Unquoted search path in ISC BIND - CVE-2017-3141
Published: June 15, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU7092
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/U:Clear
CVE-ID: CVE-2017-3141
CWE-ID: CWE-428
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: ISC
Affected software:
ISC BIND
ISC BIND
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.
Only Windows systems are affected by this issue.
The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.
Only Windows systems are affected by this issue.
How to mitigate CVE-2017-3141
Use the latest installer for versions 9.9.10-P1, 9.10.5-P1 or 9.11.1-P1.