CVE-2018-5740

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
iscCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
iscbind
9.7.0 ≤
𝑥
< 9.8.8
iscbind
9.9.0 ≤
𝑥
< 9.9.13
iscbind
9.10.0 ≤
𝑥
< 9.10.8
iscbind
9.11.0 ≤
𝑥
< 9.11.4
iscbind
9.12.0 ≤
𝑥
< 9.12.2
iscbind
9.13.0 ≤
𝑥
< 9.13.2
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
8.0
debiandebian_linux
9.0
netappdata_ontap_edge
-
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
hphp-ux
-
opensuseleap
15.0
opensuseleap
15.1
opensuseleap
42.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
bionic
Fixed 1:9.11.3+dfsg-1ubuntu1.2
released
xenial
Fixed 1:9.10.3.dfsg.P4-8ubuntu1.11
released
trusty
Fixed 1:9.9.5.dfsg-3ubuntu0.18
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html
http://www.securityfocus.com/bid/105055
http://www.securitytracker.com/id/1041436
https://access.redhat.com/errata/RHSA-2018:2570
https://access.redhat.com/errata/RHSA-2018:2571
https://kb.isc.org/docs/aa-01639
https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html
https://security.gentoo.org/glsa/201903-13
https://security.netapp.com/advisory/ntap-20180926-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
https://usn.ubuntu.com/3769-1/
https://usn.ubuntu.com/3769-2/
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html
http://www.securityfocus.com/bid/105055
http://www.securitytracker.com/id/1041436
https://access.redhat.com/errata/RHSA-2018:2570
https://access.redhat.com/errata/RHSA-2018:2571
https://kb.isc.org/docs/aa-01639
https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html
https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html
https://security.gentoo.org/glsa/201903-13
https://security.netapp.com/advisory/ntap-20180926-0003/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
https://usn.ubuntu.com/3769-1/
https://usn.ubuntu.com/3769-2/