{"id":"CVE-2017-3141","details":"The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2-\u003e9.2.9, 9.3.2-P1-\u003e9.3.6, 9.4.0-\u003e9.8.8, 9.9.0-\u003e9.9.10, 9.10.0-\u003e9.10.5, 9.11.0-\u003e9.11.1, 9.9.3-S1-\u003e9.9.10-S1, 9.10.5-S1.","modified":"2026-04-10T04:00:07.857599Z","published":"2019-01-16T20:29:00.503Z","related":["openSUSE-SU-2024:10650-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/99089"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1038693"},{"type":"ADVISORY","url":"https://kb.isc.org/docs/aa-01496"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201708-01"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180926-0001/"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/42121/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"39e24bfe50135fcb6948b1843c3776edf26a6b90"},{"last_affected":"a7637b7db78575420ac807b368b55e4831a5ecfd"},{"introduced":"2cdd6ef127cd3ed1312ade400e9f5b4a66fbe34e"},{"last_affected":"7b3438f4d4f1f6961a5fa0aa5ba122b8542e03a0"},{"introduced":"600305bf9b2e7ab79b95989190f84fdcf4140cc1"},{"last_affected":"8fc2e36186691698d247ab040b83793a9189de73"},{"introduced":"3514c49b2fbcdf95b2735878e2487fce9a3ddad5"},{"last_affected":"1a7c6f9dc8b32b52a4462ec0a9b8fa40da628546"},{"introduced":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"last_affected":"feb005b1b94f0493cd69d70a77a30a15b9a62993"},{"introduced":"1477c19dd9a347ee19a42dac227f299a4680506f"},{"last_affected":"e3dc2e7b9941566190fd2691e1c71ce232f9a7c6"},{"introduced":"0"},{"last_affected":"e4e80d69b9bbbcda505ded59c308755ca64e839f"},{"introduced":"0"},{"last_affected":"f00a50a9373898c72b37d9f46c5cdd7aea20655b"}],"database_specific":{"versions":[{"introduced":"9.2.6"},{"last_affected":"9.2.9"},{"introduced":"9.3.2"},{"last_affected":"9.3.6"},{"introduced":"9.4.0"},{"last_affected":"9.8.8"},{"introduced":"9.9.0"},{"last_affected":"9.9.10"},{"introduced":"9.10.0"},{"last_affected":"9.10.5"},{"introduced":"9.11.0"},{"last_affected":"9.11.1"},{"introduced":"0"},{"last_affected":"9.2.6-p2"},{"introduced":"0"},{"last_affected":"9.3.2-p1"}]}}],"versions":["v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.10.0b2","v9.10.0rc1","v9.10.0rc2","v9.10.1","v9.10.1b1","v9.10.1b2","v9.10.1rc1","v9.10.1rc2","v9.10.2","v9.10.2b1","v9.10.2rc1","v9.10.2rc2","v9.10.3","v9.10.3b1","v9.10.3rc1","v9.10.4","v9.10.4b1","v9.10.4b2","v9.10.4b3","v9.10.4rc1","v9.10.5","v9.10.5b1","v9.10.5rc1","v9.10.5rc2","v9.10.5rc3","v9.11.0","v9.11.1","v9.11.1b1","v9.11.1rc1","v9.11.1rc2","v9.11.1rc3","v9.2.4rc1","v9.2.4rc3","v9.2.4rc4","v9.2.4rc5","v9.2.4rc6","v9.2.4rc7","v9.2.6","v9.2.6b2","v9.2.9","v9.2.9b1","v9.2.9rc1","v9.3.2b1","v9.3.6","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1","v9.8.0","v9.8.0rc1","v9.8.1b1","v9.8.1rc1","v9.8.2b1","v9.8.2rc1","v9.8.2rc2","v9.8.4b1","v9.8.4rc1","v9.8.5","v9.8.5b1","v9.8.5b2","v9.8.5rc1","v9.8.5rc2","v9.8.6","v9.8.6b1","v9.8.6rc1","v9.8.6rc2","v9.8.7","v9.8.7b1","v9.8.7rc1","v9.8.7rc2","v9.8.8","v9.8.8b1","v9.8.8b2","v9.8.8rc1","v9.8.8rc2","v9.9.0","v9.9.1","v9.9.10","v9.9.10b1","v9.9.10rc1","v9.9.10rc2","v9.9.10rc3","v9.9.2b1","v9.9.2rc1","v9.9.3","v9.9.3b1","v9.9.3b2","v9.9.3rc1","v9.9.3rc2","v9.9.4","v9.9.4b1","v9.9.4rc2","v9.9.5","v9.9.5b1","v9.9.5rc1","v9.9.5rc2","v9.9.6","v9.9.6b1","v9.9.6b2","v9.9.6rc1","v9.9.6rc2","v9.9.7","v9.9.7b1","v9.9.7rc1","v9.9.7rc2","v9.9.8","v9.9.8b1","v9.9.8rc1","v9.9.9","v9.9.9b1","v9.9.9b2","v9.9.9rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3141.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}