CVE-2017-3135

Summary

CVE	CVE-2017-3135
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-01-16 20:29:00 UTC
Updated	2019-10-09 23:27:00 UTC
Description	Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Isc	Bind	9.10.0	All	All	All
Application	Isc	Bind	9.10.4	p1	All	All
Application	Isc	Bind	9.10.4	p2	All	All
Application	Isc	Bind	9.10.4	p3	All	All
Application	Isc	Bind	9.10.4	p4	All	All
Application	Isc	Bind	9.10.4	p5	All	All
Application	Isc	Bind	9.10.5	beta1	All	All
Application	Isc	Bind	9.11.0	All	All	All
Application	Isc	Bind	9.11.0	p1	All	All
Application	Isc	Bind	9.11.0	p2	All	All
Application	Isc	Bind	9.11.1	beta1	All	All
Application	Isc	Bind	9.9.10	beta1	All	All
Application	Isc	Bind	9.9.3	All	All	All
Application	Isc	Bind	9.9.3	s1	All	All
Application	Isc	Bind	9.9.8	All	All	All
Application	Isc	Bind	9.9.9	p5	All	All
Application	Isc	Bind	9.9.9	s7	All	All
Application	Isc	Bind	9.10.0	All	All	All
Application	Isc	Bind	9.10.4	p1	All	All
Application	Isc	Bind	9.10.4	p2	All	All
Application	Isc	Bind	9.10.4	p3	All	All
Application	Isc	Bind	9.10.4	p4	All	All
Application	Isc	Bind	9.10.4	p5	All	All
Application	Isc	Bind	9.10.5	beta1	All	All
Application	Isc	Bind	9.11.0	All	All	All
Application	Isc	Bind	9.11.0	p1	All	All
Application	Isc	Bind	9.11.0	p2	All	All
Application	Isc	Bind	9.11.1	beta1	All	All
Application	Isc	Bind	9.9.10	beta1	All	All
Application	Isc	Bind	9.9.3	All	All	All
Application	Isc	Bind	9.9.3	s1	All	All
Application	Isc	Bind	9.9.8	All	All	All
Application	Isc	Bind	9.9.9	p5	All	All
Application	Isc	Bind	9.9.9	s7	All	All
Application	Netapp	Data Ontap Edge	-	All	All	All
Application	Netapp	Data Ontap Edge	-	All	All	All
Application	Netapp	Element Software Management Node	-	All	All	All
Application	Netapp	Element Software Management Node	-	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.5	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.4	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.5	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.3	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.6	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All

References

Reference	Source	Link	Tags
ISC BIND CVE-2017-3135 Remote Denial of Service Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
BIND RPZ and DNS64 State Error Lets Remote Users Cause the Target Service to Crash - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Third Party Advisory
Document Display \| HPE Support Center	CONFIRM	h20566.www2.hpe.com	Third Party Advisory
Debian -- Security Information -- DSA-3795-1 bind9	DEBIAN	www.debian.org	Third Party Advisory
February 2018 ISC BIND Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
Security Advisories-CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash	CONFIRM	kb.isc.org	Vendor Advisory
BIND: Multiple vulnerabilities (GLSA 201708-01) — Gentoo Security	GENTOO	security.gentoo.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: ISC would like to thank Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox) for reporting the issue and assisting us in the investigation.

Legacy QID Mappings

378111 Virtuozzo Linux Security Update for bind-pkcs11-utils (VZLSA-2017:0276)
710473 Gentoo Linux BIND Multiple Vulnerabilities (GLSA 201708-01)