CVE-2017-3145

MEDIUM

Description

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

References

http://www.securityfocus.com/bid/102716

http://www.securitytracker.com/id/1040195

https://access.redhat.com/errata/RHSA-2018:0101

https://access.redhat.com/errata/RHSA-2018:0102

https://access.redhat.com/errata/RHSA-2018:0487

https://access.redhat.com/errata/RHSA-2018:0488

https://kb.isc.org/docs/aa-01542

https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html

https://security.netapp.com/advisory/ntap-20180117-0003/

https://www.debian.org/security/2018/dsa-4089

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-10-09

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.4.0 to 9.8.8 (inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.9.0 to 9.9.11 (inclusive)

cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.9.11:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.10.0 to 9.10.6 (inclusive)

cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.10.6:s1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.11.0 to 9.11.2 (inclusive)

cpe:2.3:a:isc:bind:9.12.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
critical
127370NewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0123)NessusNewStart CGSL Local Security Checks
medium
127159NewStart CGSL MAIN 5.04 : bind Vulnerability (NS-SA-2019-0011)NessusNewStart CGSL Local Security Checks
medium
124936EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)NessusHuawei Local Security Checks
medium
124879EulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376)NessusHuawei Local Security Checks
medium
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
118626F5 Networks BIG-IP : BIND vulnerability (K08613310)NessusF5 Networks Local Security Checks
medium
112170OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)NessusOracleVM Local Security Checks
medium
109125Amazon Linux 2 : bind (ALAS-2018-954)NessusAmazon Linux Local Security Checks
medium
108277RHEL 7 : bind (RHSA-2018:0488)NessusRed Hat Local Security Checks
medium
108276RHEL 6 : bind (RHSA-2018:0487)NessusRed Hat Local Security Checks
medium
106931Amazon Linux AMI : bind (ALAS-2018-954)NessusAmazon Linux Local Security Checks
medium
106766EulerOS 2.0 SP2 : bind (EulerOS-SA-2018-1038)NessusHuawei Local Security Checks
medium
106765EulerOS 2.0 SP1 : bind (EulerOS-SA-2018-1037)NessusHuawei Local Security Checks
medium
106618SUSE SLES11 Security Update : bind (SUSE-SU-2018:0362-1)NessusSuSE Local Security Checks
medium
106545openSUSE Security Update : bind (openSUSE-2018-114)NessusSuSE Local Security Checks
medium
106531SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2018:0303-1)NessusSuSE Local Security Checks
medium
106513Fedora 26 : 32:bind / bind-dyndb-ldap / dnsperf (2018-6550550774)NessusFedora Local Security Checks
medium
106291OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0014)NessusOracleVM Local Security Checks
medium
106283Fedora 27 : 32:bind / bind-dyndb-ldap / dnsperf (2018-97bdb9ba32)NessusFedora Local Security Checks
medium
106258Scientific Linux Security Update : bind on SL7.x x86_64 (20180122)NessusScientific Linux Local Security Checks
medium
106257Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20180122)NessusScientific Linux Local Security Checks
medium
106245RHEL 7 : bind (RHSA-2018:0102)NessusRed Hat Local Security Checks
medium
106244RHEL 6 : bind (RHSA-2018:0101)NessusRed Hat Local Security Checks
medium
106240Oracle Linux 7 : bind (ELSA-2018-0102)NessusOracle Linux Local Security Checks
medium
106239Oracle Linux 6 : bind (ELSA-2018-0101)NessusOracle Linux Local Security Checks
medium
106234CentOS 7 : bind (CESA-2018:0102)NessusCentOS Local Security Checks
medium
106233CentOS 6 : bind (CESA-2018:0101)NessusCentOS Local Security Checks
medium
106211Debian DLA-1255-1 : bind9 security updateNessusDebian Local Security Checks
medium
106200ISC BIND 9 < 9.9.11-P1 / 9.9.11-S2 / 9.10.6-P1 / 9.10.6-S2 / 9.11.2-P1 / 9.12.0rc2 Multiple VulnerabilitiesNessusDNS
medium
106135Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : bind9 vulnerability (USN-3535-1)NessusUbuntu Local Security Checks
medium
106106Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2018-017-01)NessusSlackware Local Security Checks
medium
106076Debian DSA-4089-1 : bind9 - security updateNessusDebian Local Security Checks
medium