Bug 1534812 (CVE-2017-3145)

Summary: CVE-2017-3145 bind: Improper fetch cleanup sequencing in the resolver can cause named to crash
Product: [Other] Security Response Reporter: Sam Fowler <sfowler>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: apmukher, chorn, dkholia, dmoppert, mbliss, mruprich, msehnout, pemensik, ravpatil, security-response-team, thozza, vonsch, yozone, zdohnal
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: bind 9.9.11-P1, bind 9.10.6-P1, bind 9.10.6-S2, bind 9.11.2-P1, bind 9.9.11-S2, bind 9.12.0rc2 Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-12 21:44:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1435270, 1535307, 1535317, 1535318, 1535464, 1535465, 1535799, 1545351, 1550960, 1550961, 1550963, 1550964, 1550965, 1550966    
Bug Blocks: 1534815    

Description Sam Fowler 2018-01-16 01:55:11 UTC 
Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named.

Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in netaddr.c due to this bug.

External References:

https://kb.isc.org/article/AA-01542

Upstream Patches:

ftp://ftp.isc.org/isc/bind9/9.9.11-P1/patches/CVE-2017-3145
ftp://ftp.isc.org/isc/bind9/9.10.6-P1/patches/CVE-2017-3145
ftp://ftp.isc.org/isc/bind9/9.11.2-P1/patches/CVE-2017-3145
Comment 3 Sam Fowler 2018-01-17 05:43:44 UTC 
Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1535307]
Comment 5 Dhiru Kholia 2018-01-17 06:14:43 UTC 
Acknowledgments:

Name: ISC
Upstream: Jayachandran Palanisamy (Cygate AB)
Comment 11 errata-xmlrpc 2018-01-22 09:32:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0101
Comment 12 errata-xmlrpc 2018-01-22 09:46:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0102
Comment 20 errata-xmlrpc 2018-03-12 19:16:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:0488 https://access.redhat.com/errata/RHSA-2018:0488
Comment 21 errata-xmlrpc 2018-03-12 20:22:56 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0487