Unrated severityNVD Advisory· Published Jan 16, 2019· Updated Sep 16, 2024
named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
CVE-2017-3138
Description
named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
Affected products
37- osv-coords36 versionspkg:apk/chainguard/bindpkg:apk/chainguard/bind-devpkg:apk/chainguard/bind-dnssec-rootpkg:apk/chainguard/bind-dnssec-toolspkg:apk/chainguard/bind-docpkg:apk/chainguard/bind-libspkg:apk/chainguard/bind-pluginspkg:apk/chainguard/bind-toolspkg:apk/wolfi/bindpkg:apk/wolfi/bind-devpkg:apk/wolfi/bind-dnssec-rootpkg:apk/wolfi/bind-dnssec-toolspkg:apk/wolfi/bind-docpkg:apk/wolfi/bind-libspkg:apk/wolfi/bind-pluginspkg:apk/wolfi/bind-toolspkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Manager%202.1pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%205
< 0+ 35 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-28.34.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.9P1-28.34.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- ISC/BIND 9v5Range: 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- security.gentoo.org/glsa/201708-01mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2017/dsa-3854mitrevendor-advisoryx_refsource_DEBIAN
- www.securityfocus.com/bid/97657mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1038260mitrevdb-entryx_refsource_SECTRACK
- kb.isc.org/docs/aa-01471mitrex_refsource_CONFIRM
- security.netapp.com/advisory/ntap-20180802-0002/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.