Lucene search

[email protected]CVE-2018-5740

HistoryJan 16, 2019 - 8:29 p.m.

CVE-2018-5740

2019-01-1620:29:01

CWE-617

[email protected]

web.nvd.nist.gov

668

cve

2018

5740

bind

deny-answer-aliases

dns rebinding attacks

security

assertion failure

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.944 High

EPSS

Percentile

99.2%

JSON

“deny-answer-aliases” is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Affected configurations

NVD

Node

iscbindRange9.7.0–9.8.8

iscbindRange9.9.0–9.9.13

iscbindRange9.10.0–9.10.8

iscbindRange9.11.0–9.11.4

iscbindRange9.12.0–9.12.2

iscbindRange9.13.0–9.13.2

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

netappdata_ontap_edgeMatch-

Node

canonicalubuntu_linuxMatch12.04esm

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

canonicalubuntu_linuxMatch18.04lts

Node

hphp-uxMatch-

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

opensuseleapMatch42.3

CPENameOperatorVersion
isc:bindisc bindlt9.8.8
isc:bindisc bindlt9.9.13
isc:bindisc bindlt9.10.8
isc:bindisc bindlt9.11.4
isc:bindisc bindlt9.12.2
isc:bindisc bindlt9.13.2

CPE	Name	Operator	Version
isc:bind	isc bind	lt	9.8.8
isc:bind	isc bind	lt	9.9.13
isc:bind	isc bind	lt	9.10.8
isc:bind	isc bind	lt	9.11.4
isc:bind	isc bind	lt	9.12.2
isc:bind	isc bind	lt	9.13.2

CNA Affected

[
  {
    "product": "BIND 9",
    "vendor": "ISC",
    "versions": [
      {
        "status": "affected",
        "version": "BIND 9  9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2"
      }
    ]
  }
]