Bugzilla – Bug 1047841
VUL-0: CVE-2017-11104: knot: bypass TSIG authentication
Last modified: 2020-10-27 16:08:46 UTC
CVE-2017-11104 Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11104 http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf https://bugs.debian.org/865678 https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
@darix: any idea if we plan to switch to knot2 and integrate it in TW (Petr is on vacation).
I havent submitted it to TW ... and i leave it to the TW maintainer to decide to switch to it or not.
I was merely helping Ondrej with packaging, but unfortunately I do not know much about knot itself.
Request Tumbleweed and openSUSE:Leap:15.0 drop.
Submitted for 42.3/knot.
This is an autogenerated message for OBS integration: This bug (1047841) was mentioned in https://build.opensuse.org/request/show/606511 42.3 / knot
(In reply to Petr Gajdos from comment #4) > Request Tumbleweed and openSUSE:Leap:15.0 drop. This package remains in 15.0. Can you please submit to Maintenance for 15.0 also?
openSUSE-SU-2018:1395-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1047841 CVE References: CVE-2017-11104 Sources used: openSUSE Leap 42.3 (src): knot-1.6.5-5.3.1
It is removed from Factory but still in Leap 15.1 and 15.2
This is an autogenerated message for OBS integration: This bug (1047841) was mentioned in https://build.opensuse.org/request/show/822339 15.1 / knot https://build.opensuse.org/request/show/822340 15.2 / knot
openSUSE-SU-2020:1085-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1047841 CVE References: CVE-2017-11104 Sources used: openSUSE Leap 15.1 (src): knot-1.6.8-lp151.4.3.1
openSUSE-SU-2020:1086-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1047841 CVE References: CVE-2017-11104 Sources used: openSUSE Leap 15.2 (src): knot-1.6.8-lp152.5.3.1
openSUSE-SU-2020:1112-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1047841 CVE References: CVE-2017-11104 JIRA References: Sources used: openSUSE Backports SLE-15-SP1 (src): knot-1.6.8-bp151.4.3.1
openSUSE-SU-2020:1232-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1047841 CVE References: CVE-2017-11104 JIRA References: Sources used: openSUSE Backports SLE-15-SP2 (src): knot-1.6.8-bp152.4.3.1
Done