ID CVE-2018-5742
Summary While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.9.4-65:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.4-65:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.4-72:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.4-72:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
redhat via4
advisories
bugzilla
id 1655844
title CVE-2018-5742 bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment bind is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194025
      • comment bind is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651006
    • AND
      • comment bind-chroot is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194013
      • comment bind-chroot is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651014
    • AND
      • comment bind-devel is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194009
      • comment bind-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651016
    • AND
      • comment bind-libs is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194019
      • comment bind-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651012
    • AND
      • comment bind-libs-lite is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194027
      • comment bind-libs-lite is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767022
    • AND
      • comment bind-license is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194031
      • comment bind-license is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767032
    • AND
      • comment bind-lite-devel is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194015
      • comment bind-lite-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767028
    • AND
      • comment bind-pkcs11 is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194029
      • comment bind-pkcs11 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767024
    • AND
      • comment bind-pkcs11-devel is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194017
      • comment bind-pkcs11-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767030
    • AND
      • comment bind-pkcs11-libs is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194023
      • comment bind-pkcs11-libs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767014
    • AND
      • comment bind-pkcs11-utils is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194005
      • comment bind-pkcs11-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767010
    • AND
      • comment bind-sdb is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194021
      • comment bind-sdb is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651010
    • AND
      • comment bind-sdb-chroot is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194011
      • comment bind-sdb-chroot is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20171767016
    • AND
      • comment bind-utils is earlier than 32:9.9.4-73.el7_6
        oval oval:com.redhat.rhsa:tst:20190194007
      • comment bind-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20170651008
rhsa
id RHSA-2019:0194
released 2019-01-29
severity Moderate
title RHSA-2019:0194: bind security update (Moderate)
rpms
  • bind-32:9.9.4-73.el7_6
  • bind-chroot-32:9.9.4-73.el7_6
  • bind-devel-32:9.9.4-73.el7_6
  • bind-libs-32:9.9.4-73.el7_6
  • bind-libs-lite-32:9.9.4-73.el7_6
  • bind-license-32:9.9.4-73.el7_6
  • bind-lite-devel-32:9.9.4-73.el7_6
  • bind-pkcs11-32:9.9.4-73.el7_6
  • bind-pkcs11-devel-32:9.9.4-73.el7_6
  • bind-pkcs11-libs-32:9.9.4-73.el7_6
  • bind-pkcs11-utils-32:9.9.4-73.el7_6
  • bind-sdb-32:9.9.4-73.el7_6
  • bind-sdb-chroot-32:9.9.4-73.el7_6
  • bind-utils-32:9.9.4-73.el7_6
Last major update 30-10-2019 - 14:58
Published 30-10-2019 - 14:15
Last modified 07-11-2019 - 18:33
Back to Top