CVE-2017-3135

Опубликовано: 08 фев. 2017

Источник: redhat

CVSS3: 7.5

CVSS2: 4.3

Описание

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response.

Меры по смягчению последствий

While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	bind	Not affected
Red Hat Enterprise Linux 5	bind97	Not affected
Red Hat Enterprise Linux 6	bind	Not affected
Red Hat Enterprise Linux 7	bind	Fixed	RHSA-2017:0276	15.02.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1420193bind: Assertion failure when using DNS64 and RPZ Can Lead to Crash

7.5 High

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2017-3135

CVSS3: 7.5

ubuntu

почти 7 лет назад

CVE-2017-3135

CVSS3: 7.5

nvd

почти 7 лет назад

CVE-2017-3135

CVSS3: 7.5

debian

почти 7 лет назад

Under some conditions when using both DNS64 and RPZ to rewrite query r ...

openSUSE-SU-2017:0620-1

suse-cvrf

больше 8 лет назад

Security update for bind

SUSE-SU-2017:0596-1

suse-cvrf

больше 8 лет назад

Security update for bind

7.5 High

CVSS3

4.3 Medium

CVSS2