ID CVE-2017-3137
Summary Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-10-2019 - 23:27)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1441133
    title CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment bind is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095001
          • comment bind is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651002
        • AND
          • comment bind-chroot is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095003
          • comment bind-chroot is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651004
        • AND
          • comment bind-devel is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095005
          • comment bind-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651006
        • AND
          • comment bind-libs is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095007
          • comment bind-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651008
        • AND
          • comment bind-libs-lite is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095009
          • comment bind-libs-lite is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767010
        • AND
          • comment bind-license is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095011
          • comment bind-license is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767012
        • AND
          • comment bind-lite-devel is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095013
          • comment bind-lite-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767014
        • AND
          • comment bind-pkcs11 is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095015
          • comment bind-pkcs11 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767016
        • AND
          • comment bind-pkcs11-devel is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095017
          • comment bind-pkcs11-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767018
        • AND
          • comment bind-pkcs11-libs is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095019
          • comment bind-pkcs11-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767020
        • AND
          • comment bind-pkcs11-utils is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095021
          • comment bind-pkcs11-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767022
        • AND
          • comment bind-sdb is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095023
          • comment bind-sdb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651010
        • AND
          • comment bind-sdb-chroot is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095025
          • comment bind-sdb-chroot is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20171767026
        • AND
          • comment bind-utils is earlier than 32:9.9.4-38.el7_3.3
            oval oval:com.redhat.rhsa:tst:20171095027
          • comment bind-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651012
    rhsa
    id RHSA-2017:1095
    released 2017-04-19
    severity Important
    title RHSA-2017:1095: bind security update (Important)
  • bugzilla
    id 1441133
    title CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment bind is earlier than 32:9.8.2-0.62.rc1.el6_9.1
            oval oval:com.redhat.rhsa:tst:20171105001
          • comment bind is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651002
        • AND
          • comment bind-chroot is earlier than 32:9.8.2-0.62.rc1.el6_9.1
            oval oval:com.redhat.rhsa:tst:20171105003
          • comment bind-chroot is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651004
        • AND
          • comment bind-devel is earlier than 32:9.8.2-0.62.rc1.el6_9.1
            oval oval:com.redhat.rhsa:tst:20171105005
          • comment bind-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651006
        • AND
          • comment bind-libs is earlier than 32:9.8.2-0.62.rc1.el6_9.1
            oval oval:com.redhat.rhsa:tst:20171105007
          • comment bind-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651008
        • AND
          • comment bind-sdb is earlier than 32:9.8.2-0.62.rc1.el6_9.1
            oval oval:com.redhat.rhsa:tst:20171105009
          • comment bind-sdb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651010
        • AND
          • comment bind-utils is earlier than 32:9.8.2-0.62.rc1.el6_9.1
            oval oval:com.redhat.rhsa:tst:20171105011
          • comment bind-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20170651012
    rhsa
    id RHSA-2017:1105
    released 2017-04-20
    severity Important
    title RHSA-2017:1105: bind security update (Important)
  • rhsa
    id RHSA-2017:1582
  • rhsa
    id RHSA-2017:1583
rpms
  • bind-32:9.9.4-38.el7_3.3
  • bind-chroot-32:9.9.4-38.el7_3.3
  • bind-debuginfo-32:9.9.4-38.el7_3.3
  • bind-devel-32:9.9.4-38.el7_3.3
  • bind-libs-32:9.9.4-38.el7_3.3
  • bind-libs-lite-32:9.9.4-38.el7_3.3
  • bind-license-32:9.9.4-38.el7_3.3
  • bind-lite-devel-32:9.9.4-38.el7_3.3
  • bind-pkcs11-32:9.9.4-38.el7_3.3
  • bind-pkcs11-devel-32:9.9.4-38.el7_3.3
  • bind-pkcs11-libs-32:9.9.4-38.el7_3.3
  • bind-pkcs11-utils-32:9.9.4-38.el7_3.3
  • bind-sdb-32:9.9.4-38.el7_3.3
  • bind-sdb-chroot-32:9.9.4-38.el7_3.3
  • bind-utils-32:9.9.4-38.el7_3.3
  • bind-32:9.8.2-0.62.rc1.el6_9.1
  • bind-chroot-32:9.8.2-0.62.rc1.el6_9.1
  • bind-debuginfo-32:9.8.2-0.62.rc1.el6_9.1
  • bind-devel-32:9.8.2-0.62.rc1.el6_9.1
  • bind-libs-32:9.8.2-0.62.rc1.el6_9.1
  • bind-sdb-32:9.8.2-0.62.rc1.el6_9.1
  • bind-utils-32:9.8.2-0.62.rc1.el6_9.1
  • bind-32:9.7.3-8.P3.el6_2.9
  • bind-32:9.8.2-0.17.rc1.el6_4.12
  • bind-32:9.8.2-0.23.rc1.el6_5.7
  • bind-32:9.8.2-0.30.rc1.el6_6.9
  • bind-32:9.8.2-0.37.rc1.el6_7.11
  • bind-chroot-32:9.7.3-8.P3.el6_2.9
  • bind-chroot-32:9.8.2-0.17.rc1.el6_4.12
  • bind-chroot-32:9.8.2-0.23.rc1.el6_5.7
  • bind-chroot-32:9.8.2-0.30.rc1.el6_6.9
  • bind-chroot-32:9.8.2-0.37.rc1.el6_7.11
  • bind-debuginfo-32:9.7.3-8.P3.el6_2.9
  • bind-debuginfo-32:9.8.2-0.17.rc1.el6_4.12
  • bind-debuginfo-32:9.8.2-0.23.rc1.el6_5.7
  • bind-debuginfo-32:9.8.2-0.30.rc1.el6_6.9
  • bind-debuginfo-32:9.8.2-0.37.rc1.el6_7.11
  • bind-devel-32:9.7.3-8.P3.el6_2.9
  • bind-devel-32:9.8.2-0.17.rc1.el6_4.12
  • bind-devel-32:9.8.2-0.23.rc1.el6_5.7
  • bind-devel-32:9.8.2-0.30.rc1.el6_6.9
  • bind-devel-32:9.8.2-0.37.rc1.el6_7.11
  • bind-libs-32:9.7.3-8.P3.el6_2.9
  • bind-libs-32:9.8.2-0.17.rc1.el6_4.12
  • bind-libs-32:9.8.2-0.23.rc1.el6_5.7
  • bind-libs-32:9.8.2-0.30.rc1.el6_6.9
  • bind-libs-32:9.8.2-0.37.rc1.el6_7.11
  • bind-sdb-32:9.7.3-8.P3.el6_2.9
  • bind-sdb-32:9.8.2-0.17.rc1.el6_4.12
  • bind-sdb-32:9.8.2-0.23.rc1.el6_5.7
  • bind-sdb-32:9.8.2-0.30.rc1.el6_6.9
  • bind-sdb-32:9.8.2-0.37.rc1.el6_7.11
  • bind-utils-32:9.7.3-8.P3.el6_2.9
  • bind-utils-32:9.8.2-0.17.rc1.el6_4.12
  • bind-utils-32:9.8.2-0.23.rc1.el6_5.7
  • bind-utils-32:9.8.2-0.30.rc1.el6_6.9
  • bind-utils-32:9.8.2-0.37.rc1.el6_7.11
  • bind-32:9.9.4-29.el7_2.6
  • bind-chroot-32:9.9.4-29.el7_2.6
  • bind-debuginfo-32:9.9.4-29.el7_2.6
  • bind-devel-32:9.9.4-29.el7_2.6
  • bind-libs-32:9.9.4-29.el7_2.6
  • bind-libs-lite-32:9.9.4-29.el7_2.6
  • bind-license-32:9.9.4-29.el7_2.6
  • bind-lite-devel-32:9.9.4-29.el7_2.6
  • bind-pkcs11-32:9.9.4-29.el7_2.6
  • bind-pkcs11-devel-32:9.9.4-29.el7_2.6
  • bind-pkcs11-libs-32:9.9.4-29.el7_2.6
  • bind-pkcs11-utils-32:9.9.4-29.el7_2.6
  • bind-sdb-32:9.9.4-29.el7_2.6
  • bind-sdb-chroot-32:9.9.4-29.el7_2.6
  • bind-utils-32:9.9.4-29.el7_2.6
refmap via4
bid 97651
confirm
debian DSA-3854
gentoo GLSA-201708-01
sectrack
  • 1038258
  • 1040195
Last major update 09-10-2019 - 23:27
Published 16-01-2019 - 20:29
Last modified 09-10-2019 - 23:27
Back to Top