7.5
CWE
617
Advisory Published
Updated

CVE-2018-5737: BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.

First published: Fri May 18 2018(Updated: )

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

Credit: security-officer@isc.org

Affected SoftwareAffected VersionHow to fix
ISC BIND=9.12.0
ISC BIND=9.12.1
Netapp Cloud Backup
Netapp Data Ontap Edge

Remedy

The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2018-5737?

    The severity of CVE-2018-5737 is high with a score of 7.5.

  • Which software versions are affected by CVE-2018-5737?

    ISC BIND versions 9.12.0 and 9.12.1, Netapp Cloud Backup, and Apple macOS Mojave with Data ONTAP Edge are affected by CVE-2018-5737.

  • What is the problem with the implementation of the serve-stale feature in BIND 9.12?

    The implementation of the serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.

  • What can cause undesired behavior in the serve-stale feature of BIND 9.12?

    The serve-stale feature of BIND 9.12 can have problematic interaction with NSEC aggressive negative caching, which can in some cases cause undesired behavior.

  • Are there any references I can check for more information on CVE-2018-5737?

    Yes, you can check the following references for more information: SecurityFocus (http://www.securityfocus.com/bid/104236), SecurityTracker (http://www.securitytracker.com/id/1040942), ISC Knowledge Base (https://kb.isc.org/docs/aa-01606).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203