Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2018-5741 |
CWE-ID | CWE-264 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
bind (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU16033
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-5741
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to an error in the documentation of the 'update-policy' feature for the 'krb5-subdomain' and 'ms-subdomain' update policies. A remote attacker can bypass security restrictions to modify records in the zone at or below the name specified in the name field.
MitigationInstall update from vendor's website.
Vulnerable software versionsbind (Alpine package): 9.11.1-r0 - 9.12.2_p1-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=f760ea50ec9278664e1aa8c0a5fb9f216770113b
http://git.alpinelinux.org/aports/commit/?id=6f40ae0c65be42bfa15f7d4c08b7ebd55a3ea4b2
http://git.alpinelinux.org/aports/commit/?id=e3ed6b4e31abe80f4d89cec79e47d60a9102142e
http://git.alpinelinux.org/aports/commit/?id=e57a8cc709262d3323914e40a9f4b342529b0bcd
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.