Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2017-3138
Description:named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.
Test IDs: 1.3.6.1.4.1.25623.1.0.851537   1.3.6.1.4.1.25623.1.0.810978   1.3.6.1.4.1.25623.1.0.810977   1.3.6.1.4.1.25623.1.0.890957   1.3.6.1.4.1.25623.1.1.4.2017.1000.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2017-3138
BugTraq ID: 97657
http://www.securityfocus.com/bid/97657
Debian Security Information: DSA-3854 (Google Search)
https://www.debian.org/security/2017/dsa-3854
https://security.gentoo.org/glsa/201708-01
http://www.securitytracker.com/id/1038260




© 1998-2024 E-Soft Inc. All rights reserved.