CVE-2017-3140

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

References

http://www.securityfocus.com/bid/99088

http://www.securitytracker.com/id/1038692

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us

https://kb.isc.org/docs/aa-01495

https://security.gentoo.org/glsa/201708-01

https://security.netapp.com/advisory/ntap-20180926-0001/

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-10-09

Type: CWE-400

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.2

Severity: MEDIUM

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
102531GLSA-201708-01 : BIND: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
101677Fedora 26 : 12:dhcp / bind99 (2017-87f1f8c798)NessusFedora Local Security Checks
medium
101620Fedora 26 : 32:bind (2017-43613b15ff)NessusFedora Local Security Checks
medium
101494Fedora 24 : 32:bind / bind-dyndb-ldap / dnsperf (2017-001f135337)NessusFedora Local Security Checks
medium
101326Fedora 25 : 12:dhcp / bind99 (2017-167cfa7b09)NessusFedora Local Security Checks
medium
101246Fedora 25 : 32:bind / bind-dyndb-ldap / dnsperf (2017-d04f7ddd73)NessusFedora Local Security Checks
medium
100996ISC BIND 9.x.x < 9.9.10-P1 / 9.10.x < 9.10.5-P1 / 9.11.x < 9.11.1-P1 Multiple VulnerabilitiesNessusDNS
high
100794Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-165-01)NessusSlackware Local Security Checks
medium