Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2017-833
HistoryMay 30, 2017 - 11:49 p.m.

Important: bind

2017-05-3023:49:00
alas.aws.amazon.com
6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

58.4%

JSON

Issue Overview:

A denial of service flaw was found in the way BIND handled DNSSEC validation.
A remote attacker could use this flaw to make named exit unexpectedly with an
assertion failure via a specially crafted DNS response. (CVE-2017-3139)

Affected Packages:

bind

Issue Correction:
Run yum update bind to update your system.

New Packages:

i686:  
    bind-libs-9.8.2-0.62.rc1.55.amzn1.i686  
    bind-9.8.2-0.62.rc1.55.amzn1.i686  
    bind-utils-9.8.2-0.62.rc1.55.amzn1.i686  
    bind-chroot-9.8.2-0.62.rc1.55.amzn1.i686  
    bind-debuginfo-9.8.2-0.62.rc1.55.amzn1.i686  
    bind-sdb-9.8.2-0.62.rc1.55.amzn1.i686  
    bind-devel-9.8.2-0.62.rc1.55.amzn1.i686  
  
src:  
    bind-9.8.2-0.62.rc1.55.amzn1.src  
  
x86_64:  
    bind-chroot-9.8.2-0.62.rc1.55.amzn1.x86_64  
    bind-sdb-9.8.2-0.62.rc1.55.amzn1.x86_64  
    bind-libs-9.8.2-0.62.rc1.55.amzn1.x86_64  
    bind-debuginfo-9.8.2-0.62.rc1.55.amzn1.x86_64  
    bind-devel-9.8.2-0.62.rc1.55.amzn1.x86_64  
    bind-utils-9.8.2-0.62.rc1.55.amzn1.x86_64  
    bind-9.8.2-0.62.rc1.55.amzn1.x86_64

Additional References

Red Hat: CVE-2017-3139

Mitre: CVE-2017-3139

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686bind-libs< 9.8.2-0.62.rc1.55.amzn1bind-libs-9.8.2-0.62.rc1.55.amzn1.i686.rpm
Amazon Linux1i686bind< 9.8.2-0.62.rc1.55.amzn1bind-9.8.2-0.62.rc1.55.amzn1.i686.rpm
Amazon Linux1i686bind-utils< 9.8.2-0.62.rc1.55.amzn1bind-utils-9.8.2-0.62.rc1.55.amzn1.i686.rpm
Amazon Linux1i686bind-chroot< 9.8.2-0.62.rc1.55.amzn1bind-chroot-9.8.2-0.62.rc1.55.amzn1.i686.rpm
Amazon Linux1i686bind-debuginfo< 9.8.2-0.62.rc1.55.amzn1bind-debuginfo-9.8.2-0.62.rc1.55.amzn1.i686.rpm
Amazon Linux1i686bind-sdb< 9.8.2-0.62.rc1.55.amzn1bind-sdb-9.8.2-0.62.rc1.55.amzn1.i686.rpm
Amazon Linux1i686bind-devel< 9.8.2-0.62.rc1.55.amzn1bind-devel-9.8.2-0.62.rc1.55.amzn1.i686.rpm
Amazon Linux1x86_64bind-chroot< 9.8.2-0.62.rc1.55.amzn1bind-chroot-9.8.2-0.62.rc1.55.amzn1.x86_64.rpm
Amazon Linux1x86_64bind-sdb< 9.8.2-0.62.rc1.55.amzn1bind-sdb-9.8.2-0.62.rc1.55.amzn1.x86_64.rpm
Amazon Linux1x86_64bind-libs< 9.8.2-0.62.rc1.55.amzn1bind-libs-9.8.2-0.62.rc1.55.amzn1.x86_64.rpm
Rows per page:
1-10 of 141

Related

oraclelinux 1
nessus 9
centos 1
veracode 1
openvas 3
prion 1
f5 1
redhat 2
debiancve 1
cve 1
redhatcve 2
ubuntucve 1
debian 1
ibm 3
oraclelinux
oraclelinux
bind security update
2017-05-08 00:00:00
nessus
nessus
Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20170508)
2017-05-09 00:00:00
RHEL 6 : bind (RHSA-2017:1202)
2017-05-09 00:00:00
CentOS 6 : bind (CESA-2017:1202)
2017-05-10 00:00:00
centos
centos
bind security update
2017-05-09 16:58:21
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:16:36
openvas
openvas
RedHat Update for bind RHSA-2017:1202-01
2017-05-09 00:00:00
CentOS Update for bind CESA-2017:1202 centos6
2017-05-10 00:00:00
Debian: Security Advisory (DLA-1285-1)
2018-02-20 00:00:00
prion
prion
Design/Logic Flaw
2019-04-09 18:29:00
f5
f5
K34701020 : BIND vulnerability CVE-2017-3139
2017-07-28 00:00:00
redhat
redhat
(RHSA-2017:1202) Important: bind security update
2017-05-08 05:57:05
(RHSA-2017:1582) Important: bind security and bug fix update
2017-06-28 07:45:28
debiancve
debiancve
CVE-2017-3139
2019-04-09 18:29:00
cve
cve
CVE-2017-3139
2019-04-09 18:29:00
redhatcve
redhatcve
CVE-2017-3139
2017-05-08 05:49:21
CVE-2018-5735
2020-04-08 05:00:16
ubuntucve
ubuntucve
CVE-2017-3139
2019-04-09 00:00:00
debian
debian
[SECURITY] [DLA 1285-1] bind9 security update
2018-02-16 21:33:13
ibm
ibm
Security Bulletin: Multiple vulnerabilities in OpenSource ISC Bind affects IBM Netezza Host Management
2019-10-18 03:10:29
Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console
2021-09-23 01:45:02
Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry
2020-07-19 00:49:12

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

58.4%

JSON
Related for ALAS-2017-833
oraclelinux1nessus9centos1veracode1openvas3prion1f51redhat2debiancve1cve1redhatcve2ubuntucve1debian1ibm3