Published: 16/01/2019 Updated: 09/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.10.4
isc bind 9.9.8
isc bind 9.9.3
isc bind 9.9.9
isc bind 9.11.1
isc bind 9.10.0
isc bind 9.11.0
isc bind 9.9.10
isc bind 9.10.5
redhat enterprise linux server tus 7.3
redhat enterprise linux server tus 7.6
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.4
redhat enterprise linux server eus 7.3
redhat enterprise linux server aus 7.3
redhat enterprise linux workstation 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server aus 7.6
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.6
redhat enterprise linux server aus 7.4
netapp data ontap edge -
netapp element software management node -
debian debian linux 8.0
debian debian linux 9.0

Synopsis Moderate: bind security update Type/Severity Security Advisory: Moderate Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...

Debian Bug report logs - #855520 bind9: CVE-2017-3135: Assertion failure when using DNS64 and RPZ can lead to crash Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 19 Feb 2017 17:15:02 UTC Severity: grave T ...

Bind could be made to crash if it received specially crafted network traffic ...

It was discovered that a maliciously crafted query can cause ISC's BIND DNS server (named) to crash if both Response Policy Zones (RPZ) and DNS64 (a bridge between IPv4 and IPv6 networks) are enabled It is uncommon for both of these options to be used in combination, so very few systems will be affected by this problem in practice This update als ...

A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response ...

A vulnerability has been found in bind < 9110-P3, allowing a remote attacker to trigger an INSIST assertion failure or a NULL pointer read in configurations using both DNS64 and RPZ ...

CWE-476 https://kb.isc.org/docs/aa-01453 https://www.debian.org/security/2017/dsa-3795 https://security.netapp.com/advisory/ntap-20180926-0005/https://security.gentoo.org/glsa/201708-01 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us http://www.securitytracker.com/id/1037801 http://www.securityfocus.com/bid/96150 http://rhn.redhat.com/errata/RHSA-2017-0276.html https://access.redhat.com/errata/RHSA-2017:0276 https://usn.ubuntu.com/3201-1/https://nvd.nist.gov

CVE-2017-3135

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect