Denial of service in ISC BIND



Published: 2018-05-21
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-5737
CVE-2018-5736
CWE-ID CWE-617
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		ISC BIND
Server applications / DNS servers

Vendor ISC

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Assertion failure

EUVDB-ID: #VU12857

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5737

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists on the systems that permit recursion to clients and that have the max-stale-ttl parameter set to a non-zero value due to a flaw in the serve-stale implementation even when serve-stale is not enabled. A remote attacker can trigger an assertion failure in rbtdb.c cause performance degradation on the target system such as recursion loops or excessive logging.

Mitigation

Update to version 9.12.1-P1.

Vulnerable software versions

ISC BIND: 9.12.0 - 9.12.1

External links

http://kb.isc.org/article/AA-01606/74/CVE-2018-5737%3A-BIND-9.12s-serve-stale-implementation-can-ca...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Assertion failure

EUVDB-ID: #VU12860

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5736

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to an error in zone database reference counting. A remote authenticated attacker who is able to cause the target server to initiate zone transfers (e.g., can send NOTIFY messages) can cause several transfers of a slave zone in quick succession to trigger an assertion in 'rbtdb.c' and cause 'named' to crash.

Mitigation

Update to version 9.12.1-P1.

Vulnerable software versions

ISC BIND: 9.12.0 - 9.12.1

External links

http://kb.isc.org/article/AA-01602/74/CVE-2018-5736%3A-Multiple-transfers-of-a-zone-in-quick-succes...


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###