Bug 1534812 (CVE-2017-3145) - CVE-2017-3145 bind: Improper fetch cleanup sequencing in the resolver can cause named to crash
Summary: CVE-2017-3145 bind: Improper fetch cleanup sequencing in the resolver can cau...
Status: CLOSED ERRATA
Alias: CVE-2017-3145
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=important,public=20180116,repo...
Keywords: Security
Depends On: 1435270 1535799 1535307 1535317 1535318 1535464 1535465 1545351 1550960 1550961 1550963 1550964 1550965 1550966
Blocks: 1534815
TreeView+ depends on / blocked
 
Reported: 2018-01-16 01:55 UTC by Sam Fowler
Modified: 2019-05-16 08:07 UTC (History)
14 users (show)

(edit)
A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.
Clone Of:
(edit)
Last Closed: 2018-03-12 21:44:59 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0101 normal SHIPPED_LIVE Important: bind security update 2018-01-22 14:31:41 UTC
Red Hat Product Errata RHSA-2018:0102 normal SHIPPED_LIVE Important: bind security update 2018-01-22 14:45:56 UTC
Red Hat Product Errata RHSA-2018:0487 normal SHIPPED_LIVE Important: bind security update 2018-03-13 00:43:50 UTC
Red Hat Product Errata RHSA-2018:0488 normal SHIPPED_LIVE Important: bind security update 2018-03-12 23:25:18 UTC

Description Sam Fowler 2018-01-16 01:55:11 UTC
Improper sequencing during cleanup operations of upstream recursion fetch contexts in BIND can lead to a use-after-free error, triggering an assertion failure and crash in named.

Affected BIND versions acting as DNSSEC validating resolvers are currently known to crash with an assertion failure in netaddr.c due to this bug.

External References:

https://kb.isc.org/article/AA-01542

Upstream Patches:

ftp://ftp.isc.org/isc/bind9/9.9.11-P1/patches/CVE-2017-3145
ftp://ftp.isc.org/isc/bind9/9.10.6-P1/patches/CVE-2017-3145
ftp://ftp.isc.org/isc/bind9/9.11.2-P1/patches/CVE-2017-3145

Comment 3 Sam Fowler 2018-01-17 05:43:44 UTC
Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1535307]

Comment 5 Dhiru Kholia 2018-01-17 06:14:43 UTC
Acknowledgments:

Name: ISC
Upstream: Jayachandran Palanisamy (Cygate AB)

Comment 11 errata-xmlrpc 2018-01-22 09:32:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0101

Comment 12 errata-xmlrpc 2018-01-22 09:46:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0102

Comment 20 errata-xmlrpc 2018-03-12 19:16:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Extended Update Support
  Red Hat Enterprise Linux 7.2 Advanced Update Support
  Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.2 Telco Extended Update Support

Via RHSA-2018:0488 https://access.redhat.com/errata/RHSA-2018:0488

Comment 21 errata-xmlrpc 2018-03-12 20:22:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6.7 Extended Update Support
  Red Hat Enterprise Linux 6.4 Advanced Update Support
  Red Hat Enterprise Linux 6.5 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Advanced Update Support
  Red Hat Enterprise Linux 6.6 Telco Extended Update Support

Via RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0487


Note You need to log in before you can comment on or make changes to this bug.