ISC BIND announced CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash

by CIRT Team

Description: CVE-2017-3145 is a denial-of-service vector which can potentially be exploited against ISC BIND servers, causing them to crash. The underlying flaw has existed since BIND 9.0.0 but is not known to be reachable in any version prior to those containing the fix for CVE-2017-3137 [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1], and then only when acting as DNSSEC validating resolvers.

Impact: An attacker can exploit this issue to cause denial-of-service conditions.

Mitigation: Updates are available. Please see the references or vendor advisory for more information.

Reference URL’s:

• https://kb.isc.org/article/AA-01542
• https://www.securityfocus.com/bid/102716/info

CIRT Team