CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates

Description: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update.

Impact:  A server that relies solely on TSIG keys with no other address-based ACL protection could be vulnerable to malicious zone content manipulation using this technique.

Mitigation:  Security update is available in official site.

Reference URL’s:

Share