First published: Fri May 18 2018(Updated: )
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.
Credit: security-officer@isc.org
Affected Software | Affected Version | How to fix |
---|---|---|
ISC BIND | =9.12.0 | |
ISC BIND | =9.12.1 | |
Netapp Cloud Backup | ||
Netapp Data Ontap Edge |
The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-5737 is high with a score of 7.5.
ISC BIND versions 9.12.0 and 9.12.1, Netapp Cloud Backup, and Apple macOS Mojave with Data ONTAP Edge are affected by CVE-2018-5737.
The implementation of the serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.
The serve-stale feature of BIND 9.12 can have problematic interaction with NSEC aggressive negative caching, which can in some cases cause undesired behavior.
Yes, you can check the following references for more information: SecurityFocus (http://www.securityfocus.com/bid/104236), SecurityTracker (http://www.securitytracker.com/id/1040942), ISC Knowledge Base (https://kb.isc.org/docs/aa-01606).