CVE-2017-3136

MEDIUM

Description

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

http://www.securityfocus.com/bid/97653

http://www.securitytracker.com/id/1038259

https://access.redhat.com/errata/RHSA-2017:1095

https://access.redhat.com/errata/RHSA-2017:1105

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us

https://kb.isc.org/docs/aa-01465

https://security.gentoo.org/glsa/201708-01

https://security.netapp.com/advisory/ntap-20180802-0002/

https://www.debian.org/security/2017/dsa-3854

Details

Source: MITRE

Published: 2019-01-16

Updated: 2020-10-20

Type: CWE-617

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.8.0 to 9.8.8 (inclusive)

cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.9.0 to 9.9.9 (inclusive)

cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.10.0 to 9.10.4 (inclusive)

cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
143842SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2020:2914-1)NessusSuSE Local Security Checks
medium
141839openSUSE Security Update : bind (openSUSE-2020-1701)NessusSuSE Local Security Checks
medium
141560openSUSE Security Update : bind (openSUSE-2020-1699)NessusSuSE Local Security Checks
medium
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
critical
127330NewStart CGSL MAIN 4.05 : bind Multiple Vulnerabilities (NS-SA-2019-0102)NessusNewStart CGSL Local Security Checks
medium
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
112170OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)NessusOracleVM Local Security Checks
medium
102531GLSA-201708-01 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
101751Fedora 26 : 32:bind (2017-f9f909a7b7)NessusFedora Local Security Checks
medium
101692Fedora 26 : bind99 (2017-a354efc764)NessusFedora Local Security Checks
medium
101456Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1105)NessusVirtuozzo Local Security Checks
medium
101453Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1095)NessusVirtuozzo Local Security Checks
medium
100477Debian DLA-957-1 : bind9 security updateNessusDebian Local Security Checks
medium
100167Debian DSA-3854-1 : bind9 - security updateNessusDebian Local Security Checks
medium
100090OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)NessusOracleVM Local Security Checks
medium
100014Fedora 24 : bind99 (2017-edce28f24b)NessusFedora Local Security Checks
medium
99944EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1078)NessusHuawei Local Security Checks
medium
99943EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1077)NessusHuawei Local Security Checks
medium
99714Amazon Linux AMI : bind (ALAS-2017-826)NessusAmazon Linux Local Security Checks
medium
99605Fedora 24 : 32:bind (2017-0a876b0ba5)NessusFedora Local Security Checks
medium
99575Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170420)NessusScientific Linux Local Security Checks
medium
99571RHEL 6 : bind (RHSA-2017:1105)NessusRed Hat Local Security Checks
medium
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
critical
99564Oracle Linux 6 : bind (ELSA-2017-1105)NessusOracle Linux Local Security Checks
medium
99538CentOS 6 : bind (CESA-2017:1105)NessusCentOS Local Security Checks
medium
99506Scientific Linux Security Update : bind on SL7.x x86_64 (20170419)NessusScientific Linux Local Security Checks
medium
99500Oracle Linux 7 : bind (ELSA-2017-1095)NessusOracle Linux Local Security Checks
medium
99499openSUSE Security Update : bind (openSUSE-2017-491)NessusSuSE Local Security Checks
medium
99495Fedora 25 : 32:bind (2017-ee4b0f53cb)NessusFedora Local Security Checks
medium
99488Fedora 25 : bind99 (2017-44e494db1e)NessusFedora Local Security Checks
medium
99483CentOS 7 : bind (CESA-2017:1095)NessusCentOS Local Security Checks
medium
99478ISC BIND 9 < 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1r3 Multiple VunlerabilitiesNessusDNS
medium
99455RHEL 7 : bind (RHSA-2017:1095)NessusRed Hat Local Security Checks
medium
99435Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3259-1)NessusUbuntu Local Security Checks
medium
99378Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-103-01)NessusSlackware Local Security Checks
medium
99358SUSE SLES11 Security Update : bind (SUSE-SU-2017:1000-1)NessusSuSE Local Security Checks
medium
99357SUSE SLES12 Security Update : bind (SUSE-SU-2017:0999-1)NessusSuSE Local Security Checks
medium
99356SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1)NessusSuSE Local Security Checks
medium
99325FreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c)NessusFreeBSD Local Security Checks
medium