ID CVE-2018-5742
Summary While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.9.4-65:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.4-65:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.9.4-72:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.9.4-72:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 07-11-2019 - 18:33)
Impact:
Exploitability:
CWE CWE-617
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1655844
title CVE-2018-5742 bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment bind is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194001
        • comment bind is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651002
      • AND
        • comment bind-chroot is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194003
        • comment bind-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651004
      • AND
        • comment bind-devel is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194005
        • comment bind-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651006
      • AND
        • comment bind-libs is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194007
        • comment bind-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651008
      • AND
        • comment bind-libs-lite is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194009
        • comment bind-libs-lite is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767010
      • AND
        • comment bind-license is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194011
        • comment bind-license is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767012
      • AND
        • comment bind-lite-devel is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194013
        • comment bind-lite-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767014
      • AND
        • comment bind-pkcs11 is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194015
        • comment bind-pkcs11 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767016
      • AND
        • comment bind-pkcs11-devel is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194017
        • comment bind-pkcs11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767018
      • AND
        • comment bind-pkcs11-libs is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194019
        • comment bind-pkcs11-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767020
      • AND
        • comment bind-pkcs11-utils is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194021
        • comment bind-pkcs11-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767022
      • AND
        • comment bind-sdb is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194023
        • comment bind-sdb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651010
      • AND
        • comment bind-sdb-chroot is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194025
        • comment bind-sdb-chroot is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20171767026
      • AND
        • comment bind-utils is earlier than 32:9.9.4-73.el7_6
          oval oval:com.redhat.rhsa:tst:20190194027
        • comment bind-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20170651012
rhsa
id RHSA-2019:0194
released 2019-01-29
severity Moderate
title RHSA-2019:0194: bind security update (Moderate)
rpms
  • bind-32:9.9.4-73.el7_6
  • bind-chroot-32:9.9.4-73.el7_6
  • bind-debuginfo-32:9.9.4-73.el7_6
  • bind-devel-32:9.9.4-73.el7_6
  • bind-libs-32:9.9.4-73.el7_6
  • bind-libs-lite-32:9.9.4-73.el7_6
  • bind-license-32:9.9.4-73.el7_6
  • bind-lite-devel-32:9.9.4-73.el7_6
  • bind-pkcs11-32:9.9.4-73.el7_6
  • bind-pkcs11-devel-32:9.9.4-73.el7_6
  • bind-pkcs11-libs-32:9.9.4-73.el7_6
  • bind-pkcs11-utils-32:9.9.4-73.el7_6
  • bind-sdb-32:9.9.4-73.el7_6
  • bind-sdb-chroot-32:9.9.4-73.el7_6
  • bind-utils-32:9.9.4-73.el7_6
refmap via4
confirm https://access.redhat.com/security/cve/cve-2018-5742
Last major update 07-11-2019 - 18:33
Published 30-10-2019 - 14:15
Last modified 07-11-2019 - 18:33
Back to Top