Vulnerabilities > CVE-2017-3135 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-0276.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101423 published 2017-07-13 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101423 title Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-0276) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(101423); script_version("1.8"); script_cvs_date("Date: 2019/02/12 9:22:59"); script_cve_id( "CVE-2017-3135" ); script_name(english:"Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-0276)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote Virtuozzo host is missing a security update."); script_set_attribute(attribute:"description", value: "An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0276.json script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6f87aa6"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017-0276"); script_set_attribute(attribute:"solution", value: "Update the affected bind / bind-chroot / bind-devel / bind-libs / etc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:X"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-lite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-pkcs11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-pkcs11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-pkcs11-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-sdb-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:7"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Virtuozzo Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Virtuozzo/release"); if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo"); os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 7.x", "Virtuozzo " + os_ver); if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu); flag = 0; pkgs = ["bind-9.9.4-38.vl7.2", "bind-chroot-9.9.4-38.vl7.2", "bind-devel-9.9.4-38.vl7.2", "bind-libs-9.9.4-38.vl7.2", "bind-libs-lite-9.9.4-38.vl7.2", "bind-license-9.9.4-38.vl7.2", "bind-lite-devel-9.9.4-38.vl7.2", "bind-pkcs11-9.9.4-38.vl7.2", "bind-pkcs11-devel-9.9.4-38.vl7.2", "bind-pkcs11-libs-9.9.4-38.vl7.2", "bind-pkcs11-utils-9.9.4-38.vl7.2", "bind-sdb-9.9.4-38.vl7.2", "bind-sdb-chroot-9.9.4-38.vl7.2", "bind-utils-9.9.4-38.vl7.2"]; foreach (pkg in pkgs) if (rpm_check(release:"Virtuozzo-7", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libs / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2017-2B46C8B6C2.NASL description Security fix for CVE-2017-3135 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-02-15 plugin id 97162 published 2017-02-15 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97162 title Fedora 25 : 32:bind (2017-2b46c8b6c2) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2017-2b46c8b6c2. # include("compat.inc"); if (description) { script_id(97162); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-3135"); script_xref(name:"FEDORA", value:"2017-2b46c8b6c2"); script_name(english:"Fedora 25 : 32:bind (2017-2b46c8b6c2)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Security fix for CVE-2017-3135 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-2b46c8b6c2" ); script_set_attribute( attribute:"solution", value:"Update the affected 32:bind package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:32:bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2017/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/02/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC25", reference:"bind-9.10.4-4.P6.fc25", epoch:"32")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "32:bind"); }NASL family Fedora Local Security Checks NASL id FEDORA_2017-96B7F4F53E.NASL description Security fix for CVE-2017-3135 (unaffected), fixes regression made by CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-03-06 plugin id 97536 published 2017-03-06 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97536 title Fedora 25 : bind99 (2017-96b7f4f53e) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201708-01.NASL description The remote host is affected by the vulnerability described in GLSA-201708-01 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted DNS request to the BIND resolver resulting in a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 102531 published 2017-08-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102531 title GLSA-201708-01 : BIND: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0596-1.NASL description This update for bind fixes the following issues : - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97520 published 2017-03-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97520 title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0596-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-27099C270A.NASL description Security fix for CVE-2017-3135 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-02-21 plugin id 97242 published 2017-02-21 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97242 title Fedora 24 : 32:bind (2017-27099c270a) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0594-1.NASL description This update for bind fixes the following issues : - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97518 published 2017-03-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97518 title SUSE SLES12 Security Update : bind (SUSE-SU-2017:0594-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3795.NASL description It was discovered that a maliciously crafted query can cause ISC last seen 2020-06-01 modified 2020-06-02 plugin id 97399 published 2017-02-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97399 title Debian DSA-3795-1 : bind9 - security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-314.NASL description This update for bind fixes the following issues : - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-05 modified 2017-03-07 plugin id 97568 published 2017-03-07 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97568 title openSUSE Security Update : bind (openSUSE-2017-314) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-0276.NASL description From Red Hat Security Advisory 2017:0276 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter. last seen 2020-06-01 modified 2020-06-02 plugin id 97198 published 2017-02-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97198 title Oracle Linux 7 : bind (ELSA-2017-0276) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2017-041-01.NASL description New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 97101 published 2017-02-13 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97101 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-041-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-0276.