CVE-2017-3137

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

References

http://www.securityfocus.com/bid/97651

http://www.securitytracker.com/id/1038258

http://www.securitytracker.com/id/1040195

https://access.redhat.com/errata/RHSA-2017:1095

https://access.redhat.com/errata/RHSA-2017:1105

https://access.redhat.com/errata/RHSA-2017:1582

https://access.redhat.com/errata/RHSA-2017:1583

https://kb.isc.org/docs/aa-01466

https://security.gentoo.org/glsa/201708-01

https://security.netapp.com/advisory/ntap-20180802-0002/

https://www.debian.org/security/2017/dsa-3854

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-10-09

Type: CWE-617

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
147614EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2021-1396)NessusHuawei Local Security Checks
high
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
127330NewStart CGSL MAIN 4.05 : bind Multiple Vulnerabilities (NS-SA-2019-0102)NessusNewStart CGSL Local Security Checks
medium
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
112170OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)NessusOracleVM Local Security Checks
high
102531GLSA-201708-01 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
101751Fedora 26 : 32:bind (2017-f9f909a7b7)NessusFedora Local Security Checks
high
101692Fedora 26 : bind99 (2017-a354efc764)NessusFedora Local Security Checks
high
101456Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1105)NessusVirtuozzo Local Security Checks
high
101453Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1095)NessusVirtuozzo Local Security Checks
high
101100RHEL 7 : bind (RHSA-2017:1583)NessusRed Hat Local Security Checks
high
101099RHEL 6 : bind (RHSA-2017:1582)NessusRed Hat Local Security Checks
high
100477Debian DLA-957-1 : bind9 security updateNessusDebian Local Security Checks
high
100167Debian DSA-3854-1 : bind9 - security updateNessusDebian Local Security Checks
high
100090OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)NessusOracleVM Local Security Checks
high
100014Fedora 24 : bind99 (2017-edce28f24b)NessusFedora Local Security Checks
high
99944EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1078)NessusHuawei Local Security Checks
high
99943EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1077)NessusHuawei Local Security Checks
high
99714Amazon Linux AMI : bind (ALAS-2017-826)NessusAmazon Linux Local Security Checks
high
99605Fedora 24 : 32:bind (2017-0a876b0ba5)NessusFedora Local Security Checks
high
99575Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170420)NessusScientific Linux Local Security Checks
high
99571RHEL 6 : bind (RHSA-2017:1105)NessusRed Hat Local Security Checks
high
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
high
99564Oracle Linux 6 : bind (ELSA-2017-1105)NessusOracle Linux Local Security Checks
high
99538CentOS 6 : bind (CESA-2017:1105)NessusCentOS Local Security Checks
high
99506Scientific Linux Security Update : bind on SL7.x x86_64 (20170419)NessusScientific Linux Local Security Checks
high
99500Oracle Linux 7 : bind (ELSA-2017-1095)NessusOracle Linux Local Security Checks
high
99499openSUSE Security Update : bind (openSUSE-2017-491)NessusSuSE Local Security Checks
high
99495Fedora 25 : 32:bind (2017-ee4b0f53cb)NessusFedora Local Security Checks
high
99488Fedora 25 : bind99 (2017-44e494db1e)NessusFedora Local Security Checks
high
99483CentOS 7 : bind (CESA-2017:1095)NessusCentOS Local Security Checks
high
99478ISC BIND 9 < 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1r3 Multiple VunlerabilitiesNessusDNS
high
99455RHEL 7 : bind (RHSA-2017:1095)NessusRed Hat Local Security Checks
high
99435Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3259-1)NessusUbuntu Local Security Checks
high
99434SUSE SLES11 Security Update : bind (SUSE-SU-2017:1027-1)NessusSuSE Local Security Checks
high
99378Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-103-01)NessusSlackware Local Security Checks
high
99358SUSE SLES11 Security Update : bind (SUSE-SU-2017:1000-1)NessusSuSE Local Security Checks
high
99357SUSE SLES12 Security Update : bind (SUSE-SU-2017:0999-1)NessusSuSE Local Security Checks
high
99356SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1)NessusSuSE Local Security Checks
high
99325FreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c)NessusFreeBSD Local Security Checks
high