CVE-2017-3136
An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.
Una consulta con un conjunto determinado de características podría provocar que un servidor que emplea DNS64 se encuentre con un fallo de aserción y termine. Un atacante podría construir deliberadamente una consulta, habilitando una denegación de servicio (DoS) contra un servidor si está configurado para emplear la característica DNS64 y se cumplen otras precondiciones. Afecta a BIND desde la versión 9.8.0 hasta la9.8.8-P1, desde la versión 9.9.0 hasta la 9.9.9-P6, desde la versión 9.9.10b1 hasta la 9.9.10rc1, desde la versión 9.10.0 hasta la 9.10.4-P6, desde la versión 9.10.5b1 hasta la 9.10.5rc1, desde la versión 9.11.0 hasta la 9.11.0-P3, desde la versión 9.11.1b1 hasta la 9.11.1rc1 y desde la versión 9.9.3-S1 hasta 9.9.9-S8.
A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request.
*Credits:
ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-02 CVE Reserved
- 2017-04-14 CVE Published
- 2024-09-17 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97653 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038259 | Third Party Advisory | |
| https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20180802-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html | 2020-10-20 | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html | 2020-10-20 | |
| https://access.redhat.com/errata/RHSA-2017:1095 | 2020-10-20 | |
| https://access.redhat.com/errata/RHSA-2017:1105 | 2020-10-20 | |
| https://kb.isc.org/docs/aa-01465 | 2020-10-20 | |
| https://security.gentoo.org/glsa/201708-01 | 2020-10-20 | |
| https://www.debian.org/security/2017/dsa-3854 | 2020-10-20 | |
| https://access.redhat.com/security/cve/CVE-2017-3136 | 2017-04-20 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1441125 | 2017-04-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.8.0 <= 9.8.8 Search vendor "Isc" for product "Bind" and version " >= 9.8.0 <= 9.8.8" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.9.0 <= 9.9.9 Search vendor "Isc" for product "Bind" and version " >= 9.9.0 <= 9.9.9" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.10.0 <= 9.10.4 Search vendor "Isc" for product "Bind" and version " >= 9.10.0 <= 9.10.4" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.8.0 Search vendor "Isc" for product "Bind" and version "9.8.0" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.0 Search vendor "Isc" for product "Bind" and version "9.9.0" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.0 Search vendor "Isc" for product "Bind" and version "9.9.0" | p2 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.0 Search vendor "Isc" for product "Bind" and version "9.9.0" | p3 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.0 Search vendor "Isc" for product "Bind" and version "9.9.0" | p4 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.0 Search vendor "Isc" for product "Bind" and version "9.9.0" | p5 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.0 Search vendor "Isc" for product "Bind" and version "9.9.0" | p6 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.3 Search vendor "Isc" for product "Bind" and version "9.9.3" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.3 Search vendor "Isc" for product "Bind" and version "9.9.3" | s1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.10 Search vendor "Isc" for product "Bind" and version "9.9.10" | beta1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.10 Search vendor "Isc" for product "Bind" and version "9.9.10" | rc1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | p2 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | p3 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | p4 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | p5 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | p6 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.5 Search vendor "Isc" for product "Bind" and version "9.10.5" | b1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.5 Search vendor "Isc" for product "Bind" and version "9.10.5" | rc1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | p2 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | p3 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.1 Search vendor "Isc" for product "Bind" and version "9.11.1" | beta1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.1 Search vendor "Isc" for product "Bind" and version "9.11.1" | rc1 |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.5" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Element Software Search vendor "Netapp" for product "Element Software" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Balance Search vendor "Netapp" for product "Oncommand Balance" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||