CVE-2017-3138

Published Jan 16, 2019

Last updated 5 years ago

CVSS medium 5.3

Overview

Description: named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
Source: security-officer@isc.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 3.6
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-617

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AECB4D34-0D20-46C5-A389-0296EF60E795"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03215B90-9860-4CB4-B7D2-3DF045B129EB"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88335D70-E98B-469E-A2E7-1958EB5F10DA"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795DA9EE-489D-402E-8427-C9E3650BA1E2"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "012A3C08-2A0F-4168-9DE0-F609707E4C2E"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BDE2752-E5CD-4AE6-A404-2C209F942B7A"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0387826C-AE6B-44C8-9888-4088CF66D78C"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21FBF6B7-BA47-46AC-B7EB-3A3A2E985BFD"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7132A53F-7DF2-4B79-AC86-75A0C73843B4"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C8F0163-FF32-44E0-B05C-F89263CD56A7"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94C0C9FC-5CCF-4AD7-8D83-7B579102F7E7"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFF50431-599D-40DD-A2B3-30A6D5652FFA"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E76DCB3-8063-415D-A774-9191E69E6980"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E253BD9F-25B8-42E7-BEAB-E843381ED155"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B5E42E5-27C6-4D6F-B7DC-903B10BF2017"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E211374-A4F5-41D4-A89E-E6522E9D0DFB"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21CC7BA7-6D75-4561-ACF3-F1F61A0CBA62"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70586A2A-AA52-48F5-B2B0-390CA77807E8"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "060E10B1-5501-4BD0-A148-B04C56D499F3"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C5A0370-9490-40CC-84E8-EEE95A6F233B"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEC78396-4667-4A45-8DBD-0D0C2AAE1549"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CD813E5-0C4A-4B55-A1B9-9C5C6C2504D4"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3160C5ED-75EA-47B2-998E-EDFC46B37DDA"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "086C327B-DF9F-4D4E-A538-1E29FEDC34C5"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1440B408-76B6-4FA7-899D-E28049A37704"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D50373F-C1C4-4EC9-B94F-854C3444717D"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6658F26D-C088-4470-8AFD-58BB54201C87"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A923D26C-3BE1-492E-99CF-1BB14D8A6388"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEA791E2-27E0-49C5-9823-0C57647C788F"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E654717-4EF6-4397-A637-A9789CD5D1D6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED"
          },
          {
            "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63"
          },
          {
            "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References