ID |
CVE-2017-3139
|
Summary |
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 14-05-2021 - 20:35) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-617 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1447743 | title | CVE-2017-3139 bind: assertion failure in DNSSEC validation |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 6 is installed | oval | oval:com.redhat.rhba:tst:20111656003 |
OR | AND | comment | bind is earlier than 32:9.8.2-0.62.rc1.el6_9.2 | oval | oval:com.redhat.rhsa:tst:20171202001 |
comment | bind is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20170651002 |
|
AND | comment | bind-chroot is earlier than 32:9.8.2-0.62.rc1.el6_9.2 | oval | oval:com.redhat.rhsa:tst:20171202003 |
comment | bind-chroot is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20170651004 |
|
AND | comment | bind-devel is earlier than 32:9.8.2-0.62.rc1.el6_9.2 | oval | oval:com.redhat.rhsa:tst:20171202005 |
comment | bind-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20170651006 |
|
AND | comment | bind-libs is earlier than 32:9.8.2-0.62.rc1.el6_9.2 | oval | oval:com.redhat.rhsa:tst:20171202007 |
comment | bind-libs is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20170651008 |
|
AND | comment | bind-sdb is earlier than 32:9.8.2-0.62.rc1.el6_9.2 | oval | oval:com.redhat.rhsa:tst:20171202009 |
comment | bind-sdb is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20170651010 |
|
AND | comment | bind-utils is earlier than 32:9.8.2-0.62.rc1.el6_9.2 | oval | oval:com.redhat.rhsa:tst:20171202011 |
comment | bind-utils is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhba:tst:20170651012 |
|
|
|
|
| rhsa | id | RHSA-2017:1202 | released | 2017-05-08 | severity | Important | title | RHSA-2017:1202: bind security update (Important) |
|
| rpms | - bind-32:9.8.2-0.62.rc1.el6_9.2
- bind-chroot-32:9.8.2-0.62.rc1.el6_9.2
- bind-debuginfo-32:9.8.2-0.62.rc1.el6_9.2
- bind-devel-32:9.8.2-0.62.rc1.el6_9.2
- bind-libs-32:9.8.2-0.62.rc1.el6_9.2
- bind-sdb-32:9.8.2-0.62.rc1.el6_9.2
- bind-utils-32:9.8.2-0.62.rc1.el6_9.2
- bind-32:9.7.3-8.P3.el6_2.9
- bind-32:9.8.2-0.17.rc1.el6_4.12
- bind-32:9.8.2-0.23.rc1.el6_5.7
- bind-32:9.8.2-0.30.rc1.el6_6.9
- bind-32:9.8.2-0.37.rc1.el6_7.11
- bind-chroot-32:9.7.3-8.P3.el6_2.9
- bind-chroot-32:9.8.2-0.17.rc1.el6_4.12
- bind-chroot-32:9.8.2-0.23.rc1.el6_5.7
- bind-chroot-32:9.8.2-0.30.rc1.el6_6.9
- bind-chroot-32:9.8.2-0.37.rc1.el6_7.11
- bind-debuginfo-32:9.7.3-8.P3.el6_2.9
- bind-debuginfo-32:9.8.2-0.17.rc1.el6_4.12
- bind-debuginfo-32:9.8.2-0.23.rc1.el6_5.7
- bind-debuginfo-32:9.8.2-0.30.rc1.el6_6.9
- bind-debuginfo-32:9.8.2-0.37.rc1.el6_7.11
- bind-devel-32:9.7.3-8.P3.el6_2.9
- bind-devel-32:9.8.2-0.17.rc1.el6_4.12
- bind-devel-32:9.8.2-0.23.rc1.el6_5.7
- bind-devel-32:9.8.2-0.30.rc1.el6_6.9
- bind-devel-32:9.8.2-0.37.rc1.el6_7.11
- bind-libs-32:9.7.3-8.P3.el6_2.9
- bind-libs-32:9.8.2-0.17.rc1.el6_4.12
- bind-libs-32:9.8.2-0.23.rc1.el6_5.7
- bind-libs-32:9.8.2-0.30.rc1.el6_6.9
- bind-libs-32:9.8.2-0.37.rc1.el6_7.11
- bind-sdb-32:9.7.3-8.P3.el6_2.9
- bind-sdb-32:9.8.2-0.17.rc1.el6_4.12
- bind-sdb-32:9.8.2-0.23.rc1.el6_5.7
- bind-sdb-32:9.8.2-0.30.rc1.el6_6.9
- bind-sdb-32:9.8.2-0.37.rc1.el6_7.11
- bind-utils-32:9.7.3-8.P3.el6_2.9
- bind-utils-32:9.8.2-0.17.rc1.el6_4.12
- bind-utils-32:9.8.2-0.23.rc1.el6_5.7
- bind-utils-32:9.8.2-0.30.rc1.el6_6.9
- bind-utils-32:9.8.2-0.37.rc1.el6_7.11
|
|
refmap
via4
|
|
Last major update |
14-05-2021 - 20:35 |
Published |
09-04-2019 - 18:29 |
Last modified |
14-05-2021 - 20:35 |