CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash
First published: Tue Jan 16 2018(Updated: )
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/bind9 | 1:9.11.5.P4+dfsg-5.1+deb10u7 1:9.11.5.P4+dfsg-5.1+deb10u9 1:9.16.44-1~deb11u1 1:9.18.19-1~deb12u1 1:9.19.17-1 | |
| redhat/bind | <9.9.11 | 9.9.11 |
| redhat/bind | <9.10.6 | 9.10.6 |
| redhat/bind | <9.11.2 | 9.11.2 |
| redhat/bind | <9.12.0 | 9.12.0 |
| BIND 9 | >=9.4.0<=9.8.8 | |
| BIND 9 | >=9.9.0<=9.9.11 | |
| BIND 9 | >=9.10.0<=9.10.6 | |
| BIND 9 | >=9.11.0<=9.11.2 | |
| BIND 9 | =9.9.3-s1 | |
| BIND 9 | =9.9.11-s1 | |
| BIND 9 | =9.10.5-s1 | |
| BIND 9 | =9.10.6-s1 | |
| BIND 9 | =9.12.0-alpha1 | |
| BIND 9 | =9.12.0-b1 | |
| BIND 9 | =9.12.0-b2 | |
| BIND 9 | =9.12.0-rc1 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux desktop | =7.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server | =7.0 | |
| redhat enterprise Linux server aus | =6.4 | |
| redhat enterprise Linux server aus | =6.5 | |
| redhat enterprise Linux server aus | =6.6 | |
| redhat enterprise Linux server aus | =7.2 | |
| redhat enterprise Linux server aus | =7.3 | |
| redhat enterprise Linux server aus | =7.4 | |
| redhat enterprise Linux server aus | =7.6 | |
| redhat enterprise Linux server eus | =6.7 | |
| redhat enterprise Linux server eus | =7.3 | |
| redhat enterprise Linux server eus | =7.4 | |
| redhat enterprise Linux server eus | =7.5 | |
| redhat enterprise Linux server eus | =7.6 | |
| redhat enterprise Linux server tus | =6.6 | |
| redhat enterprise Linux server tus | =7.2 | |
| redhat enterprise Linux server tus | =7.3 | |
| redhat enterprise Linux server tus | =7.6 | |
| redhat enterprise Linux workstation | =6.0 | |
| redhat enterprise Linux workstation | =7.0 | |
| Debian GNU/Linux | =7.0 | |
| Debian GNU/Linux | =8.0 | |
| Debian GNU/Linux | =9.0 | |
| NetApp Data ONTAP Edge | ||
| Juniper JUNOS | =12.1x46-d76 | |
| Juniper JUNOS | =12.3x48-d70 | |
| Juniper JUNOS | =15.1x49-d140 | |
| Juniper JUNOS | =17.4r2 | |
| Juniper JUNOS | =18.1r2 | |
| Juniper JUNOS | =18.2r1 | |
| Juniper SRX100 | ||
| Juniper SRX110 | ||
| Juniper SRX1400 | ||
| Juniper SRX1500 | ||
| Juniper SRX210 | ||
| Juniper SRX220 | ||
| Juniper SRX240 | ||
| Juniper SRX240H2 | ||
| Juniper SRX240M | ||
| Juniper SRX300 | ||
| Juniper SRX320 | ||
| Juniper SRX340 | ||
| Juniper SRX3400 | ||
| Juniper SRX345 | ||
| Juniper SRX3600 | ||
| Juniper SRX380 | ||
| Juniper SRX4000 | ||
| Juniper SRX4100 | ||
| Juniper SRX4200 | ||
| Juniper SRX4600 | ||
| Juniper SRX5000 | ||
| Juniper SRX5400 | ||
| Juniper SRX550 | ||
| Juniper SRX550 | ||
| Juniper SRX550 | ||
| juniper srx5600 | ||
| Juniper SRX5800 | ||
| Juniper SRX650 |
Remedy
Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads. BIND 9 version 9.9.11-P1 BIND 9 version 9.10.6-P1 BIND 9 version 9.11.2-P1 BIND 9 version 9.12.0rc2 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. BIND 9 version 9.9.11-S2 BIND 9 version 9.10.6-S2
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/102716
- http://www.securitytracker.com/id/1040195
- https://access.redhat.com/errata/RHSA-2018:0101
- https://access.redhat.com/errata/RHSA-2018:0102
- https://access.redhat.com/errata/RHSA-2018:0487
- https://access.redhat.com/errata/RHSA-2018:0488
- https://kb.isc.org/docs/aa-01542
- https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html
- https://security.netapp.com/advisory/ntap-20180117-0003/
- https://supportportal.juniper.net/s/article/2018-07-Security-Bulletin-SRX-Series-Vulnerabilities-in-ISC-BIND-named
- https://www.debian.org/security/2018/dsa-4089
- https://kb.isc.org/article/AA-01542
- https://bugzilla.redhat.com/show_bug.cgi/ftp:/ftp.isc.org/isc/bind9/9.9.11-P1/patches/CVE-2017-3145
