CVE-2018-5737
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation – either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND 9 | 9.12.0 and 9.12.1 | affected |
Weaknesses
- Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk.
Workarounds
Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)
Setting "stale-answer enable off;" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero.
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/104236
- https://kb.isc.org/docs/aa-01606
- http://www.securitytracker.com/id/1040942
- https://security.netapp.com/advisory/ntap-20180926-0004/
References
- http://www.securityfocus.com/bid/104236
- https://kb.isc.org/docs/aa-01606
- http://www.securitytracker.com/id/1040942
- https://security.netapp.com/advisory/ntap-20180926-0004/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.