Windows service and uninstall paths are not quoted when BIND is installed

CVE-2017-3141

7.2HIGH

Key Information

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 16 January 2019

Badges

👾 Exploit Exists

Summary

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

Affected Version(s)

BIND 9 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1

References

https://security.gentoo.org/glsa/201708-01

vendor-advisoryx_refsource_GENTOO

https://kb.isc.org/docs/aa-01496

x_refsource_CONFIRM

http://www.securitytracker.com/id/1038693

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 2, 2016

Collectors

NVD DatabaseMitre Database

Credit

ISC would like to thank John Page aka hyp3rlinx for reporting this issue.

.