FKIE_CVE-2017-3138

Vulnerability from fkie_nvd - Published: 2019-01-16 20:29 - Updated: 2024-11-21 03:24
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
References
security-officer@isc.orghttp://www.securityfocus.com/bid/97657Third Party Advisory, VDB Entry
security-officer@isc.orghttp://www.securitytracker.com/id/1038260Third Party Advisory, VDB Entry
security-officer@isc.orghttps://kb.isc.org/docs/aa-01471Vendor Advisory
security-officer@isc.orghttps://security.gentoo.org/glsa/201708-01Third Party Advisory
security-officer@isc.orghttps://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
security-officer@isc.orghttps://www.debian.org/security/2017/dsa-3854Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97657Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038260Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/aa-01471Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201708-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-3854Third Party Advisory
Impacted products
Vendor Product Version
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.9
isc bind 9.9.10
isc bind 9.9.10
isc bind 9.9.10
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.4
isc bind 9.10.5
isc bind 9.10.5
isc bind 9.10.5
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.0
isc bind 9.11.1
isc bind 9.11.1
isc bind 9.11.1
netapp data_ontap_edge -
netapp element_software -
netapp oncommand_balance -
debian debian_linux 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AECB4D34-0D20-46C5-A389-0296EF60E795",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*",
              "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*",
              "matchCriteriaId": "03215B90-9860-4CB4-B7D2-3DF045B129EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*",
              "matchCriteriaId": "88335D70-E98B-469E-A2E7-1958EB5F10DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*",
              "matchCriteriaId": "795DA9EE-489D-402E-8427-C9E3650BA1E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*",
              "matchCriteriaId": "012A3C08-2A0F-4168-9DE0-F609707E4C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*",
              "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*",
              "matchCriteriaId": "0387826C-AE6B-44C8-9888-4088CF66D78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*",
              "matchCriteriaId": "21FBF6B7-BA47-46AC-B7EB-3A3A2E985BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*",
              "matchCriteriaId": "7132A53F-7DF2-4B79-AC86-75A0C73843B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "BFF50431-599D-40DD-A2B3-30A6D5652FFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E76DCB3-8063-415D-A774-9191E69E6980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*",
              "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*",
              "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*",
              "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*",
              "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*",
              "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*",
              "matchCriteriaId": "060E10B1-5501-4BD0-A148-B04C56D499F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*",
              "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "1CD813E5-0C4A-4B55-A1B9-9C5C6C2504D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "6658F26D-C088-4470-8AFD-58BB54201C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "4E654717-4EF6-4397-A637-A9789CD5D1D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9-\u003e9.9.9-P7, 9.9.10b1-\u003e9.9.10rc2, 9.10.4-\u003e9.10.4-P7, 9.10.5b1-\u003e9.10.5rc2, 9.11.0-\u003e9.11.0-P4, 9.11.1b1-\u003e9.11.1rc2, 9.9.9-S1-\u003e9.9.9-S9."
    },
    {
      "lang": "es",
      "value": "named contiene una caracter\u00edstica que permite que los operadores env\u00ede comandos a un servidor en ejecuci\u00f3n comunic\u00e1ndose con el proceso del servidor mediante un canal de control utilizando un programa como rndc.  Una regresi\u00f3n empleada en un cambio de caracter\u00edsticas reciente ha creado una situaci\u00f3n en la cual algunas versiones de named pueden cerrarse con un error de aserci\u00f3n de REQUIRE si se le env\u00eda una cadena de comandos null. Afecta a BIND desde la versi\u00f3n 9.9.9 hasta la 9.9.9-P7, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc2, desde la versi\u00f3n 9.10.4 hasta la 9.10.4-P7, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.11.0 hasta la 9.11.0-P4, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc2 y desde la versi\u00f3n 9.9.9-S1 hasta 9.9.9-S9."
    }
  ],
  "id": "CVE-2017-3138",
  "lastModified": "2024-11-21T03:24:54.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T20:29:00.407",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97657"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038260"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01471"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/97657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1038260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201708-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-3854"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.