CVE-2017-3137
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND 9 | 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8 | affected |
Weaknesses
- A server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering. An attacker can cause a denial of service by exploiting this condition. Recursive resolvers are at highest risk but authoritative servers are theoretically vulnerable if they perform recursion.
Workarounds
None known.
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2017:1095
- https://security.gentoo.org/glsa/201708-01
- http://www.securitytracker.com/id/1038258
- https://security.netapp.com/advisory/ntap-20180802-0002/
- http://www.securitytracker.com/id/1040195
- https://access.redhat.com/errata/RHSA-2017:1582
- https://www.debian.org/security/2017/dsa-3854
- https://access.redhat.com/errata/RHSA-2017:1583
- http://www.securityfocus.com/bid/97651
- https://access.redhat.com/errata/RHSA-2017:1105
- https://kb.isc.org/docs/aa-01466
References
- https://access.redhat.com/errata/RHSA-2017:1095
- https://security.gentoo.org/glsa/201708-01
- http://www.securitytracker.com/id/1038258
- https://security.netapp.com/advisory/ntap-20180802-0002/
- http://www.securitytracker.com/id/1040195
- https://access.redhat.com/errata/RHSA-2017:1582
- https://www.debian.org/security/2017/dsa-3854
- https://access.redhat.com/errata/RHSA-2017:1583
- http://www.securityfocus.com/bid/97651
- https://access.redhat.com/errata/RHSA-2017:1105
- https://kb.isc.org/docs/aa-01466
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.