Project

General

Profile

Bug #6829

Bug #6827: bind: Combination of DNS64 and RPZ Can Lead to Crash (CVE-2017-3135)

[3.5] bind: Combination of DNS64 and RPZ Can Lead to Crash (CVE-2017-3135)

Added by Alicha CH about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
02/09/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an
inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer.

Affected versions:

9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1

Fixed in:

BIND 9 version 9.9.9-P6
BIND 9 version 9.10.4-P6
BIND 9 version 9.11.0-P3

Reference:

https://kb.isc.org/article/AA-01453

Associated revisions

Revision 20069650 (diff)
Added by Sergei Lukin about 2 years ago

main/bind: security upgrade to 9.10.4_p6 - fixes #6829

CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash

History

#1 Updated by Sergei Lukin about 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH about 2 years ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF