CVE-2018-5736

16.01.2019, 20:29

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Affected Products (NVD)

Vendor	Product	Version
isc	bind	9.12.0
isc	bind	9.12.1
netapp	cloud_backup	-
netapp	data_ontap_edge	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

bind9

bookworm	1:9.18.28-1~deb12u2 fixed
bookworm (security)	1:9.18.28-1~deb12u2 fixed
bullseye	1:9.16.50-1~deb11u2 fixed
bullseye (security)	1:9.16.50-1~deb11u1 fixed
sid	1:9.20.2-1 fixed
trixie	1:9.20.2-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

bind9

artful	not-affected
bionic	not-affected
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

bind

suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise sap 15 SP7	9.20.3-150700.1.6 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise server 15 SP7	9.20.3-150700.1.6 fixed

bind-chrootenv

suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed

bind-devel

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed

bind-doc

suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise sap 15 SP7	9.20.3-150700.1.6 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise server 15 SP7	9.20.3-150700.1.6 fixed

bind-utils

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise desktop 15 SP5	9.16.38-150400.5.20.2 fixed
suse enterprise desktop 15 SP6	9.18.24-150600.1.5 fixed
suse enterprise desktop 15 SP7	9.20.3-150700.1.6 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise sap 15 SP5	9.16.38-150400.5.20.2 fixed
suse enterprise sap 15 SP6	9.18.24-150600.1.5 fixed
suse enterprise sap 15 SP7	9.20.3-150700.1.6 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise server 15 SP5	9.16.38-150400.5.20.2 fixed
suse enterprise server 15 SP6	9.18.24-150600.1.5 fixed
suse enterprise server 15 SP7	9.20.3-150700.1.6 fixed

libbind9-1600

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed

libdns1605

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise desktop 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise desktop 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.50.1 fixed

libirs-devel

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise desktop 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise desktop 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.50.1 fixed

libirs1601

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise desktop 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise desktop 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.50.1 fixed

libisc1606

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise desktop 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise desktop 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.50.1 fixed

libisccc1600

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed

libisccfg1600

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise desktop 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise desktop 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise sap 15 SP7	9.16.6-150300.22.50.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP6	9.16.6-150300.22.41.1 fixed
suse enterprise server 15 SP7	9.16.6-150300.22.50.1 fixed

libns1604

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP5	9.16.6-150300.22.27.1 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP5	9.16.6-150300.22.27.1 fixed

python3-bind

suse enterprise desktop 15 SP3	9.16.6-20.39 fixed
suse enterprise desktop 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise desktop 15 SP5	9.16.38-150400.5.20.2 fixed
suse enterprise sap 15 SP3	9.16.6-20.39 fixed
suse enterprise sap 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise sap 15 SP5	9.16.38-150400.5.20.2 fixed
suse enterprise server 15 SP3	9.16.6-20.39 fixed
suse enterprise server 15 SP4	9.16.20-150400.3.6 fixed
suse enterprise server 15 SP5	9.16.38-150400.5.20.2 fixed

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

http://www.securityfocus.com/bid/104386

http://www.securitytracker.com/id/1040941

https://kb.isc.org/docs/aa-01602

https://security.netapp.com/advisory/ntap-20180926-0004/

http://www.securityfocus.com/bid/104386

http://www.securitytracker.com/id/1040941

https://kb.isc.org/docs/aa-01602

https://security.netapp.com/advisory/ntap-20180926-0004/