Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
DNS:ISC-BIND-RPZ-DOS |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
DNS |
Keywords |
ISC BIND DNS64 and RPZ Query Processing Denial of Service |
Release Date |
2017/02/22 |
Update Number |
2832 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
DNS: ISC BIND DNS64 and RPZ Query Processing Denial of Service
This signature detects attempts to exploit a known vulnerability against ISC BIND. A successful attack can result in a denial-of-service condition.
Extended Description
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
Affected Products
- Debian debian_linux 8.0
- Debian debian_linux 9.0
- Isc bind 9.10.0
- Isc bind 9.10.4
- Isc bind 9.10.5
- Isc bind 9.11.0
- Isc bind 9.11.1
- Isc bind 9.9.10
- Isc bind 9.9.3
- Isc bind 9.9.8
- Isc bind 9.9.9
- Netapp data_ontap_edge -
- Netapp element_software_management_node -
- Redhat enterprise_linux_desktop 7.0
- Redhat enterprise_linux_server 7.0
- Redhat enterprise_linux_server_aus 7.3
- Redhat enterprise_linux_server_aus 7.4
- Redhat enterprise_linux_server_aus 7.6
- Redhat enterprise_linux_server_eus 7.3
- Redhat enterprise_linux_server_eus 7.4
- Redhat enterprise_linux_server_eus 7.5
- Redhat enterprise_linux_server_eus 7.6
- Redhat enterprise_linux_server_tus 7.3
- Redhat enterprise_linux_server_tus 7.6
- Redhat enterprise_linux_workstation 7.0
References
- CVE: CVE-2017-3135