KB Article | Forcepoint Support

Problem Description

Published Date: August 3, 2017
Last Update: 
KBA Status: In Development

KBA Severity: 
CVE-2017-3140 - Medium
CVE-2017-3141 - Critical

CVE Numbers: 
CVE-2017-3140
CVE-2017-3141

 
KBA Summary 

The Forcepoint Product Security Incident Response Team is investigating the following BIND security vulnerabilities and their impact on Forcepoint products. This article will be updated after assessments and fixes are completed, if applicable.

Insert original description provided by PSIRT or a description attributed to a source like Red Hat. Link to the source. You can include the PSIRT description and also a description from another source.


Products Under Review
  • Forcepoint URL Filtering (formerly Web Filter & Security) and Web Filter, Web Security 
  • Forcepoint Web Security (formerly TRITON AP-WEB)  and Web Security Gateway  
  • Forcepoint Email Security (formerly TRITON AP-EMAIL) and Email Security Gateway
  • Forcepoint Web Security Cloud and Forcepoint Email Security Cloud (formerly TRITON AP-WEB Cloud and TRITON AP-EMAIL Cloud)
  • Forcepoint DLP (formerly TRITON AP-DATA) and Data Security Suite
  • Forcepoint Web Security Endpoint and Forcepoint DLP Endpoint (formerly TRITON AP-ENDPOINT Web and TRITON AP-ENDPOINT DLP)
  • management server (formerly TRITON management server)
  • Forcepoint Security Appliance Manager
  • Forcepoint Sidewinder
  • Forcepoint Sidewinder Control Center (sometimes Control Center is not mentioned if the vulnerability does not apply to it; for example, no BIND vulnerabilities affect Control Center)

Affected Products
  • Forcepoint Sidewinder

Affected Products

Assessments are underway.

Not Vulnerable

Assessments are underway.
          
KBA Detailed Information

The following descriptions are from the Internet Systems Consortium (ISC) websites:
 
CVE-2017-3140:
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query.
 
CVE-2017-3141:
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this.


CVE References

Resolution

Workarounds

There are no workarounds at this time.

Hotfix and Information About Other Fixes

Sidewinder

The following patches are available to resolve this vulnerability:
 Sidewinder 7.0.1.03Sidewinder 8.3.2
CVE-2017-31407.0.1.03E112*, 7.0.1.03H158.3.2E138*, 8.3.2P10
CVE-2017-3141Not VulnerableNot Vulnerable
  *indicates patch is obsoleted by a newer patch

Patch download information:

Sidewinder E-Patch download information:

User name                    : atl-963845ro
User password              : 34bT4hF3AFJn
Server name                 : csftp.us.stonesoft.com
                                    : 
https://csftp.us.stonesoft.com

https://csftp.us.stonesoft.com/file/access.pl?username=atl-963845ro
ftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload
sftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload
 

Article Feedback



Thank you for the feedback and comments.