NULL pointer dereference in bind (Alpine package)

1) NULL pointer dereference

EUVDB-ID: #VU5674

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3135

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error when parsing DNS queries, if ISC BIND is configured with Response Policy Zones (RPZ) and DNS64 to rewrite query responses. A remote unauthenticated attacker can send specially crafted DNS queries, trigger NULL pointer dereference and cause denial of service.

Successful exploitation of the vulnerability will result in DoS attack against affected daemon.

Mitigation

Install update from vendor's website.

Vulnerable software versions

bind (Alpine package): 9.9.4-r0 - 9.10.4_p5-r1

External links

http://git.alpinelinux.org/aports/commit/?id=278a530682c0799cf3e11c862c4f1bce93c287e9
http://git.alpinelinux.org/aports/commit/?id=4b1031da5b9b58a8ce717525c1f7c02ff6492bc8
http://git.alpinelinux.org/aports/commit/?id=e17bafa50e9eeee62e3e85f3556bf4b27975193f
http://git.alpinelinux.org/aports/commit/?id=06c3f236b8d2710090432f26aa433531f943fa71
http://git.alpinelinux.org/aports/commit/?id=2006965010ab8e8b86d6a88029681fef1a75f7b6

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.