Vulnerability Description
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | 9.9.9 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 6.2 |
| Redhat | Enterprise Linux Server Eus | 6.7 |
| Redhat | Enterprise Linux Server Tus | 6.5 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Netapp | Data Ontap Edge | - |
| Netapp | Element Software | - |
| Netapp | Oncommand Balance | - |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/97651Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038258Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040195Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1095Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:1105Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:1582Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:1583Third Party Advisory
- https://kb.isc.org/docs/aa-01466Vendor Advisory
- https://security.gentoo.org/glsa/201708-01Third Party Advisory
- https://security.netapp.com/advisory/ntap-20180802-0002/Third Party Advisory
- https://www.debian.org/security/2017/dsa-3854Third Party Advisory
- http://www.securityfocus.com/bid/97651Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038258Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040195Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1095Third Party Advisory
FAQ
What is CVE-2017-3137?
CVE-2017-3137 is a vulnerability with a CVSS score of 7.5 (HIGH). Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion ...
How severe is CVE-2017-3137?
CVE-2017-3137 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-3137?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Aus, Redhat Enterprise Linux Server Eus.