Bug 1033466 - (CVE-2017-3136) VUL-0: CVE-2017-3136: bind: synthesized records could cause assertion failure when using DNS64 with "break-dnssec yes;"
(CVE-2017-3136)
VUL-0: CVE-2017-3136: bind: synthesized records could cause assertion failure...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Navin Kukreja
Security Team bot
https://smash.suse.de/issue/183377/
CVSSv2:SUSE:CVE-2017-3136:2.6:(AV:N/A...
:
Depends on:
Blocks: 1033461
  Show dependency treegraph
 
Reported: 2017-04-11 07:18 UTC by Alexander Bergmann
Modified: 2020-09-24 14:55 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 5 Swamp Workflow Management 2017-04-13 04:10:00 UTC
SUSE-SU-2017:0998-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1020983,1033466,1033467,1033468,987866,989528
CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    bind-9.9.9P1-59.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    bind-9.9.9P1-59.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    bind-9.9.9P1-59.1
SUSE Linux Enterprise Server 12-SP2 (src):    bind-9.9.9P1-59.1
SUSE Linux Enterprise Server 12-SP1 (src):    bind-9.9.9P1-59.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    bind-9.9.9P1-59.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    bind-9.9.9P1-59.1
Comment 6 Swamp Workflow Management 2017-04-13 04:11:08 UTC
SUSE-SU-2017:0999-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1033466,1033467,1033468,987866,989528
CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    bind-9.9.9P1-28.34.1
SUSE Linux Enterprise Server 12-LTSS (src):    bind-9.9.9P1-28.34.1
Comment 7 Swamp Workflow Management 2017-04-13 04:12:11 UTC
SUSE-SU-2017:1000-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1033466,1033467,1033468,987866,989528
CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138
Sources used:
SUSE OpenStack Cloud 5 (src):    bind-9.9.6P1-0.44.1
SUSE Manager Proxy 2.1 (src):    bind-9.9.6P1-0.44.1
SUSE Manager 2.1 (src):    bind-9.9.6P1-0.44.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    bind-9.9.6P1-0.44.1
SUSE Linux Enterprise Server 11-SP4 (src):    bind-9.9.6P1-0.44.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    bind-9.9.6P1-0.44.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    bind-9.9.6P1-0.44.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    bind-9.9.6P1-0.44.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    bind-9.9.6P1-0.44.1
Comment 8 Marcus Meissner 2017-04-13 06:53:53 UTC
Please also submit fixes to openSUSE Leap and Factory now.
Comment 9 Marcus Meissner 2017-04-13 07:05:33 UTC
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
Author: Michael McNally Reference Number: AA-01465 Views: 1710 Created: 2017-04-12 14:00 Last Updated: 2017-04-12 22:41 	0 Rating/ Voters 	

CVE: 
CVE-2017-3136
Document Version: 
2.0
Posting date: 
12 April 2017
Program Impacted: 
BIND
Versions affected: 
9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8
Severity:
Medium, but only a risk to systems with specific configurations
Exploitable: 
Remotely

Description:

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate.

An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met.

Impact:

Servers are at risk if they are configured to use DNS64 and if the option "break-dnssec yes;" is in use.

CVSS Score:  5.9

CVSS Vector:  CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Workarounds:

Servers which have configurations which require DNS64 and "break-dnssec yes;" should upgrade.  Servers which are not using these features in conjunction are not at risk from this defect.

Active exploits:

No known active exploits.

Solution:  Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.

    BIND 9 version 9.9.9-P8
    BIND 9 version 9.10.4-P8
    BIND 9 version 9.11.0-P5

BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.

    BIND 9 version 9.9.9-S10

New maintenance releases of BIND are also scheduled which contain the fix for this vulnerability.  In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:

    BIND 9 version 9.9.10rc3
    BIND 9 version 9.10.5rc3
    BIND 9 version 9.11.1rc3

Acknowledgements: ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability.

Document Revision History:

1.0 Advance Notification 08 March 2017
1.1 Revised Publication Date; Added pre-releases to Versions Affected 20 March 2017
2.0 Public Announcement 12 April 2017
Comment 10 Marcus Meissner 2017-04-13 07:05:57 UTC
(Leap submission is not necessary, it takes the package from SLES. Only Factory is needed.)
Comment 12 Swamp Workflow Management 2017-04-19 19:09:35 UTC
openSUSE-SU-2017:1063-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1020983,1033466,1033467,1033468,987866,989528
CVE References: CVE-2016-2775,CVE-2016-6170,CVE-2017-3136,CVE-2017-3137,CVE-2017-3138
Sources used:
openSUSE Leap 42.2 (src):    bind-9.9.9P1-48.3.1
openSUSE Leap 42.1 (src):    bind-9.9.9P1-51.1
Comment 13 Marcus Meissner 2017-07-04 13:11:19 UTC
released