CVE-2017-3135 : Under some conditions when using both DNS64 and RPZ to rewrite query responses,

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Published 2019-01-16 20:29:00

Updated 2019-10-09 23:27:17

Source Internet Systems Consortium (ISC)

View at NVD, CVE.org

Products affected by CVE-2017-3135

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.0
cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.9.3
cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.9.8
cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.4 Update P2
cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.4 Update P3
cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.4 Update P1
cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.4 Update P4
cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.11.0 Update P1
cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.11.0
cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.9.3 Update S1
cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.9.9 Update S7
cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.11.1 Update Beta1
cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.9.9 Update P5
cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.4 Update P5
cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.11.0 Update P2
cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.9.10 Update Beta1
cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.5 Update Beta1
cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*
Matching versions
Netapp » Data Ontap Edge » Version: N/A
cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
Matching versions
Netapp » Element Software Management Node » Version: N/A
cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-3135

Top countries where our scanners detected CVE-2017-3135

Top open port discovered on systems with this issue 53

IPs affected by CVE-2017-3135 443

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-3135!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-3135

EPSS FAQ

35.73%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-3135

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.9	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H	2.2	3.6	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	Internet Systems Consortium (ISC)
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2017-3135

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-3135

https://www.debian.org/security/2017/dsa-3795

Debian -- Security Information -- DSA-3795-1 bind9
Third Party Advisory
https://kb.isc.org/docs/aa-01453

CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash - Security Advisories
Vendor Advisory
https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us

HPESBUX03747 rev.1 - HP-UX running BIND, Remote Denial of Service
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201708-01

BIND: Multiple vulnerabilities (GLSA 201708-01) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1037801

BIND RPZ and DNS64 State Error Lets Remote Users Cause the Target Service to Crash - SecurityTracker
Third Party Advisory;VDB Entry
https://security.netapp.com/advisory/ntap-20180926-0005/

February 2018 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2017-0276.html

RHSA-2017:0276 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://www.securityfocus.com/bid/96150

ISC BIND CVE-2017-3135 Remote Denial of Service Vulnerability
Third Party Advisory;VDB Entry