CVE-2017-3137

MEDIUM

Description

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

References

http://www.securityfocus.com/bid/97651

http://www.securitytracker.com/id/1038258

http://www.securitytracker.com/id/1040195

https://access.redhat.com/errata/RHSA-2017:1095

https://access.redhat.com/errata/RHSA-2017:1105

https://access.redhat.com/errata/RHSA-2017:1582

https://access.redhat.com/errata/RHSA-2017:1583

https://kb.isc.org/docs/aa-01466

https://security.gentoo.org/glsa/201708-01

https://security.netapp.com/advisory/ntap-20180802-0002/

https://www.debian.org/security/2017/dsa-3854

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-10-09

Type: CWE-617

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
critical
127330NewStart CGSL MAIN 4.05 : bind Multiple Vulnerabilities (NS-SA-2019-0102)NessusNewStart CGSL Local Security Checks
medium
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
112170OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)NessusOracleVM Local Security Checks
medium
102531GLSA-201708-01 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
101751Fedora 26 : 32:bind (2017-f9f909a7b7)NessusFedora Local Security Checks
medium
101692Fedora 26 : bind99 (2017-a354efc764)NessusFedora Local Security Checks
medium
101456Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1105)NessusVirtuozzo Local Security Checks
medium
101453Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1095)NessusVirtuozzo Local Security Checks
medium
101100RHEL 7 : bind (RHSA-2017:1583)NessusRed Hat Local Security Checks
medium
101099RHEL 6 : bind (RHSA-2017:1582)NessusRed Hat Local Security Checks
medium
100477Debian DLA-957-1 : bind9 security updateNessusDebian Local Security Checks
medium
100167Debian DSA-3854-1 : bind9 - security updateNessusDebian Local Security Checks
medium
100090OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0100)NessusOracleVM Local Security Checks
medium
100014Fedora 24 : bind99 (2017-edce28f24b)NessusFedora Local Security Checks
medium
99944EulerOS 2.0 SP2 : bind (EulerOS-SA-2017-1078)NessusHuawei Local Security Checks
medium
99943EulerOS 2.0 SP1 : bind (EulerOS-SA-2017-1077)NessusHuawei Local Security Checks
medium
99714Amazon Linux AMI : bind (ALAS-2017-826)NessusAmazon Linux Local Security Checks
medium
99605Fedora 24 : 32:bind (2017-0a876b0ba5)NessusFedora Local Security Checks
medium
99575Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170420)NessusScientific Linux Local Security Checks
medium
99571RHEL 6 : bind (RHSA-2017:1105)NessusRed Hat Local Security Checks
medium
99569OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)NessusOracleVM Local Security Checks
critical
99564Oracle Linux 6 : bind (ELSA-2017-1105)NessusOracle Linux Local Security Checks
medium
99538CentOS 6 : bind (CESA-2017:1105)NessusCentOS Local Security Checks
medium
99506Scientific Linux Security Update : bind on SL7.x x86_64 (20170419)NessusScientific Linux Local Security Checks
medium
99500Oracle Linux 7 : bind (ELSA-2017-1095)NessusOracle Linux Local Security Checks
medium
99499openSUSE Security Update : bind (openSUSE-2017-491)NessusSuSE Local Security Checks
medium
99495Fedora 25 : 32:bind (2017-ee4b0f53cb)NessusFedora Local Security Checks
medium
99488Fedora 25 : bind99 (2017-44e494db1e)NessusFedora Local Security Checks
medium
99483CentOS 7 : bind (CESA-2017:1095)NessusCentOS Local Security Checks
medium
99478ISC BIND 9 < 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1r3 Multiple VunlerabilitiesNessusDNS
medium
99455RHEL 7 : bind (RHSA-2017:1095)NessusRed Hat Local Security Checks
medium
99435Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3259-1)NessusUbuntu Local Security Checks
medium
99434SUSE SLES11 Security Update : bind (SUSE-SU-2017:1027-1)NessusSuSE Local Security Checks
medium
99378Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-103-01)NessusSlackware Local Security Checks
medium
99358SUSE SLES11 Security Update : bind (SUSE-SU-2017:1000-1)NessusSuSE Local Security Checks
medium
99357SUSE SLES12 Security Update : bind (SUSE-SU-2017:0999-1)NessusSuSE Local Security Checks
medium
99356SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1)NessusSuSE Local Security Checks
medium
99325FreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c)NessusFreeBSD Local Security Checks
medium