CVE-2017-3138

EPSS 18.55%
Published 16.01.2019 20:29:00
Last modified 21.11.2024 03:24:54
Source security-officer@isc.org
Teams watchlist Login
Open Login

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.

Affected products Warnungen 0 Metrics 4 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Isc ≫ Bind Version9.9.9

Isc ≫ Bind Version9.9.9 Updatep1

Isc ≫ Bind Version9.9.9 Updatep2

Isc ≫ Bind Version9.9.9 Updatep3

Isc ≫ Bind Version9.9.9 Updatep4

Isc ≫ Bind Version9.9.9 Updatep5

Isc ≫ Bind Version9.9.9 Updatep6

Isc ≫ Bind Version9.9.9 Updatep7

Isc ≫ Bind Version9.9.9 Updates1

Isc ≫ Bind Version9.9.9 Updates7

Isc ≫ Bind Version9.9.10 Updatebeta1

Isc ≫ Bind Version9.9.10 Updaterc1

Isc ≫ Bind Version9.9.10 Updaterc2

Isc ≫ Bind Version9.10.4

Isc ≫ Bind Version9.10.4 Updatep1

Isc ≫ Bind Version9.10.4 Updatep2

Isc ≫ Bind Version9.10.4 Updatep3

Isc ≫ Bind Version9.10.4 Updatep4

Isc ≫ Bind Version9.10.4 Updatep5

Isc ≫ Bind Version9.10.4 Updatep6

Isc ≫ Bind Version9.10.4 Updatep7

Isc ≫ Bind Version9.10.5 Updateb1

Isc ≫ Bind Version9.10.5 Updaterc1

Isc ≫ Bind Version9.10.5 Updaterc2

Isc ≫ Bind Version9.11.0

Isc ≫ Bind Version9.11.0 Updatep1

Isc ≫ Bind Version9.11.0 Updatep2

Isc ≫ Bind Version9.11.0 Updatep3

Isc ≫ Bind Version9.11.0 Updatep4

Isc ≫ Bind Version9.11.1 Updateb1

Isc ≫ Bind Version9.11.1 Updaterc1

Isc ≫ Bind Version9.11.1 Updaterc2

Netapp ≫ Data Ontap Edge Version-

Netapp ≫ Element Software Version-

Netapp ≫ Oncommand Balance Version-

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	18.55%	0.949

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P
security-officer@isc.org	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://security.gentoo.org/glsa/201708-01

Third Party Advisory

https://security.netapp.com/advisory/ntap-20180802-0002/

Third Party Advisory

https://www.debian.org/security/2017/dsa-3854

Third Party Advisory

http://www.securityfocus.com/bid/97657

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1038260

Third Party Advisory

VDB Entry