Information disclosure in ISC BIND

Published: 2018-06-13 11:57:43 | Updated: 2018-06-13 11:57:59
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2018-5738
CVSSv3 4.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit Not available
Vulnerable software ISC BIND
Vulnerable software versions ISC BIND 9.11.3-S2
ISC BIND 9.11.3-S1
ISC BIND 9.10.7-S1
Show more
Vendor URL ISC

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to improper access controls. When configured with "recursion yes;" and match list values are not provided for "allow-query-cache" or "allow-query", the "allow-recursion" setting may permit all hosts to perform recursion. A remote attacker can bypass intended recursion access controls, make a recursive query to a BIND nameserver in certain cases and examine the results of queries answered from the cache to determine which queries a server has previously responded to.

Remediation

The vendor has described the following workarounds in the advisory:

If an operator has not chosen to specify some other permission, explicitly specifying "allow-query {localnets; localhost;};" in named.conf will provide behavior equivalent to the intended default.

If the default setting is not appropriate (because the operator wants a different behavior) then depending on which clients are intended to be able to receive service for recursive queries, explicitly setting a match list value for any of:

  • allow-recursion
  • allow-query
  • allow-query-cache
will prevent the "allow-recursion" control from improperly inheriting a setting from the allow-query default.  If a value is set for any of those values the behavior of allow-recursion will be set directly or inherited from one of the other values as described in the BIND Adminstrator Reference Manual section 6.2

Servers which are not intended to perform recursion at all may also effectively prevent this condition by setting "recursion no;" in named.conf



The vendor plans to issue a fix as part of an upcoming maintenance release (future versions 9.9.13, 9.10.8, 9.11.4, and 9.12.2).

External links

https://kb.isc.org/article/AA-01616

Back to List