CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash

First published: Tue Jan 16 2018(Updated: )

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Credit: security-officer@isc.org

Affected Software	Affected Version	How to fix
debian/bind9		1:9.11.5.P4+dfsg-5.1+deb10u7 1:9.11.5.P4+dfsg-5.1+deb10u9 1:9.16.44-1~deb11u1 1:9.18.19-1~deb12u1 1:9.19.17-1
redhat/bind	<9.9.11	9.9.11
redhat/bind	<9.10.6	9.10.6
redhat/bind	<9.11.2	9.11.2
redhat/bind	<9.12.0	9.12.0
ISC BIND	>=9.4.0<=9.8.8
ISC BIND	>=9.9.0<=9.9.11
ISC BIND	>=9.10.0<=9.10.6
ISC BIND	>=9.11.0<=9.11.2
ISC BIND	=9.9.3-s1
ISC BIND	=9.9.11-s1
ISC BIND	=9.10.5-s1
ISC BIND	=9.10.6-s1
ISC BIND	=9.12.0-alpha1
ISC BIND	=9.12.0-b1
ISC BIND	=9.12.0-b2
ISC BIND	=9.12.0-rc1
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=6.4
Redhat Enterprise Linux Server Aus	=6.5
Redhat Enterprise Linux Server Aus	=6.6
Redhat Enterprise Linux Server Aus	=7.2
Redhat Enterprise Linux Server Aus	=7.3
Redhat Enterprise Linux Server Aus	=7.4
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Eus	=6.7
Redhat Enterprise Linux Server Eus	=7.3
Redhat Enterprise Linux Server Eus	=7.4
Redhat Enterprise Linux Server Eus	=7.5
Redhat Enterprise Linux Server Eus	=7.6
Redhat Enterprise Linux Server Tus	=6.6
Redhat Enterprise Linux Server Tus	=7.2
Redhat Enterprise Linux Server Tus	=7.3
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Workstation	=6.0
Redhat Enterprise Linux Workstation	=7.0
Debian Debian Linux	=7.0
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Netapp Data Ontap Edge
Juniper JUNOS	=12.1x46-d76
Juniper JUNOS	=12.3x48-d70
Juniper JUNOS	=15.1x49-d140
Juniper JUNOS	=17.4r2
Juniper JUNOS	=18.1r2
Juniper JUNOS	=18.2r1
Juniper Srx100
Juniper Srx110
Juniper Srx1400
Juniper Srx1500
Juniper Srx210
Juniper Srx220
Juniper Srx240
Juniper Srx240h2
Juniper Srx240m
Juniper Srx300
Juniper Srx320
Juniper Srx340
Juniper Srx3400
Juniper Srx345
Juniper Srx3600
Juniper Srx380
Juniper Srx4000
Juniper Srx4100
Juniper Srx4200
Juniper Srx4600
Juniper Srx5000
Juniper Srx5400
Juniper Srx550
Juniper Srx550 Hm
Juniper Srx550m
Juniper Srx5600
Juniper Srx5800
Juniper Srx650

Remedy

Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads. BIND 9 version 9.9.11-P1 BIND 9 version 9.10.6-P1 BIND 9 version 9.11.2-P1 BIND 9 version 9.12.0rc2 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. BIND 9 version 9.9.11-S2 BIND 9 version 9.10.6-S2

Never miss a vulnerability like this again

Reference Links

collector/security-tracker-debian
agent/type
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-3145
agent/software-canonical-lookup
agent/references
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/title
agent/remedy
agent/first-publish-date
agent/tags
agent/event
package-manager/debian
package-manager/redhat
vendor/isc
canonical/isc bind
version/isc bind/9.4.0
version/isc bind/9.8.8
version/isc bind/9.9.0
version/isc bind/9.9.11
version/isc bind/9.10.0
version/isc bind/9.10.6
version/isc bind/9.11.0
version/isc bind/9.11.2
version/isc bind/9.9.3-s1
version/isc bind/9.9.11-s1
version/isc bind/9.10.5-s1
version/isc bind/9.10.6-s1
version/isc bind/9.12.0-alpha1
version/isc bind/9.12.0-b1
version/isc bind/9.12.0-b2
version/isc bind/9.12.0-rc1
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/6.4
version/redhat enterprise linux server aus/6.5
version/redhat enterprise linux server aus/6.6
version/redhat enterprise linux server aus/7.2
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/6.7
version/redhat enterprise linux server eus/7.3
version/redhat enterprise linux server eus/7.4
version/redhat enterprise linux server eus/7.5
version/redhat enterprise linux server eus/7.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/6.6
version/redhat enterprise linux server tus/7.2
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/netapp
canonical/netapp data ontap edge
vendor/juniper
canonical/juniper junos
version/juniper junos/12.1x46-d76
version/juniper junos/12.3x48-d70
version/juniper junos/15.1x49-d140
version/juniper junos/17.4r2
version/juniper junos/18.1r2
version/juniper junos/18.2r1
canonical/juniper srx100
canonical/juniper srx110
canonical/juniper srx1400
canonical/juniper srx1500
canonical/juniper srx210
canonical/juniper srx220
canonical/juniper srx240
canonical/juniper srx240h2
canonical/juniper srx240m
canonical/juniper srx300
canonical/juniper srx320
canonical/juniper srx340
canonical/juniper srx3400
canonical/juniper srx345
canonical/juniper srx3600
canonical/juniper srx380
canonical/juniper srx4000
canonical/juniper srx4100
canonical/juniper srx4200
canonical/juniper srx4600
canonical/juniper srx5000
canonical/juniper srx5400
canonical/juniper srx550
canonical/juniper srx550 hm
canonical/juniper srx550m
canonical/juniper srx5600
canonical/juniper srx5800
canonical/juniper srx650

CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact