Unquoted search path in bind (Alpine package)

1) Unquoted search path

EUVDB-ID: #VU7092

Risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-3141

CWE-ID: CWE-428 - Unquoted Search Path or Element

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unquotes search path in BIND installer for Windows during installation process. An attacker with ability to place specially crafted library into the folder, from which the BIND installer is executed, can obtain elevated privileges on the system.

Only Windows systems are affected by this issue.

Mitigation

Install update from vendor's website.

Vulnerable software versions

bind (Alpine package): 9.6.1-r0 - 9.11.2_p1-r0

CPE2.3

• cpe:2.3:o:alpine:bind_alpine_package:9.11.1_p1-r2:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:bind_alpine_package:9.10.4_p5-r0:*:*:*:*:alpine_linux:*:
• cpe:2.3:o:alpine:bind_alpine_package:9.10.4_p5-r1:*:*:*:*:alpine_linux:*:

External links

http://git.alpinelinux.org/aports/commit/?id=d698011e11d7fcb7334382e1c9a2afb1da6b9962
http://git.alpinelinux.org/aports/commit/?id=29b8d297dd717c6b2d21833badc8e5fc3d596b37
http://git.alpinelinux.org/aports/commit/?id=678f234c682be06018570ae854e6749b50a56528
http://git.alpinelinux.org/aports/commit/?id=278a530682c0799cf3e11c862c4f1bce93c287e9
http://git.alpinelinux.org/aports/commit/?id=4105cc0c96fb20b95bd9f54160b62af7ca88cd72
http://git.alpinelinux.org/aports/commit/?id=e049b1d35bb80fed35d73f2ddbdf64484041442d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.