Vulnerability CVE-2017-3141
Published: 2019-01-16

Description:
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
BIND 9.10.5 Unquoted Service Path Privilege Escalation
hyp3rlinx
06.06.2017

Type:

CWE-428

 (Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
ISC -> BIND 

 References:
http://www.securityfocus.com/bid/99089
http://www.securitytracker.com/id/1038693
https://kb.isc.org/docs/aa-01496
https://security.gentoo.org/glsa/201708-01
https://security.netapp.com/advisory/ntap-20180926-0001/
https://www.exploit-db.com/exploits/42121/
Copyright 2024, cxsecurity.com

 

Back to Top