CVE-2017-11104

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Knot DNS versions prior to 2.4.5 Knot DNS versions 2.5.x prior to 2.5.2

Description The issue is related to a flaw in the TSIG protocol implementation. This flaw allows an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set. The bypass is possible due to an improper TSIG validity period check.

Recommendations For Knot DNS versions prior to 2.4.5, update to version 2.4.5 or later. For Knot DNS versions 2.5.x prior to 2.5.2, update to version 2.5.2 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-11104

DSA-3910-1

OPENSUSE-SU-2018_1395-1

OPENSUSE-SU-2020:1085-1

OPENSUSE-SU-2020:1086-1

OPENSUSE-SU-2020:1112-1

OPENSUSE-SU-2020:1232-1

OPENSUSE-SU-2020_1085-1

OPENSUSE-SU-2020_1086-1

Affected Products

Knot Dns

Suse

CVE-2017-11104

Weakness Enumeration

Related Identifiers

Affected Products

References · 27