CVE-2018-5741

To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
iscbind
𝑥
< 9.11.5
iscbind
9.12.0 ≤
𝑥
< 9.12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
bullseye
1:9.16.50-1~deb11u2
fixed
bullseye (security)
1:9.16.50-1~deb11u1
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
bionic
ignored
cosmic
ignored
disco
Fixed 1:9.11.5.P1+dfsg-1ubuntu2
released
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bind
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
bind-chrootenv
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
bind-devel
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
bind-doc
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
bind-utils
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libbind9-1600
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libdns1605
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libirs-devel
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libirs1601
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libisc1606
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libisccc1600
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libisccfg1600
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
libns1604
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
python3-bind
suse enterprise desktop 15 SP1
9.16.6-12.32.1
fixed
suse enterprise desktop 15 SP2
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP1
9.16.6-12.32.1
fixed
suse enterprise sap 15 SP2
9.16.6-12.32.1
fixed
suse enterprise server 15
9.16.6-12.32.1
fixed
suse enterprise server 15 SP1
9.16.6-12.32.1
fixed
suse enterprise server 15 SP2
9.16.6-12.32.1
fixed
sysuser-shadow
suse enterprise desktop 15 SP1
2.0-4.2.8
fixed
suse enterprise desktop 15 SP2
2.0-4.2.8
fixed
suse enterprise sap 15 SP1
2.0-4.2.8
fixed
suse enterprise sap 15 SP2
2.0-4.2.8
fixed
suse enterprise server 15
2.0-4.2.8
fixed
suse enterprise server 15 SP1
2.0-4.2.8
fixed
suse enterprise server 15 SP2
2.0-4.2.8
fixed
sysuser-tools
suse enterprise desktop 15 SP1
2.0-4.2.8
fixed
suse enterprise sap 15 SP1
2.0-4.2.8
fixed
suse enterprise server 15
2.0-4.2.8
fixed
suse enterprise server 15 SP1
2.0-4.2.8
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bind
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-chroot
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-devel
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-export-devel
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-export-libs
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-libs
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-libs-lite
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-license
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-lite-devel
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-pkcs11
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-pkcs11-devel
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-pkcs11-libs
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-pkcs11-utils
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-sdb
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-sdb-chroot
RHEL 7
32:9.11.4-9.P2.el7
fixed
bind-utils
RHEL 7
32:9.11.4-9.P2.el7
fixed
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
http://www.securityfocus.com/bid/105379
http://www.securitytracker.com/id/1041674
https://access.redhat.com/errata/RHSA-2019:2057
https://kb.isc.org/docs/cve-2018-5741
https://security.gentoo.org/glsa/201903-13
https://security.netapp.com/advisory/ntap-20190830-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
http://www.securityfocus.com/bid/105379
http://www.securitytracker.com/id/1041674
https://access.redhat.com/errata/RHSA-2019:2057
https://kb.isc.org/docs/cve-2018-5741
https://security.gentoo.org/glsa/201903-13
https://security.netapp.com/advisory/ntap-20190830-0001/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us