Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2018-5741
HistoryJan 16, 2019 - 12:00 a.m.

CVE-2018-5741

2019-01-1600:00:00
ubuntu.com
ubuntu.com
7

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON

To provide fine-grained controls over the ability to use Dynamic DNS (DDNS)
to update records in a zone, BIND 9 provides a feature called
update-policy. Various rules can be configured to limit the types of
updates that can be performed by a client, depending on the key used when
sending the update request. Unfortunately, some rule types were not
initially documented, and when documentation for them was added to the
Administrator Reference Manual (ARM) in change #3112, the language that was
added to the ARM at that time incorrectly described the behavior of two
rule types, krb5-subdomain and ms-subdomain. This incorrect documentation
could mislead operators into believing that policies they had configured
were more restrictive than they actually were. This affects BIND versions
prior to BIND 9.11.5 and BIND 9.12.3.

Notes

Author Note
mdeslaur per the ISC advisory: “At the present time, ISC is not providing any code changing the behavior of the update-policy feature.” deferring for now to see if the policy will change documentation changes went into 9.11.5 we will not be changing the documentation in our stable releases
OSVersionArchitecturePackageVersionFilename
ubuntu19.04noarchbind9< 1:9.11.5.P1+dfsg-1ubuntu2UNKNOWN

Related

alpinelinux 1
amazon 2
openvas 14
nessus 28
debiancve 1
nvd 1
cve 1
veracode 1
f5 1
cloudlinux 1
ibm 4
redhatcve 1
osv 1
cvelist 1
centos 1
cisa 1
prion 1
fedora 3
oraclelinux 2
redhat 1
gentoo 1
rosalinux 1
suse 2
alpinelinux
alpinelinux
CVE-2018-5741
2019-01-16 20:29:01
amazon
amazon
Medium: bind
2019-04-04 21:42:00
Medium: bind
2019-04-04 19:13:00
openvas
openvas
ISC BIND Policies Vulnerability (CVE-2018-5741) - Windows
2021-09-06 00:00:00
ISC BIND Policies Vulnerability (CVE-2018-5741) - Linux
2021-09-06 00:00:00
Fedora Update for bind FEDORA-2018-f22b937f52
2018-10-05 00:00:00
nessus
nessus
ISC BIND 9.x.x < 9.11.5 / 9.12.x < 9.12.3 Policy-Bypass Record Update Vulnerability
2018-11-28 00:00:00
Amazon Linux 2 : bind (ALAS-2019-1187)
2019-04-18 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Vulnerability (NS-SA-2019-0232)
2019-12-31 00:00:00
debiancve
debiancve
CVE-2018-5741
2019-01-16 20:29:01
nvd
nvd
CVE-2018-5741
2019-01-16 20:29:01
cve
cve
CVE-2018-5741
2019-01-16 20:29:01
veracode
veracode
Authorization Bypass
2019-08-08 00:07:41
f5
f5
K04713734 : BIND vulnerability CVE-2018-5741
2018-10-15 00:00:00
cloudlinux
cloudlinux
Fixed CVE-2018-5741 in bind
2022-07-11 17:39:56
ibm
ibm
Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5741
2019-12-18 14:26:38
Security Bulletin: A vulnerability in ISC BIND affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2018-5741)
2023-01-12 21:59:00
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System
2020-11-10 10:16:40
redhatcve
redhatcve
CVE-2018-5741
2020-04-02 08:32:24
osv
osv
CVE-2018-5741
2019-01-16 20:29:01
cvelist
cvelist
CVE-2018-5741 Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation
2018-09-19 00:00:00
centos
centos
bind security update
2019-08-30 02:35:20
cisa
cisa
ISC Releases Security Advisory for BIND
2018-09-19 00:00:00
prion
prion
Design/Logic Flaw
2019-01-16 20:29:00
fedora
fedora
[SECURITY] Fedora 29 Update: bind-9.11.4-10.P2.fc29
2018-10-02 19:36:09
[SECURITY] Fedora 28 Update: bind-9.11.4-10.P2.fc28
2018-10-04 20:33:54
[SECURITY] Fedora 27 Update: bind-9.11.4-3.P2.fc27
2018-10-14 23:30:38
oraclelinux
oraclelinux
bind security update
2022-02-03 00:00:00
bind security, bug fix, and enhancement update
2019-08-13 00:00:00
redhat
redhat
(RHSA-2019:2057) Moderate: bind security, bug fix, and enhancement update
2019-08-06 07:56:21
gentoo
gentoo
BIND: Multiple vulnerabilities
2019-03-14 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1803
2021-07-02 16:31:31
suse
suse
Security update for bind (moderate)
2020-10-20 00:00:00
Security update for bind (moderate)
2020-10-19 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON
Related for UB:CVE-2018-5741
alpinelinux1amazon2openvas14nessus28debiancve1nvd1cve1veracode1f51cloudlinux1ibm4redhatcve1osv1cvelist1centos1cisa1prion1fedora3oraclelinux2redhat1gentoo1rosalinux1suse2