CVE-2017-3138

LOW

Description

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.

References

http://www.securityfocus.com/bid/97657

http://www.securitytracker.com/id/1038260

https://kb.isc.org/docs/aa-01471

https://security.gentoo.org/glsa/201708-01

https://security.netapp.com/advisory/ntap-20180802-0002/

https://www.debian.org/security/2017/dsa-3854

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-10-09

Type: CWE-617

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3.0

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.6

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
102531	GLSA-201708-01 : BIND: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
101751	Fedora 26 : 32:bind (2017-f9f909a7b7)	Nessus	Fedora Local Security Checks	medium
101692	Fedora 26 : bind99 (2017-a354efc764)	Nessus	Fedora Local Security Checks	medium
100477	Debian DLA-957-1 : bind9 security update	Nessus	Debian Local Security Checks	medium
100167	Debian DSA-3854-1 : bind9 - security update	Nessus	Debian Local Security Checks	medium
100014	Fedora 24 : bind99 (2017-edce28f24b)	Nessus	Fedora Local Security Checks	medium
99605	Fedora 24 : 32:bind (2017-0a876b0ba5)	Nessus	Fedora Local Security Checks	medium
99499	openSUSE Security Update : bind (openSUSE-2017-491)	Nessus	SuSE Local Security Checks	medium
99495	Fedora 25 : 32:bind (2017-ee4b0f53cb)	Nessus	Fedora Local Security Checks	medium
99488	Fedora 25 : bind99 (2017-44e494db1e)	Nessus	Fedora Local Security Checks	medium
99478	ISC BIND 9 < 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1r3 Multiple Vunlerabilities	Nessus	DNS	medium
99435	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3259-1)	Nessus	Ubuntu Local Security Checks	medium
99378	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-103-01)	Nessus	Slackware Local Security Checks	medium
99358	SUSE SLES11 Security Update : bind (SUSE-SU-2017:1000-1)	Nessus	SuSE Local Security Checks	medium
99357	SUSE SLES12 Security Update : bind (SUSE-SU-2017:0999-1)	Nessus	SuSE Local Security Checks	medium
99356	SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1)	Nessus	SuSE Local Security Checks	medium
99325	FreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c)	Nessus	FreeBSD Local Security Checks	medium

CVE-2017-3138

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium