ID CVE-2017-3135
Summary Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 09-10-2019 - 23:27)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1420193
title CVE-2017-3135 bind: Assertion failure when using DNS64 and RPZ Can Lead to Crash
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment bind is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276009
      • comment bind is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651006
    • AND
      • comment bind-chroot is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276013
      • comment bind-chroot is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651014
    • AND
      • comment bind-devel is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276025
      • comment bind-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651016
    • AND
      • comment bind-libs is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276015
      • comment bind-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651012
    • AND
      • comment bind-libs-lite is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276007
      • comment bind-libs-lite is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767022
    • AND
      • comment bind-license is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276031
      • comment bind-license is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767032
    • AND
      • comment bind-lite-devel is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276029
      • comment bind-lite-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767028
    • AND
      • comment bind-pkcs11 is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276021
      • comment bind-pkcs11 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767024
    • AND
      • comment bind-pkcs11-devel is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276005
      • comment bind-pkcs11-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767030
    • AND
      • comment bind-pkcs11-libs is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276019
      • comment bind-pkcs11-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767014
    • AND
      • comment bind-pkcs11-utils is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276011
      • comment bind-pkcs11-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767010
    • AND
      • comment bind-sdb is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276017
      • comment bind-sdb is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651010
    • AND
      • comment bind-sdb-chroot is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276023
      • comment bind-sdb-chroot is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767016
    • AND
      • comment bind-utils is earlier than 32:9.9.4-38.el7_3.2
        oval oval:com.redhat.rhsa:tst:20170276027
      • comment bind-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651008
rhsa
id RHSA-2017:0276
released 2017-02-15
severity Moderate
title RHSA-2017:0276: bind security update (Moderate)
rpms
  • bind-32:9.9.4-38.el7_3.2
  • bind-chroot-32:9.9.4-38.el7_3.2
  • bind-devel-32:9.9.4-38.el7_3.2
  • bind-libs-32:9.9.4-38.el7_3.2
  • bind-libs-lite-32:9.9.4-38.el7_3.2
  • bind-license-32:9.9.4-38.el7_3.2
  • bind-lite-devel-32:9.9.4-38.el7_3.2
  • bind-pkcs11-32:9.9.4-38.el7_3.2
  • bind-pkcs11-devel-32:9.9.4-38.el7_3.2
  • bind-pkcs11-libs-32:9.9.4-38.el7_3.2
  • bind-pkcs11-utils-32:9.9.4-38.el7_3.2
  • bind-sdb-32:9.9.4-38.el7_3.2
  • bind-sdb-chroot-32:9.9.4-38.el7_3.2
  • bind-utils-32:9.9.4-38.el7_3.2
refmap via4
bid 96150
confirm
debian DSA-3795
gentoo GLSA-201708-01
sectrack 1037801
Last major update 09-10-2019 - 23:27
Published 16-01-2019 - 20:29
Back to Top