CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
First published: Wed Feb 20 2019(Updated: )
ISC BIND is vulnerable to a denial of service, caused by an error in the managed-keys feature. By replacing a trust anchor's keys with keys which use an unsupported algorithm, a remote authenticated attacker could exploit this vulnerability to cause an assertion failure.
Credit: security-officer@isc.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Data Risk Manager | <=2.0.6 | |
| redhat/bind | <9.11.5 | 9.11.5 |
| redhat/bind | <9.12.3 | 9.12.3 |
| ISC BIND | >=9.9.0<=9.10.7 | |
| ISC BIND | >=9.11.0<=9.11.4 | |
| ISC BIND | >=9.12.0<=9.12.2 | |
| ISC BIND | >=9.13.0<=9.13.6 | |
| Isc Bind Supported Preview | =9.9.3-s1 | |
| ISC BIND | =9.10.7 | |
| ISC BIND | =9.10.8-p1 | |
| ISC BIND | =9.11.5 | |
| ISC BIND | =9.11.5-p1 | |
| Isc Bind Supported Preview | =9.11.5-s3 | |
| ISC BIND | =9.12.3 | |
| ISC BIND | =9.12.3-p1 |
Remedy
Upgrade to a version of BIND containing a fix preventing the assertion failure. >= BIND 9.11.5-P4 >= BIND 9.12.3-P4 BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. >= BIND 9.11.5-S5
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/157386
- https://www.ibm.com/support/pages/node/6335281 (Advisory)
- https://kb.isc.org/docs/cve-2018-5745
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1679925
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1679926
- https://access.redhat.com/security/cve/CVE-2018-5745
- https://gitlab.isc.org/isc-projects/bind9/commit/f09352d20a9d360e50683cd1d2fc52ccedcd77a0
- https://gitlab.isc.org/isc-projects/bind9/commit/38c2bdba0a5b785ef9f2da2329838b931754b3e4
- https://gitlab.isc.org/isc-projects/bind9/commit/235a64a5a4c0143b183bd55f6ed756741d4d7880
- https://gitlab.isc.org/isc-projects/bind9/commit/e7c12bffb
- https://access.redhat.com/errata/RHSA-2019:3552
- https://access.redhat.com/security/cve/cve-2018-5745
- https://access.redhat.com/errata/RHSA-2020:1061
- https://bugzilla.redhat.com/show_bug.cgi?id=1679303
- agent/references
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-5745
- agent/software-canonical-lookup
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/event
- agent/tags
- package-manager/redhat
- vendor/isc
- canonical/isc bind
- version/isc bind/9.9.0
- version/isc bind/9.10.7
- version/isc bind/9.11.0
- version/isc bind/9.11.4
- version/isc bind/9.12.0
- version/isc bind/9.12.2
- version/isc bind/9.13.0
- version/isc bind/9.13.6
- canonical/isc bind supported preview
- version/isc bind supported preview/9.9.3-s1
- version/isc bind/9.10.8-p1
- version/isc bind/9.11.5
- version/isc bind/9.11.5-p1
- version/isc bind supported preview/9.11.5-s3
- version/isc bind/9.12.3
- version/isc bind/9.12.3-p1
- vendor/ibm
- canonical/ibm data risk manager
- version/ibm data risk manager/2.0.6