CVE-2018-5737

Summary

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation – either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

Affected Software

VendorProductVersion RangeStatus
ISCBIND 99.12.0 and 9.12.1affected

Weaknesses

  • Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk.

Workarounds

Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)

Setting "stale-answer enable off;" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero.

ADP Enrichment

CVE Program Container

Additional References

References