Amazon Linux AMI update for bind

1) Security restrictions bypass

EUVDB-ID: #VU16033

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5741

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.

The vulnerability exists due to an error in the documentation of the 'update-policy' feature for the 'krb5-subdomain' and 'ms-subdomain' update policies. A remote attacker can bypass security restrictions to modify records in the zone at or below the name specified in the name field.

Mitigation

Update the affected packages.

i686:
    bind-utils-9.8.2-0.68.rc1.59.amzn1.i686
    bind-9.8.2-0.68.rc1.59.amzn1.i686
    bind-libs-9.8.2-0.68.rc1.59.amzn1.i686
    bind-debuginfo-9.8.2-0.68.rc1.59.amzn1.i686
    bind-sdb-9.8.2-0.68.rc1.59.amzn1.i686
    bind-chroot-9.8.2-0.68.rc1.59.amzn1.i686
    bind-devel-9.8.2-0.68.rc1.59.amzn1.i686

src:
    bind-9.8.2-0.68.rc1.59.amzn1.src

x86_64:
    bind-utils-9.8.2-0.68.rc1.59.amzn1.x86_64
    bind-9.8.2-0.68.rc1.59.amzn1.x86_64
    bind-libs-9.8.2-0.68.rc1.59.amzn1.x86_64
    bind-devel-9.8.2-0.68.rc1.59.amzn1.x86_64
    bind-debuginfo-9.8.2-0.68.rc1.59.amzn1.x86_64
    bind-chroot-9.8.2-0.68.rc1.59.amzn1.x86_64
    bind-sdb-9.8.2-0.68.rc1.59.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2019-1187.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.