ID CVE-2018-5736
Summary An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.
References
Vulnerable Configurations
  • cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:N/I:N/A:P
refmap via4
bid 104386
confirm
sectrack 1040941
Last major update 03-10-2019 - 00:03
Published 16-01-2019 - 20:29
Back to Top