{"id":4684,"date":"2018-01-18T00:40:00","date_gmt":"2018-01-17T23:40:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=4684"},"modified":"2019-01-31T13:37:54","modified_gmt":"2019-01-31T12:37:54","slug":"bind-vulnerability-cve-2017-3145-can-crash-name","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/01\/18\/bind-vulnerability-cve-2017-3145-can-crash-name\/","title":{"rendered":"BIND vulnerability (CVE-2017-3145) can crash name"},"content":{"rendered":"

[German<\/a>]A vulnerability in BIND (performing DNS resolutions) may cause the named<\/em> daemon to crash. Here are some information about the vulnerability, that since 2000. <\/p>\n

<\/p>\n

I don't know if someone of my blog readers runs an own BIND server with this open source software<\/a>, because Microsoft Windows is using its own BIND implementation for DNS servers. The issue may affect administrators in corporate environments, running ICS BIND. <\/p>\n

\n

According to Wikipedia BIND<\/a> (Berkeley Internet Name Domain Server) <\/i>is the most widely used Domain Name System (DNS) software on the Internet. On Unix-like operating systems it is the de facto<\/i> standard.<\/p>\n<\/blockquote>\n

On January 16, 2018 the article CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash<\/a> has been published. The CVE is saying, BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts. This is  leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. It seems that the bug in BIND is present since 2000, as The Register wrote here<\/a>. <\/p>\n

While this bug has existed in BIND since 9.0.0, there are no known code paths leading to it in ISC releases prior to those containing the fix for CVE-2017-3137.  Thus while all instances of BIND ought to be patched, only ISC versions [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1] acting as DNSSEC validating resolvers are currently known to crash due to this bug.  The known crash is an assertion failure in netaddr.c<\/em>. Further details may be obtained from CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]A vulnerability in BIND (performing DNS resolutions) may cause the named daemon to crash. Here are some information about the vulnerability, that since 2000.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-4684","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4684","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=4684"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/4684\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=4684"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=4684"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=4684"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}