1b2
v9.10.1rc1
v9.10.1rc2
v9.10.2
v9.10.2b1
v9.10.2rc1
v9.10.2rc2
v9.10.3
v9.10.3b1
v9.10.3rc1
v9.10.4
v9.10.4b1
v9.10.4b2
v9.10.4b3
v9.10.4rc1
v9.10.5
v9.10.5b1
v9.10.5rc1
v9.10.5rc2
v9.10.5rc3
v9.11.0
v9.11.1
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.2.4rc1
v9.2.4rc3
v9.2.4rc4
v9.2.4rc5
v9.2.4rc6
v9.2.4rc7
v9.2.6
v9.2.6b2
v9.2.9
v9.2.9b1
v9.2.9rc1
v9.3.2b1
v9.3.6
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.7.0a1
v9.8.0
v9.8.0rc1
v9.8.1b1
v9.8.1rc1
v9.8.2b1
v9.8.2rc1
v9.8.2rc2
v9.8.4b1
v9.8.4rc1
v9.8.5
v9.8.5b1
v9.8.5b2
v9.8.5rc1
v9.8.5rc2
v9.8.6
v9.8.6b1
v9.8.6rc1
v9.8.6rc2
v9.8.7
v9.8.7b1
v9.8.7rc1
v9.8.7rc2
v9.8.8
v9.8.8b1
v9.8.8b2
v9.8.8rc1
v9.8.8rc2
v9.9.0
v9.9.1
v9.9.10
v9.9.10b1
v9.9.10rc1
v9.9.10rc2
v9.9.10rc3
v9.9.2b1
v9.9.2rc1
v9.9.3
v9.9.3b1
v9.9.3b2
v9.9.3rc1
v9.9.3rc2
v9.9.4
v9.9.4b1
v9.9.4rc2
v9.9.5
v9.9.5b1
v9.9.5rc1
v9.9.5rc2
v9.9.6
v9.9.6b1
v9.9.6b2
v9.9.6rc1
v9.9.6rc2
v9.9.7
v9.9.7b1
v9.9.7rc1
v9.9.7rc2
v9.9.8
v9.9.8b1
v9.9.8rc1
v9.9.9
v9.9.9b1
v9.9.9b2
v9.9.9rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3141.json"