{"containers": {"cna": {"affected": [{"product": "BIND 9", "vendor": "ISC", "versions": [{"status": "affected", "version": "9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9"}]}], "credits": [{"lang": "en", "value": "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention."}], "datePublic": "2017-03-12T00:00:00", "descriptions": [{"lang": "en", "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key. Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them. In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel. Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server. The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"name": "1038260", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038260"}, {"name": "97657", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97657"}, {"name": "GLSA-201708-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201708-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"}, {"name": "DSA-3854", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3854"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/aa-01471"}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"}], "source": {"discovery": "UNKNOWN"}, "title": "named exits with a REQUIRE assertion failure if it receives a null command string on its control channel", "workarounds": [{"lang": "en", "value": "None. However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2017-03-12T00:00:00.000Z", "ID": "CVE-2017-3138", "STATE": "PUBLIC", "TITLE": "named exits with a REQUIRE assertion failure if it receives a null command string on its control channel"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIND 9", "version": {"version_data": [{"version_value": "9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9"}]}}]}, "vendor_name": "ISC"}]}}, "credit": [{"lang": "eng", "value": "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key. Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them. In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel. Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server. The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution."}]}]}, "references": {"reference_data": [{"name": "1038260", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038260"}, {"name": "97657", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97657"}, {"name": "GLSA-201708-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201708-01"}, {"name": "https://security.netapp.com/advisory/ntap-20180802-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"}, {"name": "DSA-3854", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3854"}, {"name": "https://kb.isc.org/docs/aa-01471", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01471"}]}, "solution": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"}], "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "None. However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:16:28.221Z"}, "title": "CVE Program Container", "references": [{"name": "1038260", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1038260"}, {"name": "97657", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/97657"}, {"name": "GLSA-201708-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201708-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"}, {"name": "DSA-3854", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2017/dsa-3854"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/docs/aa-01471"}]}]}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2017-3138", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2016-12-02T00:00:00", "dateUpdated": "2024-09-16T22:40:54.323Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "AECB4D34-0D20-46C5-A389-0296EF60E795", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*", "matchCriteriaId": "03215B90-9860-4CB4-B7D2-3DF045B129EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", "matchCriteriaId": "88335D70-E98B-469E-A2E7-1958EB5F10DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*", "matchCriteriaId": "795DA9EE-489D-402E-8427-C9E3650BA1E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "matchCriteriaId": "012A3C08-2A0F-4168-9DE0-F609707E4C2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*", "matchCriteriaId": "0387826C-AE6B-44C8-9888-4088CF66D78C", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "matchCriteriaId": "21FBF6B7-BA47-46AC-B7EB-3A3A2E985BFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "matchCriteriaId": "7132A53F-7DF2-4B79-AC86-75A0C73843B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "BFF50431-599D-40DD-A2B3-30A6D5652FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*", "matchCriteriaId": "3E76DCB3-8063-415D-A774-9191E69E6980", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*", "matchCriteriaId": "060E10B1-5501-4BD0-A148-B04C56D499F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "1CD813E5-0C4A-4B55-A1B9-9C5C6C2504D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*", "matchCriteriaId": "6658F26D-C088-4470-8AFD-58BB54201C87", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "4E654717-4EF6-4397-A637-A9789CD5D1D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9."}, {"lang": "es", "value": "named contiene una caracter\u00edstica que permite que los operadores env\u00ede comandos a un servidor en ejecuci\u00f3n comunic\u00e1ndose con el proceso del servidor mediante un canal de control utilizando un programa como rndc. Una regresi\u00f3n empleada en un cambio de caracter\u00edsticas reciente ha creado una situaci\u00f3n en la cual algunas versiones de named pueden cerrarse con un error de aserci\u00f3n de REQUIRE si se le env\u00eda una cadena de comandos null. Afecta a BIND desde la versi\u00f3n 9.9.9 hasta la 9.9.9-P7, desde la versi\u00f3n 9.9.10b1 hasta la 9.9.10rc2, desde la versi\u00f3n 9.10.4 hasta la 9.10.4-P7, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.10.5b1 hasta la 9.10.5rc2, desde la versi\u00f3n 9.11.0 hasta la 9.11.0-P4, desde la versi\u00f3n 9.11.1b1 hasta la 9.11.1rc2 y desde la versi\u00f3n 9.9.9-S1 hasta 9.9.9-S9."}], "id": "CVE-2017-3138", "lastModified": "2019-10-09T23:27:17.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2019-01-16T20:29:00.407", "references": [{"source": "security-officer@isc.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97657"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038260"}, {"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/aa-01471"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201708-01"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3854"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Mike Lalumiere (Dyn) as the original reporter.", "bugzilla": {"description": "bind: REQUIRE assertion failure when null command string on control channel is received", "id": "1441137", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441137"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-617", "details": ["named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.", "A denial of service flaw was found in the way BIND processed control channel commands. A remote attacker with access to the BIND control channel could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted command."], "name": "CVE-2017-3138", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "bind97", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2017-04-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-3138\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-3138\nhttps://kb.isc.org/article/AA-01471"], "statement": "This issue does not affect bind as shipped with Red Hat Enterprise Linux 5, 6 and 7 as it does not contain the affected code.", "threat_severity": "Moderate", "upstream_fix": "bind 9.9.9-P8, bind 9.10.4-P8, bind 9.11.0-P5"}