Vulnerability CVE-2017-11104

Vulnerability Name:

CVE-2017-11104 (CCN-129206)

Assigned:

2017-06-23

Published:

2017-06-23

Updated:

2023-01-20

Summary:

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2017-11104

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: BID-99598
Knot DNS CVE-2017-11104 Authentication Bypass Vulnerability

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Exploit, Mitigation, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Issue Tracking, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Debian Bug report logs - #865678
knot: CVE-2017-11104: Improper TSIG validity period check can allow TSIG forgery

Source: XF
Type: UNKNOWN
knotdns-cve201711104-sec-bypass(129206)

Source: cve@mitre.org
Type: Broken Link, Mailing List, Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Knot DNS Web site
Knot DNS

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201711104	V	CVE-2017-11104	2022-05-22
oval:org.opensuse.security:def:64816	P	Security update for gmp (Moderate)	2021-12-06
oval:org.opensuse.security:def:74391	P	Security update for webkit2gtk3 (Important)	2021-12-02
oval:org.opensuse.security:def:63211	P	libcacard-devel-2.5.3-1.27 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64758	P	Security update for libesmtp (Important)	2021-09-03
oval:org.opensuse.security:def:63504	P	openconnect-7.08-6.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63008	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63001	P	ctags-5.8-1.27 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63005	P	dpkg-1.19.0.4-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63033	P	perl-DNS-LDNS-1.7.0-4.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62783	P	libexif-devel-0.6.22-5.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:64549	P	Security update for wireshark (Moderate)	2021-07-22
oval:org.opensuse.security:def:64548	P	Security update for curl (Moderate)	2021-07-21
oval:org.opensuse.security:def:63062	P	java-1_8_0-openjdk-1.8.0.161-1.52 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:64656	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:64451	P	Security update for ceph (Important)	2020-12-21
oval:org.opensuse.security:def:63264	P	graphviz-tcl-2.40.1-6.3.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63628	P	libntfs-3g-devel-2016.2.22-3.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62606	P	typelib-1_0-JavaScriptCore-4_0-2.24.1-3.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63402	P	tomcat-9.0.14-2.16 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62583	P	libtag-devel-1.11.1-2.50 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62582	P	libsrtp-devel-1.6.0-2.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64928	P	Security update for dnsmasq (Moderate)	2020-12-01
oval:org.opensuse.security:def:64195	P	libpacemaker-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75003	P	Security update for knot (Moderate)	2020-12-01
oval:org.opensuse.security:def:64339	P	libjpeg62 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64089	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:63707	P	Security update for libcroco (Moderate)	2020-12-01
oval:org.opensuse.security:def:64083	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:74870	P	Security update for icingaweb2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:64297	P	libXRes1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63955	P	Security update for audiofile (Low)	2020-12-01
oval:org.opensuse.security:def:63854	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:74517	P	Security update for knot (Moderate)	2020-12-01
oval:org.opensuse.security:def:64412	P	libzmq5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:109697	P	Security update for knot (Moderate)	2020-08-18
oval:org.opensuse.security:def:103040	P	Security update for knot (Moderate)	2020-08-18
oval:org.opensuse.security:def:96350	P	Security update for knot (Moderate)	2020-08-18
oval:org.opensuse.security:def:93498	P	Security update for knot (Moderate)	2020-07-29
oval:org.opensuse.security:def:100211	P	Security update for knot (Moderate)	2020-07-29
oval:org.opensuse.security:def:110141	P	Security update for knot (Moderate)	2020-07-26
oval:org.opensuse.security:def:110698	P	Security update for knot (Moderate)	2020-07-26
oval:com.ubuntu.bionic:def:2017111040000000	V	CVE-2017-11104 on Ubuntu 18.04 LTS (bionic) - medium.	2017-07-08
oval:com.ubuntu.artful:def:201711104000	V	CVE-2017-11104 on Ubuntu 17.10 (artful) - medium.	2017-07-08
oval:com.ubuntu.xenial:def:201711104000	V	CVE-2017-11104 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-08
oval:com.ubuntu.xenial:def:2017111040000000	V	CVE-2017-11104 on Ubuntu 16.04 LTS (xenial) - medium.	2017-07-08
oval:com.ubuntu.bionic:def:201711104000	V	CVE-2017-11104 on Ubuntu 18.04 LTS (bionic) - medium.	2017-07-08
oval:com.ubuntu.disco:def:2017111040000000	V	CVE-2017-11104 on Ubuntu 19.04 (disco) - medium.	2017-07-08
oval:com.ubuntu.cosmic:def:201711104000	V	CVE-2017-11104 on Ubuntu 18.10 (cosmic) - medium.	2017-07-08
oval:com.ubuntu.cosmic:def:2017111040000000	V	CVE-2017-11104 on Ubuntu 18.10 (cosmic) - medium.	2017-07-08
oval:com.ubuntu.trusty:def:201711104000	V	CVE-2017-11104 on Ubuntu 14.04 LTS (trusty) - medium.	2017-07-08

BACK