CVE-2017-3145
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND 9 | 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1 | affected |
Weaknesses
- While this bug has existed in BIND since 9.0.0, there are no known code paths leading to it in ISC releases prior to those containing the fix for CVE-2017-3137. Thus while all instances of BIND ought to be patched, only ISC versions [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1] acting as DNSSEC validating resolvers are currently known to crash due to this bug. The known crash is an assertion failure in netaddr.c.
Workarounds
If an operator is experiencing crashes due to this, temporarily disabling DNSSEC validation can be used to avoid the known problematic code path while replacement builds are prepared.
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2018:0102
- https://access.redhat.com/errata/RHSA-2018:0487
- https://www.debian.org/security/2018/dsa-4089
- https://access.redhat.com/errata/RHSA-2018:0488
- https://access.redhat.com/errata/RHSA-2018:0101
- http://www.securitytracker.com/id/1040195
- https://kb.isc.org/docs/aa-01542
- http://www.securityfocus.com/bid/102716
- https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html
- https://security.netapp.com/advisory/ntap-20180117-0003/
- https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named
References
- https://access.redhat.com/errata/RHSA-2018:0102
- https://access.redhat.com/errata/RHSA-2018:0487
- https://www.debian.org/security/2018/dsa-4089
- https://access.redhat.com/errata/RHSA-2018:0488
- https://access.redhat.com/errata/RHSA-2018:0101
- http://www.securitytracker.com/id/1040195
- https://kb.isc.org/docs/aa-01542
- http://www.securityfocus.com/bid/102716
- https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html
- https://security.netapp.com/advisory/ntap-20180117-0003/
- https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.