Main Vulnerability Database SB2018052227

SB2018052227 - Assertion failure in bind (Alpine package)

Published: May 22, 2018

Security Bulletin ID SB2018052227

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Assertion failure (CVE-ID: CVE-2018-5736)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists due to an error in zone database reference counting. A remote authenticated attacker who is able to cause the target server to initiate zone transfers (e.g., can send NOTIFY messages) can cause several transfers of a slave zone in quick succession to trigger an assertion in 'rbtdb.c' and cause 'named' to crash.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=a72a5291c3473990e2ec0256973c8ea1b78a2f77
https://git.alpinelinux.org/aports/commit/?id=5b89784c2f0f07bfbb31371b85fd9c1be3acada5
https://git.alpinelinux.org/aports/commit/?id=f676af6ec98416e43a39c2e2c8c98d361ddf99a5