SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   BIND Vendors:   ISC (Internet Software Consortium)
(CentOS Issues Fix) BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash
SecurityTracker Alert ID:  1040257
SecurityTracker URL:  http://securitytracker.com/id/1040257
CVE Reference:   CVE-2017-3145   (Links to External Site)
Date:  Jan 22 2018
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1
Description:   A vulnerability was reported in BIND. A remote user can cause the target service to crash.

The system does not properly sequence cleanup operations for upstream recursion fetch contexts. A remote server can return specially crafted data to trigger a use-after-free memory error and cause the target named service to crash.

[Editor's note: The vendor indicates that there are no known exploit paths in the code prior to the fix for CVE-2017-3137.]

Jayachandran Palanisamy of Cygate AB reported this vulnerability.

Impact:   A remote user can cause the target service to crash.
Solution:   CentOS has issued a fix for CVE-2017-3145.

i386:
16546a3bcfb17612744cfae52543f033f581614711df25593b710e05ac62d358 bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm
9564a40809fe756d18182d5282d0b782ae9c8c46c246b7e16fbd80b10c506e13 bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm
c427252d3c3bb28dfceacda6083f66c7518baef89a3d8f918b72e5dd9f0fca81 bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm
ed3ea083717dfe370230b52f6663d371a112ef56d4639d12507c6585fb2898e9 bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
82f799f92b7e5bf1cec97c9d9132f80f32944136da6084cc5701aaff3d8be305 bind-sdb-9.8.2-0.62.rc1.el6_9.5.i686.rpm
c37ff5bf869289ac59e33afee025af8226696612bd9e19c6619c6fa45fc659cd bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm

x86_64:
f0b42ce72cc64fc9d26ab2ab836573f22424efdce568c4ac99ca8b995b0861cb bind-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
a3734c436e375d722ade2039060da327fbf4e2eec745648c62b550b293c62834 bind-chroot-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
c427252d3c3bb28dfceacda6083f66c7518baef89a3d8f918b72e5dd9f0fca81 bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm
59b0888132509e29ecf22b26d9b80b9391e979a29474c6dc8ab200470c7b0f2b bind-devel-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
ed3ea083717dfe370230b52f6663d371a112ef56d4639d12507c6585fb2898e9 bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
ccc5613716855d1452360ca272b5220d0d32cb3864a5ff04198e565151c1db81 bind-libs-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
d050af9ea68f9615fa7e5007bae75fb80206526956bff69e17d9da10dafcca5f bind-sdb-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
99c0e3d653953b8115d25bda7fb4fc521e82381ed5e3da41952b7c26c55e7c6c bind-utils-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm

Source:
10685cd21250d6c2c3c35255c6e1df64cf04fdd5b451e0c20cbc8c9e0cab7a7f bind-9.8.2-0.62.rc1.el6_9.5.src.rpm

x86_64:
52354f1c21e0e31c07b0485cacaa596a45ac785e3864a4ab459ab492583b25ed bind-9.9.4-51.el7_4.2.x86_64.rpm
738c69d25205fae7c95e7cec68228855fd21055d2be05a4435f502bae3bf1d47 bind-chroot-9.9.4-51.el7_4.2.x86_64.rpm
99bba7d7fcb5b59beb690248cf28b1faa27e3a0315cdac63187ec769ad1e7a1b bind-devel-9.9.4-51.el7_4.2.i686.rpm
bc59be11f0ab92c36f254a73b635a5ba3a216f853b7c3d135d2596cb12c168b3 bind-devel-9.9.4-51.el7_4.2.x86_64.rpm
53ab9a14849687dd25d152b09da2e98780e7f80d77d1f313ea66c2620d15ce9d bind-libs-9.9.4-51.el7_4.2.i686.rpm
b0da7b68cab2a8b62440b0732466106d34c048d529fe5a67dc0ef53c45a843d5 bind-libs-9.9.4-51.el7_4.2.x86_64.rpm
890fd4f8b30148dec19dc9a784468397c5e842cb4739e5ad59110deff81543c3 bind-libs-lite-9.9.4-51.el7_4.2.i686.rpm
ceb520d617b246d86413b41d7db76793042e66503253da0f561394fad24925a6 bind-libs-lite-9.9.4-51.el7_4.2.x86_64.rpm
48a0d4bf2ec286864ecb1a09ecc6166aa97270f59be10a7f1a7e4644a266ce40 bind-license-9.9.4-51.el7_4.2.noarch.rpm
e9c39e1374fe3f8fe619a2dd2865ab191f966bc69cee176b91240fb205f44ac6 bind-lite-devel-9.9.4-51.el7_4.2.i686.rpm
163bc6a709a94ac2514e9c3fea6a5eab1d24817e72d46e7ead98d9b02566f540 bind-lite-devel-9.9.4-51.el7_4.2.x86_64.rpm
5ee02ce313c503c3ca0d6ca44de5cdda77039bf5eafe02377acd9ddbe2be3f0c bind-pkcs11-9.9.4-51.el7_4.2.x86_64.rpm
7ce21afb8a8cb4ac1e44d2a769ffab4fc6743d7a411e3fe66a3b634aa3c6b1f2 bind-pkcs11-devel-9.9.4-51.el7_4.2.i686.rpm
714ad21a073a4f243824bf7825296c1e128d62b49040ce1e9bda5ade0d23c673 bind-pkcs11-devel-9.9.4-51.el7_4.2.x86_64.rpm
9458fe65aa33a40e7b7122b8a27eba7c8e38192bdb9d1555c8da746c548f7e80 bind-pkcs11-libs-9.9.4-51.el7_4.2.i686.rpm
0d324c234d10a295e0f32d14a037783f1e6ef850033194591f6ff8f1f89682bf bind-pkcs11-libs-9.9.4-51.el7_4.2.x86_64.rpm
b13fdcc7b37c3dd3ae4a1a025c8f705fa0fe06372d8e555c65f8a32b1dcc8934 bind-pkcs11-utils-9.9.4-51.el7_4.2.x86_64.rpm
a33046d7b454754d01f8c6dbf67305f9de60d8e99d830d0125ba29e7f8683b3a bind-sdb-9.9.4-51.el7_4.2.x86_64.rpm
f8fae28af5a0bc9df76b8bc250e2841b7d2a64adb7b241112866d49a25408411 bind-sdb-chroot-9.9.4-51.el7_4.2.x86_64.rpm
d1beefdc90e48c9f4fdb140af58d8b0d31041190e73f6493aee5e44ce54b383f bind-utils-9.9.4-51.el7_4.2.x86_64.rpm

