cnvd - cnvd-2017-01205

cnvd-2017-01205

Vulnerability from cnvd

Title: ISC BIND 9 DNS64和RPZ断言失败拒绝服务漏洞

Description:

ISC BIND是美国Internet Systems Consortium（ISC）公司所维护的一套实现了DNS协议的开源软件。

ISC BIND 9存在DNS64和RPZ断言失败拒绝服务漏洞。攻击者可利用漏洞通过DNS64和RPZ重写查询响应，造成断言失败和守护进程退出，导致拒绝服务。

Severity: 高

Patch Name: ISC BIND 9 DNS64和RPZ断言失败拒绝服务漏洞的补丁

Patch Description:

ISC BIND是美国Internet Systems Consortium（ISC）公司所维护的一套实现了DNS协议的开源软件。

ISC BIND 9存在DNS64和RPZ断言失败拒绝服务漏洞。攻击者可利用漏洞通过DNS64和RPZ重写查询响应，造成断言失败和守护进程退出，导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： http://www.isc.org/downloads https://kb.isc.org/article/AA-01453

Reference: https://kb.isc.org/article/AA-01453

Impacted products

Name
['ISC, Inc. BIND 9.8.8', 'ISC, Inc. BIND 9.9.3-S1->9.9.9-S7', 'ISC, Inc. BIND 9.9.3->9.9.9-P5', 'ISC, Inc. BIND 9.9.10b1', 'ISC, Inc. BIND 9.10.0->9.10.4-P5', 'ISC, Inc. BIND 9.10.5b1', 'ISC, Inc. BIND 9.11.0->9.11.0-P2', 'ISC, Inc. BIND 9.11.1b1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-3135"
    }
  },
  "description": "ISC BIND\u662f\u7f8e\u56fdInternet Systems Consortium\uff08ISC\uff09\u516c\u53f8\u6240\u7ef4\u62a4\u7684\u4e00\u5957\u5b9e\u73b0\u4e86DNS\u534f\u8bae\u7684\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nISC BIND 9\u5b58\u5728DNS64\u548cRPZ\u65ad\u8a00\u5931\u8d25\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7DNS64\u548cRPZ\u91cd\u5199\u67e5\u8be2\u54cd\u5e94\uff0c\u9020\u6210\u65ad\u8a00\u5931\u8d25\u548c\u5b88\u62a4\u8fdb\u7a0b\u9000\u51fa\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox)",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttp://www.isc.org/downloads\r\nhttps://kb.isc.org/article/AA-01453",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01205",
  "openTime": "2017-02-11",
  "patchDescription": "ISC BIND\u662f\u7f8e\u56fdInternet Systems Consortium\uff08ISC\uff09\u516c\u53f8\u6240\u7ef4\u62a4\u7684\u4e00\u5957\u5b9e\u73b0\u4e86DNS\u534f\u8bae\u7684\u5f00\u6e90\u8f6f\u4ef6\u3002\r\n\r\nISC BIND 9\u5b58\u5728DNS64\u548cRPZ\u65ad\u8a00\u5931\u8d25\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u901a\u8fc7DNS64\u548cRPZ\u91cd\u5199\u67e5\u8be2\u54cd\u5e94\uff0c\u9020\u6210\u65ad\u8a00\u5931\u8d25\u548c\u5b88\u62a4\u8fdb\u7a0b\u9000\u51fa\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ISC BIND 9 DNS64\u548cRPZ\u65ad\u8a00\u5931\u8d25\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ISC, Inc. BIND 9.8.8",
      "ISC, Inc. BIND 9.9.3-S1-\u003e9.9.9-S7",
      "ISC, Inc. BIND 9.9.3-\u003e9.9.9-P5",
      "ISC, Inc. BIND 9.9.10b1",
      "ISC, Inc. BIND 9.10.0-\u003e9.10.4-P5",
      "ISC, Inc. BIND 9.10.5b1",
      "ISC, Inc. BIND 9.11.0-\u003e9.11.0-P2",
      "ISC, Inc. BIND 9.11.1b1"
    ]
  },
  "referenceLink": "https://kb.isc.org/article/AA-01453",
  "serverity": "\u9ad8",
  "submitTime": "2017-02-10",
  "title": "ISC BIND 9 DNS64\u548cRPZ\u65ad\u8a00\u5931\u8d25\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2017-3135 (GCVE-0-2017-3135)

Vulnerability from cvelistv5

Published

2019-01-16 20:00

Modified

2024-09-16 17:53

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition. When this condition occurs, it will result in either an INSIST assertion failure (and subsequent abort) or an attempt to read through a NULL pointer. On most platforms a NULL pointer read leads to a segmentation fault (SEGFAULT), which causes the process to be terminated. Only servers which are configured to simultaneously use both Response Policy Zones (RPZ) and DNS64 (a method for synthesizing AAAA records from A records) can be affected by this vulnerability.

Summary

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

References

▼	URL	Tags
	https://security.gentoo.org/glsa/201708-01	vendor-advisory, x_refsource_GENTOO
	http://rhn.redhat.com/errata/RHSA-2017-0276.html	vendor-advisory, x_refsource_REDHAT
	https://security.netapp.com/advisory/ntap-20180926-0005/	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/96150	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037801	vdb-entry, x_refsource_SECTRACK
	https://www.debian.org/security/2017/dsa-3795	vendor-advisory, x_refsource_DEBIAN
	https://kb.isc.org/docs/aa-01453	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Version: BIND 9 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:16:28.177Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201708-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201708-01"
          },
          {
            "name": "RHSA-2017:0276",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
          },
          {
            "name": "96150",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96150"
          },
          {
            "name": "1037801",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037801"
          },
          {
            "name": "DSA-3795",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-3795"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/aa-01453"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9 9.8.8, 9.9.3-S1 -\u003e 9.9.9-S7, 9.9.3 -\u003e 9.9.9-P5, 9.9.10b1, 9.10.0 -\u003e 9.10.4-P5, 9.10.5b1, 9.11.0 -\u003e 9.11.0-P2, 9.11.1b1"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox) for reporting the issue and assisting us in the investigation."
        }
      ],
      "datePublic": "2017-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -\u003e 9.9.9-S7, 9.9.3 -\u003e 9.9.9-P5, 9.9.10b1, 9.10.0 -\u003e 9.10.4-P5, 9.10.5b1, 9.11.0 -\u003e 9.11.0-P2, 9.11.1b1."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition.  When this condition occurs, it will result in either an INSIST assertion failure (and subsequent abort) or an attempt to read through a NULL pointer.  On most platforms a NULL pointer read leads to a segmentation fault (SEGFAULT), which causes the process to be terminated.\n\nOnly servers which are configured to simultaneously use both Response Policy Zones (RPZ) and DNS64 (a method for synthesizing AAAA records from A records) can be affected by this vulnerability.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-17T10:57:01",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "GLSA-201708-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201708-01"
        },
        {
          "name": "RHSA-2017:0276",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
        },
        {
          "name": "96150",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96150"
        },
        {
          "name": "1037801",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037801"
        },
        {
          "name": "DSA-3795",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-3795"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/aa-01453"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P6\n    BIND 9 version 9.10.4-P6\n    BIND 9 version 9.11.0-P3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S8"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Combination of DNS64 and RPZ Can Lead to Crash",
      "workarounds": [
        {
          "lang": "en",
          "value": "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2017-02-08T00:00:00.000Z",
          "ID": "CVE-2017-3135",
          "STATE": "PUBLIC",
          "TITLE": "Combination of DNS64 and RPZ Can Lead to Crash"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "9.8.8, 9.9.3-S1 -\u003e 9.9.9-S7, 9.9.3 -\u003e 9.9.9-P5, 9.9.10b1, 9.10.0 -\u003e 9.10.4-P5, 9.10.5b1, 9.11.0 -\u003e 9.11.0-P2, 9.11.1b1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox) for reporting the issue and assisting us in the investigation."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -\u003e 9.9.9-S7, 9.9.3 -\u003e 9.9.9-P5, 9.9.10b1, 9.10.0 -\u003e 9.10.4-P5, 9.10.5b1, 9.11.0 -\u003e 9.11.0-P2, 9.11.1b1."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition.  When this condition occurs, it will result in either an INSIST assertion failure (and subsequent abort) or an attempt to read through a NULL pointer.  On most platforms a NULL pointer read leads to a segmentation fault (SEGFAULT), which causes the process to be terminated.\n\nOnly servers which are configured to simultaneously use both Response Policy Zones (RPZ) and DNS64 (a method for synthesizing AAAA records from A records) can be affected by this vulnerability."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201708-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201708-01"
            },
            {
              "name": "RHSA-2017:0276",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03747en_us"
            },
            {
              "name": "96150",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96150"
            },
            {
              "name": "1037801",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037801"
            },
            {
              "name": "DSA-3795",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-3795"
            },
            {
              "name": "https://kb.isc.org/docs/aa-01453",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/aa-01453"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n    BIND 9 version 9.9.9-P6\n    BIND 9 version 9.10.4-P6\n    BIND 9 version 9.11.0-P3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9 version 9.9.9-S8"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2017-3135",
    "datePublished": "2019-01-16T20:00:00Z",
    "dateReserved": "2016-12-02T00:00:00",
    "dateUpdated": "2024-09-16T17:53:49.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted