Vulnerabilities > CVE-2018-5740 - Reachable Assertion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2571.NASL description An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when last seen 2020-06-01 modified 2020-06-02 plugin id 112165 published 2018-08-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112165 title CentOS 6 : bind (CESA-2018:2571) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0130_BIND.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has bind packages installed that are affected by a vulnerability: - A denial of service flaw was discovered in bind versions that include the deny-answer-aliases feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition. (CVE-2018-5740) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127383 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127383 title NewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0130) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1282.NASL description According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the last seen 2020-05-06 modified 2018-09-27 plugin id 117726 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117726 title EulerOS 2.0 SP3 : bind (EulerOS-SA-2018-1282) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1328.NASL description According to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the last seen 2020-06-01 modified 2020-06-02 plugin id 118416 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118416 title EulerOS Virtualization 2.5.1 : bind (EulerOS-SA-2018-1328) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0031_BIND.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by a vulnerability: - A denial of service flaw was discovered in bind versions that include the deny-answer-aliases feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition. (CVE-2018-5740) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127196 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127196 title NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0031) NASL family DNS NASL id BIND9_9122_P1.NASL description According to its self-reported version number, the instance of ISC BIND running on the remote name server is 9.x.x prior to 9.9.13-P1, 9.10.x prior to 9.10.8-P1, 9.11.x prior to 9.11.4-P1, or 9.12.x prior to 9.12.2-P1. It is, therefore, affected by a denial of service vulnerability in the deny-answer-aliases feature. last seen 2020-06-01 modified 2020-06-02 plugin id 111790 published 2018-08-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111790 title ISC BIND 9.x.x < 9.9.13-P1 / 9.10.x < 9.10.8-P1 / 9.11.x < 9.11.4-P1 / 9.12.x < 9.12.2-P1 deny-answer-aliases DoS Vulnerability NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL98528405.NASL description A flaw in the last seen 2020-06-01 modified 2020-06-02 plugin id 118724 published 2018-11-05 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118724 title F5 Networks BIG-IP : BIG-IP BIND vulnerability (K98528405) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1532.NASL description This update for bind fixes the following issues : Security issues fixed : - CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125807 published 2019-06-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125807 title openSUSE Security Update : bind (openSUSE-2019-1532) NASL family Fedora Local Security Checks NASL id FEDORA_2018-5417CA3713.NASL description Update to last security release - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120429 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120429 title Fedora 28 : 32:bind (2018-5417ca3713) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1281.NASL description According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the last seen 2020-05-06 modified 2018-09-27 plugin id 117725 published 2018-09-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117725 title EulerOS 2.0 SP2 : bind (EulerOS-SA-2018-1281) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201903-13.NASL description The remote host is affected by the vulnerability described in GLSA-201903-13 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : BIND can improperly permit recursive query service to unauthorized clients possibly resulting in a Denial of Service condition or to be used in DNS reflection attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 122835 published 2019-03-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122835 title GLSA-201903-13 : BIND: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1533.NASL description This update for bind fixes the following issues : Security issues fixed : - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125808 published 2019-06-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125808 title openSUSE Security Update : bind (openSUSE-2019-1533) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1376.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was discovered in bind versions that include the last seen 2020-06-01 modified 2020-06-02 plugin id 124879 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124879 title EulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1343.NASL description According to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the last seen 2020-06-01 modified 2020-06-02 plugin id 118431 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118431 title EulerOS Virtualization 2.5.0 : bind (EulerOS-SA-2018-1343) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-222-01.NASL description New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111660 published 2018-08-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111660 title Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2018-222-01) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-2570.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when last seen 2020-06-01 modified 2020-06-02 plugin id 112164 published 2018-08-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112164 title CentOS 7 : bind (CESA-2018:2570) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2571.NASL description An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when last seen 2020-06-01 modified 2020-06-02 plugin id 112134 published 2018-08-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112134 title RHEL 6 : bind (RHSA-2018:2571) NASL family Junos Local Security Checks NASL id JUNIPER_SPACE_JSA10917_184R1.NASL description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 121068 published 2019-01-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121068 title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2570.