Source:
4f4425cf224850518c6db3fed763eb8f68d769d4c5bcf35337ac494fe4493d66 bind-9.9.4-51.el7_4.2.src.rpm

Cause:   State error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Jan 16 2018 BIND Recursion Processing Error in 'netaddr.c' Lets Remote Users Cause the Target 'named' Service to Crash



 Source Message Contents

Subject:  [CentOS-announce] CESA-2018:0101 Important CentOS 6 bind Security Update


CentOS Errata and Security Advisory 2018:0101 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2018:0101

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
16546a3bcfb17612744cfae52543f033f581614711df25593b710e05ac62d358  bind-9.8.2-0.62.rc1.el6_9.5.i686.rpm
9564a40809fe756d18182d5282d0b782ae9c8c46c246b7e16fbd80b10c506e13  bind-chroot-9.8.2-0.62.rc1.el6_9.5.i686.rpm
c427252d3c3bb28dfceacda6083f66c7518baef89a3d8f918b72e5dd9f0fca81  bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm
ed3ea083717dfe370230b52f6663d371a112ef56d4639d12507c6585fb2898e9  bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
82f799f92b7e5bf1cec97c9d9132f80f32944136da6084cc5701aaff3d8be305  bind-sdb-9.8.2-0.62.rc1.el6_9.5.i686.rpm
c37ff5bf869289ac59e33afee025af8226696612bd9e19c6619c6fa45fc659cd  bind-utils-9.8.2-0.62.rc1.el6_9.5.i686.rpm

x86_64:
f0b42ce72cc64fc9d26ab2ab836573f22424efdce568c4ac99ca8b995b0861cb  bind-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
a3734c436e375d722ade2039060da327fbf4e2eec745648c62b550b293c62834  bind-chroot-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
c427252d3c3bb28dfceacda6083f66c7518baef89a3d8f918b72e5dd9f0fca81  bind-devel-9.8.2-0.62.rc1.el6_9.5.i686.rpm
59b0888132509e29ecf22b26d9b80b9391e979a29474c6dc8ab200470c7b0f2b  bind-devel-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
ed3ea083717dfe370230b52f6663d371a112ef56d4639d12507c6585fb2898e9  bind-libs-9.8.2-0.62.rc1.el6_9.5.i686.rpm
ccc5613716855d1452360ca272b5220d0d32cb3864a5ff04198e565151c1db81  bind-libs-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
d050af9ea68f9615fa7e5007bae75fb80206526956bff69e17d9da10dafcca5f  bind-sdb-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm
99c0e3d653953b8115d25bda7fb4fc521e82381ed5e3da41952b7c26c55e7c6c  bind-utils-9.8.2-0.62.rc1.el6_9.5.x86_64.rpm

Source:
10685cd21250d6c2c3c35255c6e1df64cf04fdd5b451e0c20cbc8c9e0cab7a7f  bind-9.8.2-0.62.rc1.el6_9.5.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC