SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
SecurityTracker Alert ID:  1040195
SecurityTracker URL:  http://securitytracker.com/id/1040195
CVE Reference:   CVE-2017-3137, CVE-2017-3145   (Links to External Site)
Date:  Jan 16 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

The system does not properly sequence cleanup operations for upstream recursion fetch contexts. A remote server can return specially crafted data to trigger a use-after-free memory error and cause the target named service to crash.

[Editor's note: The vendor indicates that there are no known exploit paths in the code prior to the fix for CVE-2017-3137.]

Jayachandran Palanisamy of Cygate AB reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   The vendor has issued a fix (9.9.11-P1, 9.10.6-P1, 9.11.2-P1, 9.12.0rc2).

The vendor advisory is available at:

https://kb.isc.org/article/AA-01542

Vendor URL:  kb.isc.org/article/AA-01542 (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 18 2018 (Ubuntu Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 12.04 ESM.
Jan 18 2018 (Ubuntu Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS, 16.04 LTS, and 17.10.
Jan 22 2018 (Red Hat Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.
Jan 22 2018 (CentOS Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
CentOS has issued a fix for CentOS 6 and 7.
Jan 23 2018 (Red Hat Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Jan 23 2018 (Oracle Issues Fix for Oracle Linux) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Oracle has issued a fix for Oracle Linux 7.
Jan 26 2018 (Oracle Issues Fix for Oracle Linux) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Oracle has issued a fix for Oracle Linux 6.
Mar 12 2018 (Red Hat Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 6.4, 6.5, 6.6, and 6.7.
Mar 12 2018 (Red Hat Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 7.2 and 7.3.
Jul 19 2018 (Juniper Issues Fix for Juniper Junos) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Juniper has issued a fix for Juniper Junos.
Jul 19 2018 (Juniper Issues Fix for Juniper Junos Space) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
Juniper has issued a fix for Juniper Junos Space.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC