mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
2.8 KiB
2.8 KiB
CVE-2017-3138
%20can%20already%20be%20given%20to%20cause%20the%20server%20to%20stop.%0A%0AHowever%2C%20BIND%209.11.0%20introduced%20a%20new%20option%20to%20allow%20%22read%20only%22%20commands%20over%20the%20command%20channel.%20%20Using%20this%20restriction%2C%20a%20server%20can%20be%20configured%20to%20limit%20specified%20clients%20to%20giving%20control%20channel%20commands%20which%20return%20information%20only%20(e.g.%20%22rndc%20status%22)%20without%20affecting%20the%20operational%20state%20of%20the%20server.%20%20The%20defect%20described%20in%20this%20advisory%2C%20however%2C%20is%20not%20properly%20stopped%20by%20the%20%22read%20only%22%20restriction%2C%20in%20essence%20permitting%20a%20privilege%20escalation%20allowing%20a%20client%20which%20should%20only%20be%20permitted%20the%20limited%20set%20of%20%22read%20only%22%20operations%20to%20cause%20the%20server%20to%20stop%20execution.&color=brighgreen)
Description
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
POC
Reference
No PoCs from references.
Github
- https://github.com/ALTinners/bind9
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AndrewLipscomb/bind9
- https://github.com/balabit-deps/balabit-os-7-bind9
- https://github.com/balabit-deps/balabit-os-8-bind9-libs
- https://github.com/balabit-deps/balabit-os-9-bind9-libs
- https://github.com/pexip/os-bind9
- https://github.com/pexip/os-bind9-libs
- https://github.com/psmedley/bind-os2