CVE-2017-3138

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.

Published : 2019-01-16 20:29 Updated : 2019-10-09 23:27

3.5
CVSS Score More info
Score 3.5 / 10
3.5
Vendor Product Version URI
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p1
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p2
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p3
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p4
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p5
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p6
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:p7
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:s1
Isc Bind 9.9.9 cpe:/a:isc:bind:9.9.9:s7
Isc Bind 9.9.10 cpe:/a:isc:bind:9.9.10:beta1
Isc Bind 9.9.10 cpe:/a:isc:bind:9.9.10:rc1
Isc Bind 9.9.10 cpe:/a:isc:bind:9.9.10:rc2
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p1
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p2
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p3
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p4
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p5
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p6
Isc Bind 9.10.4 cpe:/a:isc:bind:9.10.4:p7
Isc Bind 9.10.5 cpe:/a:isc:bind:9.10.5:b1
Isc Bind 9.10.5 cpe:/a:isc:bind:9.10.5:rc1
Isc Bind 9.10.5 cpe:/a:isc:bind:9.10.5:rc2
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0:p1
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0:p2
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0:p3
Isc Bind 9.11.0 cpe:/a:isc:bind:9.11.0:p4
Isc Bind 9.11.1 cpe:/a:isc:bind:9.11.1:b1
Isc Bind 9.11.1 cpe:/a:isc:bind:9.11.1:rc1
Isc Bind 9.11.1 cpe:/a:isc:bind:9.11.1:rc2
Netapp Data Ontap Edge - cpe:/a:netapp:data_ontap_edge:-
Netapp Element Software - cpe:/a:netapp:element_software:-
Netapp Oncommand Balance - cpe:/a:netapp:oncommand_balance:-
Debian Debian Linux 8.0 cpe:/o:debian:debian_linux:8.0
  1. Isc (1) Search CVE
    1. Bind (6) Search CVE
      1. 9.9.9
      2. 9.9.10
      3. 9.10.4
      4. 9.10.5
      5. 9.11.0
      6. 9.11.1
  2. Netapp (3) Search CVE
    1. Oncommand Balance (1) Search CVE
      1. -
    2. Element Software (1) Search CVE
      1. -
    3. Data Ontap Edge (1) Search CVE
      1. -
  3. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 8.0

CWE

ID Name Description Links
CWE-617 Reachable Assertion The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. CVE

History of changes

Date Event
2019-10-03 00:03
2019-02-11 19:44
2019-01-17 11:29
2019-01-16 20:29

New CVE