Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-5738 |
CWE-ID | CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
ISC BIND Server applications / DNS servers |
Vendor | ISC |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU13326
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-5738
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper access controls. When configured with "recursion yes;" and match list values are not provided for "allow-query-cache" or "allow-query", the "allow-recursion" setting may permit all hosts to perform recursion. A remote attacker can bypass intended recursion access controls, make a recursive query to a BIND nameserver in certain cases and examine the results of queries answered from the cache to determine which queries a server has previously responded to.
MitigationInstall updates from vendor's website.
The vendor has described the following workarounds in the advisory:
If an operator has not chosen to specify some other permission, explicitly specifying "allow-query {localnets; localhost;};" in named.conf will provide behavior equivalent to the intended default.
If the default setting is not appropriate (because the operator wants a different behavior) then depending on which clients are intended to be able to receive service for recursive queries, explicitly setting a match list value for any of:
will prevent the "allow-recursion" control from improperly inheriting a setting from the allow-query default. If a value is set for any of those values the behavior of allow-recursion will be set directly or inherited from one of the other values as described in the BIND Adminstrator Reference Manual section 6.2
- allow-recursion
- allow-query
- allow-query-cache
ISC BIND: 9.9.12 - 9.13.0
External linkshttp://kb.isc.org/article/AA-01616
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.