mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-29 01:31:47 +00:00
151 lines
6.3 KiB
JSON
151 lines
6.3 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security-officer@isc.org",
|
|
"DATE_PUBLIC": "2017-03-12T00:00:00.000Z",
|
|
"ID": "CVE-2017-3136",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\""
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "BIND 9",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "ISC"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8."
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 5.9,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "RHSA-2017:1095",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:1095"
|
|
},
|
|
{
|
|
"name": "GLSA-201708-01",
|
|
"refsource": "GENTOO",
|
|
"url": "https://security.gentoo.org/glsa/201708-01"
|
|
},
|
|
{
|
|
"name": "https://security.netapp.com/advisory/ntap-20180802-0002/",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
|
|
},
|
|
{
|
|
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us"
|
|
},
|
|
{
|
|
"name": "DSA-3854",
|
|
"refsource": "DEBIAN",
|
|
"url": "https://www.debian.org/security/2017/dsa-3854"
|
|
},
|
|
{
|
|
"name": "1038259",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1038259"
|
|
},
|
|
{
|
|
"name": "97653",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/97653"
|
|
},
|
|
{
|
|
"name": "RHSA-2017:1105",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:1105"
|
|
},
|
|
{
|
|
"name": "https://kb.isc.org/docs/aa-01465",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kb.isc.org/docs/aa-01465"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2020:1699",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
|
|
},
|
|
{
|
|
"refsource": "SUSE",
|
|
"name": "openSUSE-SU-2020:1701",
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect."
|
|
}
|
|
]
|
|
} |