CVE-2017-3136MEDIUM
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
http://www.securityfocus.com/bid/97653
http://www.securitytracker.com/id/1038259
https://access.redhat.com/errata/RHSA-2017:1095
https://access.redhat.com/errata/RHSA-2017:1105
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us
https://kb.isc.org/docs/aa-01465
https://security.gentoo.org/glsa/201708-01
Details
Source: MITRE
Published: 2019-01-16
Updated: 2020-10-20
Type: CWE-617
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 5.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.2
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.8.0 to 9.8.8 (inclusive)
cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.9.0 to 9.9.9 (inclusive)
cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.10.0 to 9.10.4 (inclusive)
cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*
cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Configuration 3
OR
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
Configuration 4
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 143842 | SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2020:2914-1) | Nessus | SuSE Local Security Checks | medium |
| 141839 | openSUSE Security Update : bind (openSUSE-2020-1701) | Nessus | SuSE Local Security Checks | medium |
| 141560 | openSUSE Security Update : bind (openSUSE-2020-1699) | Nessus | SuSE Local Security Checks | medium |
| 137170 | OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) | Nessus | OracleVM Local Security Checks | high |
| 127330 | NewStart CGSL MAIN 4.05 : bind Multiple Vulnerabilities (NS-SA-2019-0102) | Nessus | NewStart CGSL Local Security Checks | medium |
| 124936 | EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433) | Nessus | Huawei Local Security Checks | medium |
| 121068 | Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917) | Nessus | Junos Local Security Checks | high |
| 112170 | OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252) | Nessus | OracleVM Local Security Checks | high |
| 102531 | GLSA-201708-01 : BIND: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 101751 | Fedora 26 : 32:bind (2017-f9f909a7b7) | Nessus | Fedora Local Security Checks | high |
| 101692 | Fedora 26 : bind99 (2017-a354efc764) | Nessus | Fedora Local Security Checks | high |
| 101456 | Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1105) | Nessus | Virtuozzo Local Security Checks | high |
| 101453 | Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1095) | Nessus | Virtuozzo Local Security Checks | high |
| 100477 | Debian DLA-957-1 : bind9 security update | Nessus | Debian Local Security Checks | high |
| 100167 | Debian DSA-3854-1 : bind9 - security update | Nessus | Debian Local Security Checks | high |
| 100090 | OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100) | Nessus | OracleVM Local Security Checks | high |
| 100014 | Fedora 24 : bind99 (2017-edce28f24b) | Nessus | Fedora Local Security Checks | high |
| 99944 | EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1078) | Nessus | Huawei Local Security Checks | high |
| 99943 | EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1077) | Nessus | Huawei Local Security Checks | high |
| 99714 | Amazon Linux AMI : bind (ALAS-2017-826) | Nessus | Amazon Linux Local Security Checks | high |
| 99605 | Fedora 24 : 32:bind (2017-0a876b0ba5) | Nessus | Fedora Local Security Checks | high |
| 99575 | Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170420) | Nessus | Scientific Linux Local Security Checks | high |
| 99571 | RHEL 6 : bind (RHSA-2017:1105) | Nessus | Red Hat Local Security Checks | high |
| 99569 | OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) | Nessus | OracleVM Local Security Checks | high |
| 99564 | Oracle Linux 6 : bind (ELSA-2017-1105) | Nessus | Oracle Linux Local Security Checks | high |
| 99538 | CentOS 6 : bind (CESA-2017:1105) | Nessus | CentOS Local Security Checks | high |
| 99506 | Scientific Linux Security Update : bind on SL7.x x86_64 (20170419) | Nessus | Scientific Linux Local Security Checks | high |
| 99500 | Oracle Linux 7 : bind (ELSA-2017-1095) | Nessus | Oracle Linux Local Security Checks | high |
| 99499 | openSUSE Security Update : bind (openSUSE-2017-491) | Nessus | SuSE Local Security Checks | high |
| 99495 | Fedora 25 : 32:bind (2017-ee4b0f53cb) | Nessus | Fedora Local Security Checks | high |
| 99488 | Fedora 25 : bind99 (2017-44e494db1e) | Nessus | Fedora Local Security Checks | high |
| 99483 | CentOS 7 : bind (CESA-2017:1095) | Nessus | CentOS Local Security Checks | high |
| 99478 | ISC BIND 9 < 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1r3 Multiple Vunlerabilities | Nessus | DNS | high |
| 99455 | RHEL 7 : bind (RHSA-2017:1095) | Nessus | Red Hat Local Security Checks | high |
| 99435 | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3259-1) | Nessus | Ubuntu Local Security Checks | high |
| 99378 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-103-01) | Nessus | Slackware Local Security Checks | high |
| 99358 | SUSE SLES11 Security Update : bind (SUSE-SU-2017:1000-1) | Nessus | SuSE Local Security Checks | high |
| 99357 | SUSE SLES12 Security Update : bind (SUSE-SU-2017:0999-1) | Nessus | SuSE Local Security Checks | high |
| 99356 | SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1) | Nessus | SuSE Local Security Checks | high |
| 99325 | FreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c) | Nessus | FreeBSD Local Security Checks | high |