fkie_cve-2017-3138
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 03:24
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
References
security-officer@isc.orghttp://www.securityfocus.com/bid/97657Third Party Advisory, VDB Entry
security-officer@isc.orghttp://www.securitytracker.com/id/1038260Third Party Advisory, VDB Entry
security-officer@isc.orghttps://kb.isc.org/docs/aa-01471Vendor Advisory
security-officer@isc.orghttps://security.gentoo.org/glsa/201708-01Third Party Advisory
security-officer@isc.orghttps://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
security-officer@isc.orghttps://www.debian.org/security/2017/dsa-3854Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97657Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038260Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/aa-01471Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201708-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-3854Third Party Advisory
Impacted products
Vendor Product Version
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.10
isc bind 9.9.10
isc bind 9.9.10
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.5
isc bind 9.10.5
isc bind 9.10.5
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.1
isc bind 9.11.1
isc bind 9.11.1
netapp data_ontap_edge -
netapp element_software -
netapp oncommand_balance -
debian debian_linux 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECB4D34-0D20-46C5-A389-0296EF60E795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*",
              "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*",
              "matchCriteriaId": "03215B90-9860-4CB4-B7D2-3DF045B129EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*",
              "matchCriteriaId": "88335D70-E98B-469E-A2E7-1958EB5F10DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*",
              "matchCriteriaId": "795DA9EE-489D-402E-8427-C9E3650BA1E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*",
              "matchCriteriaId": "012A3C08-2A0F-4168-9DE0-F609707E4C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*",
              "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*",
              "matchCriteriaId": "0387826C-AE6B-44C8-9888-4088CF66D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*",
              "matchCriteriaId": "21FBF6B7-BA47-46AC-B7EB-3A3A2E985BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*",
              "matchCriteriaId": "7132A53F-7DF2-4B79-AC86-75A0C73843B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BFF50431-599D-40DD-A2B3-30A6D5652FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E76DCB3-8063-415D-A774-9191E69E6980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "060E10B1-5501-4BD0-A148-B04C56D499F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*",
              "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1CD813E5-0C4A-4B55-A1B9-9C5C6C2504D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6658F26D-C088-4470-8AFD-58BB54201C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4E654717-4EF6-4397-A637-A9789CD5D1D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9."
    },
    {
      "lang": "es",
      "value": "named contiene una caracter\u00edstica que permite que los operadores env\u00ede comandos a un servidor en ejecuci\u00f3n comunic\u00e1ndose con el proceso del servidor mediante un canal de control utilizando un programa como rndc.  Una regresi\u00f3n empleada en un cambio de caracter\u00edsticas reciente ha creado una situaci\u00f3n en la cual algunas versiones de named pueden cerrarse con un error de aserci\u00f3n de REQUIRE si se le env\u00eda una cadena de comandos null. Afecta a BIND desde la versi\u00f3n 9.9.9 hasta la 9.9.9-P7, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc2, desde la versi\u00f3n 9.10.4 hasta la 9.10.4-P7, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.11.0 hasta la 9.11.0-P4, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc2 y desde la versi\u00f3n 9.9.9-S1 hasta 9.9.9-S9."
    }
  ],
  "id": "CVE-2017-3138",
  "lastModified": "2024-11-21T03:24:54.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T20:29:00.407",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97657"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038260"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01471"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.