CVE-2017-3140: An error processing RPZ rules can cause named to loop endlessly after handling a query
First published: Wed Jan 16 2019(Updated: )
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ISC BIND | >=9.11.0<=9.11.1 | |
| ISC BIND | =9.9.10 | |
| ISC BIND | =9.9.10-s1 | |
| ISC BIND | =9.10.5 | |
| ISC BIND | =9.10.5-s1 | |
| Netapp Data Ontap Edge | ||
| Netapp Element Software | ||
| NetApp OnCommand Balance |
Remedy
Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads. BIND 9 version 9.9.10-P1 BIND 9 version 9.10.5-P1 BIND 9 version 9.11.1-P1 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. BIND 9 version 9.9.10-S2 BIND 9 version 9.10.5-S2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/99088
- http://www.securitytracker.com/id/1038692
- https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us
- https://kb.isc.org/docs/aa-01495
- https://security.gentoo.org/glsa/201708-01
- https://security.netapp.com/advisory/ntap-20180926-0001/
Frequently Asked Questions
What is CVE-2017-3140?
CVE-2017-3140 is a vulnerability in BIND, affecting versions 9.9.10, 9.10.5, and 9.11.0 to 9.11.1.
What is the severity of CVE-2017-3140?
CVE-2017-3140 has a severity rating of 5.9, which is considered medium.
How does CVE-2017-3140 affect BIND?
CVE-2017-3140 can cause BIND to enter an endless loop while handling a query, if named is configured to use Response Policy Zones (RPZ).
Which software versions are affected by CVE-2017-3140?
CVE-2017-3140 affects BIND versions 9.9.10, 9.10.5, and 9.11.0 to 9.11.1.
How can I fix CVE-2017-3140?
To fix CVE-2017-3140, it is recommended to upgrade to a patched version of BIND.
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/remedy
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/isc
- canonical/isc bind
- version/isc bind/9.11.0
- version/isc bind/9.11.1
- version/isc bind/9.9.10
- version/isc bind/9.9.10-s1
- version/isc bind/9.10.5
- version/isc bind/9.10.5-s1
- vendor/netapp
- canonical/netapp data ontap edge
- canonical/netapp element software
- canonical/netapp oncommand balance