CVE-2018-5737
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.
References
▼ | URL | Tags | |
---|---|---|---|
security-officer@isc.org | http://www.securityfocus.com/bid/104236 | Third Party Advisory, VDB Entry | |
security-officer@isc.org | http://www.securitytracker.com/id/1040942 | Third Party Advisory, VDB Entry | |
security-officer@isc.org | https://kb.isc.org/docs/aa-01606 | Vendor Advisory | |
security-officer@isc.org | https://security.netapp.com/advisory/ntap-20180926-0004/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104236 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040942 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://kb.isc.org/docs/aa-01606 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180926-0004/ | Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:40:51.188Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "104236", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104236" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.isc.org/docs/aa-01606" }, { "name": "1040942", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040942" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "BIND 9", "vendor": "ISC", "versions": [ { "status": "affected", "version": "9.12.0 and 9.12.1" } ] } ], "credits": [ { "lang": "en", "value": "ISC would like to thank Tony Finch of the University of Cambridge for his assistance in discovering and analyzing this vulnerability." } ], "datePublic": "2018-05-18T00:00:00", "descriptions": [ { "lang": "en", "value": "A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk.", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "104236", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104236" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.isc.org/docs/aa-01606" }, { "name": "1040942", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040942" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" } ], "solutions": [ { "lang": "en", "value": "The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2" } ], "source": { "discovery": "UNKNOWN" }, "title": "BIND 9.12\u0027s serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.", "workarounds": [ { "lang": "en", "value": "Setting \"max-stale-ttl 0;\" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)\n\nSetting \"stale-answer enable off;\" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero." } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2018-05-18T00:00:00.000Z", "ID": "CVE-2018-5737", "STATE": "PUBLIC", "TITLE": "BIND 9.12\u0027s serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled." }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "BIND 9", "version": { "version_data": [ { "version_value": "9.12.0 and 9.12.1" } ] } } ] }, "vendor_name": "ISC" } ] } }, "credit": [ { "lang": "eng", "value": "ISC would like to thank Tony Finch of the University of Cambridge for his assistance in discovering and analyzing this vulnerability." } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk." } ] } ] }, "references": { "reference_data": [ { "name": "104236", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104236" }, { "name": "https://kb.isc.org/docs/aa-01606", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01606" }, { "name": "1040942", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040942" }, { "name": "https://security.netapp.com/advisory/ntap-20180926-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180926-0004/" } ] }, "solution": [ { "lang": "en", "value": "The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2" } ], "source": { "discovery": "UNKNOWN" }, "work_around": [ { "lang": "en", "value": "Setting \"max-stale-ttl 0;\" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)\n\nSetting \"stale-answer enable off;\" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero." } ] } } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2018-5737", "datePublished": "2019-01-16T20:00:00Z", "dateReserved": "2018-01-17T00:00:00", "dateUpdated": "2024-09-16T22:40:22.628Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-5737\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2019-01-16T20:29:00.877\",\"lastModified\":\"2024-11-21T04:09:17.120\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.\"},{\"lang\":\"es\",\"value\":\"Un problema con la implementaci\u00f3n de la nueva caracter\u00edstica \\\"serve-stale\\\" en BIND 9.12 puede conducir a un fallo de aserci\u00f3n en rbtdb.c, incluso cuando stale-answer-enable est\u00e1 desactivado. Adem\u00e1s, la interacci\u00f3n problem\u00e1tica entre la caracter\u00edstica serve-stale y el cacheo negativo agresivo NSEC puede provocar en algunos casos un comportamiento no deseado en named, como un bucle de recursi\u00f3n o el registro excesivo. La explotaci\u00f3n deliberada de esta condici\u00f3n podr\u00eda provocar problemas operativos sobre la manifestaci\u00f3n concreta, ya sea una degradaci\u00f3n o una denegaci\u00f3n de servicio (DoS). Afecta a BIND en versiones 9.12.0 y 9.12.1.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DCE4BD2-2256-473F-B17F-192CAC145DF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"440CFE40-C9B7-4E6E-800D-DD595F8FC38E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104236\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040942\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.isc.org/docs/aa-01606\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0004/\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104236\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040942\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://kb.isc.org/docs/aa-01606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180926-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.