- https://bugzilla.redhat.com/show_bug.cgi/ftp:/ftp.isc.org/isc/bind9/9.10.6-P1/patches/CVE-2017-3145
- https://bugzilla.redhat.com/show_bug.cgi/ftp:/ftp.isc.org/isc/bind9/9.11.2-P1/patches/CVE-2017-3145
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1535307
- https://bugzilla.redhat.com/show_bug.cgi?id=1534812
- https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d
- https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=55baf7d7e25c0e6444cb7e415f14d9e0819b5508
- https://security-tracker.debian.org/tracker/CVE-2017-3145
Frequently Asked Questions
What is the severity of CVE-2017-3145?
CVE-2017-3145 is classified as a high severity vulnerability due to its potential to cause assertion failures and crashes in BIND.
How do I fix CVE-2017-3145?
To fix CVE-2017-3145, update BIND to the latest patched version as specified by your operating system provider.
What versions of BIND are affected by CVE-2017-3145?
CVE-2017-3145 affects BIND versions 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, and 9.10.0 to 9.10.6 among others.
Is CVE-2017-3145 a use-after-free vulnerability?
Yes, CVE-2017-3145 is a use-after-free vulnerability which can lead to crashes of the BIND service.
How can I verify if my system is vulnerable to CVE-2017-3145?
You can verify vulnerability to CVE-2017-3145 by checking the BIND version installed on your system against the affected versions list.
- collector/security-tracker-debian
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2017-3145
- agent/software-canonical-lookup
- agent/references
- agent/author
- agent/weakness
- agent/description
- agent/severity
- agent/title
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- package-manager/redhat
- vendor/isc
- canonical/bind 9
- version/bind 9/9.4.0
- version/bind 9/9.8.8
- version/bind 9/9.9.0
- version/bind 9/9.9.11
- version/bind 9/9.10.0
- version/bind 9/9.10.6
- version/bind 9/9.11.0
- version/bind 9/9.11.2
- version/bind 9/9.9.3-s1
- version/bind 9/9.9.11-s1
- version/bind 9/9.10.5-s1
- version/bind 9/9.10.6-s1
- version/bind 9/9.12.0-alpha1
- version/bind 9/9.12.0-b1
- version/bind 9/9.12.0-b2
- version/bind 9/9.12.0-rc1
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.4
- version/redhat enterprise linux server aus/6.5
- version/redhat enterprise linux server aus/6.6
- version/redhat enterprise linux server aus/7.2
- version/redhat enterprise linux server aus/7.3
- version/redhat enterprise linux server aus/7.4
- version/redhat enterprise linux server aus/7.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/6.7
- version/redhat enterprise linux server eus/7.3
- version/redhat enterprise linux server eus/7.4
- version/redhat enterprise linux server eus/7.5
- version/redhat enterprise linux server eus/7.6
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/6.6
- version/redhat enterprise linux server tus/7.2
- version/redhat enterprise linux server tus/7.3
- version/redhat enterprise linux server tus/7.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/7.0
- version/debian gnu/linux/8.0
- version/debian gnu/linux/9.0
- vendor/netapp
- canonical/netapp data ontap edge
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.1x46-d76
- version/juniper junos/12.3x48-d70
- version/juniper junos/15.1x49-d140
- version/juniper junos/17.4r2
- version/juniper junos/18.1r2
- version/juniper junos/18.2r1
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx240h2
- canonical/juniper srx240m
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx380
- canonical/juniper srx4000
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx4600
- canonical/juniper srx5000
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650