ID CVE-2017-3139
Summary A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:-:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:-:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1447743
title CVE-2017-3139 bind: assertion failure in DNSSEC validation
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment bind is earlier than 32:9.8.2-0.62.rc1.el6_9.2
        oval oval:com.redhat.rhsa:tst:20171202005
      • comment bind is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651006
    • AND
      • comment bind-chroot is earlier than 32:9.8.2-0.62.rc1.el6_9.2
        oval oval:com.redhat.rhsa:tst:20171202011
      • comment bind-chroot is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651014
    • AND
      • comment bind-devel is earlier than 32:9.8.2-0.62.rc1.el6_9.2
        oval oval:com.redhat.rhsa:tst:20171202007
      • comment bind-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651016
    • AND
      • comment bind-libs is earlier than 32:9.8.2-0.62.rc1.el6_9.2
        oval oval:com.redhat.rhsa:tst:20171202013
      • comment bind-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651012
    • AND
      • comment bind-sdb is earlier than 32:9.8.2-0.62.rc1.el6_9.2
        oval oval:com.redhat.rhsa:tst:20171202009
      • comment bind-sdb is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651010
    • AND
      • comment bind-utils is earlier than 32:9.8.2-0.62.rc1.el6_9.2
        oval oval:com.redhat.rhsa:tst:20171202015
      • comment bind-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651008
rhsa
id RHSA-2017:1202
released 2017-05-08
severity Important
title RHSA-2017:1202: bind security update (Important)
rpms
  • bind-32:9.8.2-0.62.rc1.el6_9.2
  • bind-chroot-32:9.8.2-0.62.rc1.el6_9.2
  • bind-devel-32:9.8.2-0.62.rc1.el6_9.2
  • bind-libs-32:9.8.2-0.62.rc1.el6_9.2
  • bind-sdb-32:9.8.2-0.62.rc1.el6_9.2
  • bind-utils-32:9.8.2-0.62.rc1.el6_9.2
refmap via4
confirm
Last major update 03-10-2019 - 00:03
Published 09-04-2019 - 18:29
Back to Top