ID CVE-2017-3137
Summary Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-10-2019 - 23:27)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1441133
    title CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment bind is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095007
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651006
      • AND
        • comment bind-chroot is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095019
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651014
      • AND
        • comment bind-devel is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095015
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651016
      • AND
        • comment bind-libs is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095017
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651012
      • AND
        • comment bind-libs-lite is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095013
        • comment bind-libs-lite is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767022
      • AND
        • comment bind-license is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095031
        • comment bind-license is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767032
      • AND
        • comment bind-lite-devel is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095021
        • comment bind-lite-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767028
      • AND
        • comment bind-pkcs11 is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095005
        • comment bind-pkcs11 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767024
      • AND
        • comment bind-pkcs11-devel is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095025
        • comment bind-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767030
      • AND
        • comment bind-pkcs11-libs is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095011
        • comment bind-pkcs11-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767014
      • AND
        • comment bind-pkcs11-utils is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095023
        • comment bind-pkcs11-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767010
      • AND
        • comment bind-sdb is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095009
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651010
      • AND
        • comment bind-sdb-chroot is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095029
        • comment bind-sdb-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767016
      • AND
        • comment bind-utils is earlier than 32:9.9.4-38.el7_3.3
          oval oval:com.redhat.rhsa:tst:20171095027
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651008
    rhsa
    id RHSA-2017:1095
    released 2017-04-19
    severity Important
    title RHSA-2017:1095: bind security update (Important)
  • bugzilla
    id 1441133
    title CVE-2017-3137 bind: Processing a response containing CNAME or DNAME with unusual order can crash resolver
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment bind is earlier than 32:9.8.2-0.62.rc1.el6_9.1
          oval oval:com.redhat.rhsa:tst:20171105011
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651006
      • AND
        • comment bind-chroot is earlier than 32:9.8.2-0.62.rc1.el6_9.1
          oval oval:com.redhat.rhsa:tst:20171105009
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651014
      • AND
        • comment bind-devel is earlier than 32:9.8.2-0.62.rc1.el6_9.1
          oval oval:com.redhat.rhsa:tst:20171105013
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651016
      • AND
        • comment bind-libs is earlier than 32:9.8.2-0.62.rc1.el6_9.1
          oval oval:com.redhat.rhsa:tst:20171105007
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651012
      • AND
        • comment bind-sdb is earlier than 32:9.8.2-0.62.rc1.el6_9.1
          oval oval:com.redhat.rhsa:tst:20171105015
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651010
      • AND
        • comment bind-utils is earlier than 32:9.8.2-0.62.rc1.el6_9.1
          oval oval:com.redhat.rhsa:tst:20171105005
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651008
    rhsa
    id RHSA-2017:1105
    released 2017-04-20
    severity Important
    title RHSA-2017:1105: bind security update (Important)
  • rhsa
    id RHSA-2017:1582
  • rhsa
    id RHSA-2017:1583
rpms
  • bind-32:9.9.4-38.el7_3.3
  • bind-chroot-32:9.9.4-38.el7_3.3
  • bind-devel-32:9.9.4-38.el7_3.3
  • bind-libs-32:9.9.4-38.el7_3.3
  • bind-libs-lite-32:9.9.4-38.el7_3.3
  • bind-license-32:9.9.4-38.el7_3.3
  • bind-lite-devel-32:9.9.4-38.el7_3.3
  • bind-pkcs11-32:9.9.4-38.el7_3.3
  • bind-pkcs11-devel-32:9.9.4-38.el7_3.3
  • bind-pkcs11-libs-32:9.9.4-38.el7_3.3
  • bind-pkcs11-utils-32:9.9.4-38.el7_3.3
  • bind-sdb-32:9.9.4-38.el7_3.3
  • bind-sdb-chroot-32:9.9.4-38.el7_3.3
  • bind-utils-32:9.9.4-38.el7_3.3
  • bind-32:9.8.2-0.62.rc1.el6_9.1
  • bind-chroot-32:9.8.2-0.62.rc1.el6_9.1
  • bind-devel-32:9.8.2-0.62.rc1.el6_9.1
  • bind-libs-32:9.8.2-0.62.rc1.el6_9.1
  • bind-sdb-32:9.8.2-0.62.rc1.el6_9.1
  • bind-utils-32:9.8.2-0.62.rc1.el6_9.1
refmap via4
bid 97651
confirm
debian DSA-3854
gentoo GLSA-201708-01
sectrack
  • 1038258
  • 1040195
Last major update 09-10-2019 - 23:27
Published 16-01-2019 - 20:29
Back to Top