CVE-2017-3141

Name of the Vulnerable Software and Affected Versions BIND versions 9.2.6-P2 through 9.2.9 BIND versions 9.3.2-P1 through 9.3.6 BIND versions 9.4.0 through 9.8.8 BIND versions 9.9.0 through 9.9.10 BIND versions 9.10.0 through 9.10.5 BIND versions 9.11.0 through 9.11.1 BIND versions 9.9.3-S1 through 9.9.10-S1 BIND versions 9.10.5-S1

Description The issue arises from the BIND installer on Windows using an unquoted service path. This can allow a local user to achieve privilege escalation if the host file system permissions permit it. The problem enables local users to gain privileges.

Recommendations For versions 9.2.6-P2 through 9.2.9, update to a version outside of this range to mitigate the risk. For versions 9.3.2-P1 through 9.3.6, update to a version outside of this range to mitigate the risk. For versions 9.4.0 through 9.8.8, update to a version outside of this range to mitigate the risk. For versions 9.9.0 through 9.9.10, update to a version outside of this range to mitigate the risk. For versions 9.10.0 through 9.10.5, update to a version outside of this range to mitigate the risk. For versions 9.11.0 through 9.11.1, update to a version outside of this range to mitigate the risk. For versions 9.9.3-S1 through 9.9.10-S1, update to a version outside of this range to mitigate the risk. For version 9.10.5-S1, update to a version outside of this range to mitigate the risk.