An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "bind9" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "bind9-doc" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "bind9-host" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "bind9utils" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "dnsutils" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "host" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "libbind-dev" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "libbind9-90" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "libdns100" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "libisc95" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "libisccc90" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "libisccfg90" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "liblwres90" }, { "binary_version": "1:9.9.5.dfsg-3ubuntu0.15", "binary_name": "lwresd" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "bind9" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "bind9-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "bind9-doc" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "bind9-host" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "bind9-host-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "bind9utils" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "bind9utils-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "dnsutils" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "dnsutils-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "host" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libbind-dev" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libbind-export-dev" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libbind9-140" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libbind9-140-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libdns-export162" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libdns-export162-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libdns-export162-udeb" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libdns-export162-udeb-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libdns162" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libdns162-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libirs-export141" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libirs-export141-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libirs-export141-udeb" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libirs-export141-udeb-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libirs141" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libirs141-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisc-export160" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisc-export160-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisc-export160-udeb" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisc-export160-udeb-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisc160" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisc160-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccc-export140" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccc-export140-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccc-export140-udeb" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccc-export140-udeb-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccc140" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccc140-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccfg-export140" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccfg-export140-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccfg-export140-udeb" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccfg-export140-udeb-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccfg140" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "libisccfg140-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "liblwres141" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "liblwres141-dbgsym" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "lwresd" }, { "binary_version": "1:9.10.3.dfsg.P4-8ubuntu1.7", "binary_name": "lwresd-dbgsym" } ] }