99088

1038692

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us

https://kb.isc.org/docs/aa-01495

GLSA-201708-01

https://security.netapp.com/advisory/ntap-20180926-0001/

The remote host is affected by the vulnerability described in GLSA-201708-01 (BIND: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in BIND. Please review the       CVE identifiers referenced below for details.
  Impact :

    A remote attacker could send a specially crafted DNS request to the BIND       resolver resulting in a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Update to new ISC supported version 9.9.10-P2 including security fixes.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- New upstream release

  - Security fix for CVE-2017-3140

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to new ISC supported version 9.9.10.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update back to ISC supported version. Security fix for CVE-2017-3143, CVE-2017-3142, CVE-2017-3140

----

Update to 10.1.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its self-reported version number, the instance of ISC BIND running on the remote name server is 9.x.x prior to 9.9.10-P1, 9.10.x prior to 9.10.5-P1, or 9.11.x prior to 9.11.1-P1. It is, therefore, affected by multiple vulnerabilities :

  - A denial of service vulnerability exists when processing     Response Policy Zone (RPZ) rule types. An     unauthenticated, remote attacker can exploit this, via a     specially crafted query, to cause an infinite loop     condition that degrades the server's functionality.
    (CVE-2017-3140)

  - A privilege escalation vulnerability exists in the BIND     installer for Windows due to using an unquoted service     path. A local attacker can exploit this to gain elevated     privileges provided that the host file system     permissions allow this. Note that non-Windows builds and     installations are not affected. (CVE-2017-3141)

New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

ID	Name	Product	Family	Severity
102531	GLSA-201708-01 : BIND: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
101677	Fedora 26 : 12:dhcp / bind99 (2017-87f1f8c798)	Nessus	Fedora Local Security Checks	medium
101620	Fedora 26 : 32:bind (2017-43613b15ff)	Nessus	Fedora Local Security Checks	medium
101494	Fedora 24 : 32:bind / bind-dyndb-ldap / dnsperf (2017-001f135337)	Nessus	Fedora Local Security Checks	medium
101326	Fedora 25 : 12:dhcp / bind99 (2017-167cfa7b09)	Nessus	Fedora Local Security Checks	medium
101246	Fedora 25 : 32:bind / bind-dyndb-ldap / dnsperf (2017-d04f7ddd73)	Nessus	Fedora Local Security Checks	medium
100996	ISC BIND 9.x.x < 9.9.10-P1 / 9.10.x < 9.10.5-P1 / 9.11.x < 9.11.1-P1 Multiple Vulnerabilities	Nessus	DNS	high
100794	Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-165-01)	Nessus	Slackware Local Security Checks	medium

CVE-2017-3140

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

medium

medium

medium

medium

medium

high

medium