#VU10785 Assertion failure in ISC BIND - CVE-2018-5734
Published: February 28, 2018
Vulnerability identifier: #VU10785
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-5734
CWE-ID: CWE-617
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ISC BIND
ISC BIND
Software vendor:
ISC
ISC
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to assertion failure in badcache.c file when processing a DNS request that does not contain all of the expected information. A remote attacker can send a malformed packet to vulnerable version of BIND, trigger the application to select a SERVFAIL rcode instead of a FORMERR rcode and perform a denial of service attack.
Successful exploitation of the vulnerability allows an attacker to trigger denial of service conditions on servers configured to allow recursion with enabled SERVFAIL cache.
The vulnerability exists due to assertion failure in badcache.c file when processing a DNS request that does not contain all of the expected information. A remote attacker can send a malformed packet to vulnerable version of BIND, trigger the application to select a SERVFAIL rcode instead of a FORMERR rcode and perform a denial of service attack.
Successful exploitation of the vulnerability allows an attacker to trigger denial of service conditions on servers configured to allow recursion with enabled SERVFAIL cache.
Remediation
Install the latest version from vendor's website.