#VU5674 NULL pointer dereference in ISC BIND


Published: 2017-02-09 | Updated: 2017-02-10

Vulnerability identifier: #VU5674

Vulnerability risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-3135

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ISC BIND
Server applications / DNS servers

Vendor: ISC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference error when parsing DNS queries, if ISC BIND is configured with Response Policy Zones (RPZ) and DNS64 to rewrite query responses. A remote unauthenticated attacker can send specially crafted DNS queries, trigger NULL pointer dereference and cause denial of service.

Successful exploitation of the vulnerability will result in DoS attack against affected daemon.

Mitigation
Install the following versions to resolve this issue:

  • BIND 9 version 9.9.9-P6
  • BIND 9 version 9.10.4-P6
  • BIND 9 version 9.11.0-P3
  • BIND 9 version 9.9.9-S8

Vulnerable software versions

ISC BIND: 9.8.8 - 9.11.0b1

External links
http://kb.isc.org/article/AA-01453

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Unisphere Central
Gentoo update for BIND
Ubuntu update for Bind
Red Hat update for bind
NULL pointer dereference in bind (Alpine package)
Slackware Linux update for bind
Remote DoS in ISC BIND
Arch Linux update for bind