Quantcast

bind9 CVE-2017-3137

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

bind9 CVE-2017-3137

Adrian Minta-3
Hi,
one of my servers crashed twice in the last 24 hours:

Apr 20 14:51:22 SRV named[37412]: resolver.c:4350: INSIST(fctx->type ==
((dns_rdatatype_t)dns_rdatatype_any) || fctx->type == ((dns_rda
tatype_t)dns_rdatatype_rrsig) || fctx->type ==
((dns_rdatatype_t)dns_rdatatype_sig)) failed, back trace
Apr 20 14:51:22 SRV named[37412]: #0 0x7f9bde355a00 in ??
Apr 20 14:51:22 SRV named[37412]: #1 0x7f9bdc5318ea in ??
Apr 20 14:51:22 SRV named[37412]: #2 0x7f9bddc1714e in ??
Apr 20 14:51:22 SRV named[37412]: #3 0x7f9bdc553d5b in ??
Apr 20 14:51:22 SRV named[37412]: #4 0x7f9bdbf04064 in ??
Apr 20 14:51:22 SRV named[37412]: #5 0x7f9bdb8d262d in ??
Apr 20 14:51:22 SRV named[37412]: exiting (due to assertion failure)

I suspect CVE-2017-3137 for this:
https://security-tracker.debian.org/tracker/CVE-2017-3137

# dpkg -l | grep bind9
ii  bind9 1:9.9.5.dfsg-9+deb8u10             amd64        Internet
Domain Name Server
ii  bind9-host 1:9.9.5.dfsg-9+deb8u10             amd64        Version
of 'host' bundled with BIND 9.X
ii  bind9utils 1:9.9.5.dfsg-9+deb8u10             amd64        Utilities
for BIND
ii  libbind9-90 1:9.9.5.dfsg-9+deb8u10             amd64        BIND9
Shared Library used by BIND


Any info or workaround for this vulnerability ?


Loading...