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when last seen 2020-06-01 modified 2020-06-02 plugin id 112133 published 2018-08-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112133 title RHEL 7 : bind (RHSA-2018:2570) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1407-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125703 published 2019-06-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125703 title SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1449-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125799 published 2019-06-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125799 title SUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2571.NASL description From Red Hat Security Advisory 2018:2571 : An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when last seen 2020-06-01 modified 2020-06-02 plugin id 112130 published 2018-08-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112130 title Oracle Linux 6 : bind (ELSA-2018-2571) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1485.NASL description CVE-2018-5740 The last seen 2020-06-01 modified 2020-06-02 plugin id 112197 published 2018-08-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112197 title Debian DLA-1485-1 : bind9 security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2018-2570.NASL description From Red Hat Security Advisory 2018:2570 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when last seen 2020-06-01 modified 2020-06-02 plugin id 112129 published 2018-08-28 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112129 title Oracle Linux 7 : bind (ELSA-2018-2570) NASL family Scientific Linux Local Security Checks NASL id SL_20180827_BIND_ON_SL7_X.NASL description Security Fix(es) : - bind: processing of certain records when last seen 2020-03-18 modified 2018-08-28 plugin id 112136 published 2018-08-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112136 title Scientific Linux Security Update : bind on SL7.x x86_64 (20180827) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1082.NASL description A denial of service flaw was discovered in bind versions that include the last seen 2020-06-01 modified 2020-06-02 plugin id 117606 published 2018-09-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117606 title Amazon Linux AMI : bind (ALAS-2018-1082) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1081.NASL description According to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - last seen 2020-03-19 modified 2019-03-08 plugin id 122703 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122703 title EulerOS Virtualization 2.5.2 : bind (EulerOS-SA-2019-1081) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2502-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 129526 published 2019-10-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129526 title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1082.NASL description A denial of service flaw was discovered in bind versions that include the last seen 2020-06-01 modified 2020-06-02 plugin id 117710 published 2018-09-27 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117710 title Amazon Linux 2 : bind (ALAS-2018-1082) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-14074-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125759 published 2019-06-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125759 title SUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1161.NASL description According to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the last seen 2020-03-19 modified 2019-04-09 plugin id 123847 published 2019-04-09 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123847 title EulerOS Virtualization 2.5.3 : bind (EulerOS-SA-2019-1161) NASL family Scientific Linux Local Security Checks NASL id SL_20180827_BIND_ON_SL6_X.NASL description Security Fix(es) : - bind: processing of certain records when last seen 2020-03-18 modified 2018-08-28 plugin id 112135 published 2018-08-28 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112135 title Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20180827) NASL family Fedora Local Security Checks NASL id FEDORA_2018-90F8FBD58E.NASL description Update to 9.11.4-P1 - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-08-23 plugin id 112068 published 2018-08-23 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112068 title Fedora 27 : 32:bind (2018-90f8fbd58e) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2018-0252.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2018-5740) - Fix (CVE-2017-3145) - Change EDNS flags only after successful query (#1416035) - Fix crash in ldap driver at bind-sdb stop (#1426626) - Fix (CVE-2017-3142, CVE-2017-3143) - Update root servers and trust anchors - Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391) - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) last seen 2020-06-01 modified 2020-06-02 plugin id 112170 published 2018-08-29 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3769-1.NASL description It was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 117630 published 2018-09-21 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117630 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : bind9 vulnerability (USN-3769-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1433.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2016-2776) - A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash.(CVE-2016-1285) - A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.(CVE-2015-4620) - A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2015-5477) - A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.(CVE-2014-0591) - A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.(CVE-2015-5722) - It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the last seen 2020-06-01 modified 2020-06-02 plugin id 124936 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124936 title EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://kb.isc.org/docs/aa-01639
- https://usn.ubuntu.com/3769-2/
- https://usn.ubuntu.com/3769-1/
- https://security.netapp.com/advisory/ntap-20180926-0003/
- https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html
- https://access.redhat.com/errata/RHSA-2018:2571
- https://access.redhat.com/errata/RHSA-2018:2570
- http://www.securitytracker.com/id/1041436
- http://www.securityfocus.com/bid/105055
- https://security.gentoo.org/glsa/201903-13
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
- https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html