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter. last seen 2020-06-01 modified 2020-06-02 plugin id 97200 published 2017-02-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97200 title RHEL 7 : bind (RHSA-2017:0276) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3201-1.NASL description It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97223 published 2017-02-17 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97223 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : bind9 vulnerabilities (USN-3201-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-D0C9BF9508.NASL description Security fix for CVE-2017-3135 (unaffected), fixes regression made by CVE-2016-8864 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2017-03-06 plugin id 97541 published 2017-03-06 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97541 title Fedora 24 : bind99 (2017-d0c9bf9508) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-0276.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter. last seen 2020-06-01 modified 2020-06-02 plugin id 97194 published 2017-02-16 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97194 title CentOS 7 : bind (CESA-2017:0276) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL80533167.NASL description Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1. (CVE-2015-3135) BIG-IP configurations using DNS64 (the DNS IPv6 to IPv4 option configured in the DNS profile) and Response Policy Zone (RPZ) rewriting (in the BIND configuration) together are affected by this CVE. Note : The DNS IPv6 to IPv4 option is disabled, by default, in the DNS profile. Note : RPZ Rewriting is an optional BIND 9.x configuration that allows administrators to create DNS blacklists. Impact Remote attackers may be able to cause a BIND denial-of-service (DoS) attack by making a query for an AAAA record. last seen 2020-06-01 modified 2020-06-02 plugin id 97333 published 2017-02-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97333 title F5 Networks BIG-IP : BIND vulnerability (K80533167) NASL family Junos Local Security Checks NASL id JUNIPER_JSA10799.NASL description According to its self-reported version and model number, the remote Juniper Junos device is affected by a denial of service vulnerability in ISC BIND, specifically in the query_find() function within file bin/named/query.c, when simultaneously using DNS64 and RPZ for query responses. An unauthenticated, remote attacker can exploit this to cause an INSIST assertion failure or a NULL pointer read, resulting in termination of the service. last seen 2020-06-01 modified 2020-06-02 plugin id 102074 published 2017-07-31 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102074 title Juniper Junos SRX, vSRX, and J-Series ISC BIND DoS (JSA10799) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1025.NASL description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response. (CVE-2017-3135) - A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) - A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) - A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99870 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99870 title EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1025) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-843.NASL description CVE-2017-3135 Assertion failure when using DNS64 and RPZ can lead to crash. For Debian 7 last seen 2020-03-17 modified 2017-03-01 plugin id 97440 published 2017-03-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97440 title Debian DLA-843-1 : bind9 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1026.NASL description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response. (CVE-2017-3135) - A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) - A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) - A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2017-05-01 plugin id 99871 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99871 title EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1026) NASL family Scientific Linux Local Security Checks NASL id SL_20170215_BIND_ON_SL7_X.NASL description Security Fix(es) : - A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a NULL pointer dereference via a specially crafted DNS response. (CVE-2017-3135) last seen 2020-03-18 modified 2017-02-16 plugin id 97201 published 2017-02-16 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97201 title Scientific Linux Security Update : bind on SL7.x x86_64 (20170215) NASL family DNS NASL id BIND9_CVE-2017-3135.NASL description According to its self-reported version number, the instance of ISC BIND 9 running on the remote name server is 9.8.8 or 9.9.x prior to 9.9.9-P6 or 9.9.9-S8, 9.10.x prior to 9.10.4-P6, or 9.11.x prior to 9.11.0-P3. It is, therefore, affected by a denial of service vulnerability in the query_find() function in query.c that is triggered when using DNS64 and RPZ simultaneously for rewriting query responses. An unauthenticated, remote attacker can exploit this to cause an INSIST assertion failure or a NULL pointer read, resulting in a termination of the service. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 97227 published 2017-02-17 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97227 title ISC BIND 9 < 9.9.9-P6 / 9.9.9-S8 / 9.10.4-P6 / 9.11.0-P3 DNS64 and RPZ DoS NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-0595-1.NASL description This update for bind fixes the following issues : - Fixed a possible denial of service vulnerability (affected only configurations using both DNS64 and RPZ, CVE-2017-3135, bsc#1024130) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97519 published 2017-03-03 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97519 title SUSE SLES11 Security Update : bind (SUSE-SU-2017:0595-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://rhn.redhat.com/errata/RHSA-2017-0276.html
- http://rhn.redhat.com/errata/RHSA-2017-0276.html
- http://www.securityfocus.com/bid/96150
- http://www.securityfocus.com/bid/96150
- http://www.securitytracker.com/id/1037801
- http://www.securitytracker.com/id/1037801
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
- https://kb.isc.org/docs/aa-01453
- https://kb.isc.org/docs/aa-01453
- https://security.gentoo.org/glsa/201708-01
- https://security.gentoo.org/glsa/201708-01
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://security.netapp.com/advisory/ntap-20180926-0005/
- https://www.debian.org/security/2017/dsa-3795
- https://www.debian.org/security/2017/dsa-3795