#VU7091 Improper input validation in ISC BIND - CVE-2017-3140

Cybersecurity Help s.r.o.

Published: 2017-06-15 | Updated: 2017-06-15

Vulnerability identifier: #VU7091

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-3140

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ISC BIND
Server applications / DNS servers

Vendor: ISC

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing Response Policy Zones (RPZ) rules, when NSDNAME or NSIP policy rules are used. A remote attacker can trigger the affected server to enter an endless loop and repeatedly query a set of authoritative nameservers.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service attack.

Mitigation
Update to version 9.9.10-P1, 9.10.5-P1 or 9.11.1-P1.

Vulnerable software versions

ISC BIND: 9.9.10-S1 - 9.11.1

External links
https://kb.isc.org/article/AA-01495/74/CVE-2017-3140%3A-An-error-processing-RPZ-rules-can-cause-name...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Gentoo update for BIND

Improper input validation in bind (Alpine package)

Remote DoS when processing RPZ rules in ISC BIND

Slackware Linux update for bind

Arch Linux update for bind