#VU13326 Information disclosure in ISC BIND - CVE-2018-5738
Published: June 13, 2018 / Updated: January 30, 2020
ISC BIND
ISC
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to improper access controls. When configured with "recursion yes;" and match list values are not provided for "allow-query-cache" or "allow-query", the "allow-recursion" setting may permit all hosts to perform recursion. A remote attacker can bypass intended recursion access controls, make a recursive query to a BIND nameserver in certain cases and examine the results of queries answered from the cache to determine which queries a server has previously responded to.
Remediation
Install updates from vendor's website.
The vendor has described the following workarounds in the advisory:
If an operator has not chosen to specify some other permission, explicitly specifying "allow-query {localnets; localhost;};" in named.conf will provide behavior equivalent to the intended default.
If the default setting is not appropriate (because the operator wants a different behavior) then depending on which clients are intended to be able to receive service for recursive queries, explicitly setting a match list value for any of:
will prevent the "allow-recursion" control from improperly inheriting a setting from the allow-query default. If a value is set for any of those values the behavior of allow-recursion will be set directly or inherited from one of the other values as described in the BIND Adminstrator Reference Manual section 6.2
- allow-recursion
- allow-query
- allow-query-cache
Servers which are not intended to perform recursion at all may also effectively prevent this condition by setting "recursion no;" in named.conf