DNS: ISC BIND DNS64 and RPZ Query Processing Denial of Service

This signature detects attempts to exploit a known vulnerability against ISC BIND. A successful attack can result in a denial-of-service condition.

Extended Description

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

Affected Products

Netapp data_ontap_edge

References

CVE: CVE-2017-3135

Short Name
DNS:ISC-BIND-RPZ-DOS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
DNS
Keywords
BIND CVE-2017-3135 DNS64 Denial ISC Processing Query RPZ Service and of
Release Date
02/23/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Isc

Netapp

Debian

Redhat

CVSS Score

4.3

Found a potential security threat?