Vulnerabilities > CVE-2018-5740 - Reachable Assertion vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Vulnerable Configurations

Part Description Count
Application
Isc
546
Application
Netapp
1
OS
Redhat
9
OS
Debian
2
OS
Canonical
4
OS
Hp
1
OS
Opensuse
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2571.NASL
    descriptionAn update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when
    last seen2020-06-01
    modified2020-06-02
    plugin id112165
    published2018-08-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112165
    titleCentOS 6 : bind (CESA-2018:2571)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0130_BIND.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has bind packages installed that are affected by a vulnerability: - A denial of service flaw was discovered in bind versions that include the deny-answer-aliases feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition. (CVE-2018-5740) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127383
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127383
    titleNewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0130)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1282.NASL
    descriptionAccording to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the
    last seen2020-05-06
    modified2018-09-27
    plugin id117726
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117726
    titleEulerOS 2.0 SP3 : bind (EulerOS-SA-2018-1282)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1328.NASL
    descriptionAccording to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the
    last seen2020-06-01
    modified2020-06-02
    plugin id118416
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118416
    titleEulerOS Virtualization 2.5.1 : bind (EulerOS-SA-2018-1328)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0031_BIND.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by a vulnerability: - A denial of service flaw was discovered in bind versions that include the deny-answer-aliases feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition. (CVE-2018-5740) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127196
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127196
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0031)
  • NASL familyDNS
    NASL idBIND9_9122_P1.NASL
    descriptionAccording to its self-reported version number, the instance of ISC BIND running on the remote name server is 9.x.x prior to 9.9.13-P1, 9.10.x prior to 9.10.8-P1, 9.11.x prior to 9.11.4-P1, or 9.12.x prior to 9.12.2-P1. It is, therefore, affected by a denial of service vulnerability in the deny-answer-aliases feature.
    last seen2020-06-01
    modified2020-06-02
    plugin id111790
    published2018-08-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111790
    titleISC BIND 9.x.x < 9.9.13-P1 / 9.10.x < 9.10.8-P1 / 9.11.x < 9.11.4-P1 / 9.12.x < 9.12.2-P1 deny-answer-aliases DoS Vulnerability
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL98528405.NASL
    descriptionA flaw in the
    last seen2020-06-01
    modified2020-06-02
    plugin id118724
    published2018-11-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118724
    titleF5 Networks BIG-IP : BIG-IP BIND vulnerability (K98528405)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1532.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : - CVE-2018-5740: Fixed a denial of service vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id125807
    published2019-06-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125807
    titleopenSUSE Security Update : bind (openSUSE-2019-1532)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-5417CA3713.NASL
    descriptionUpdate to last security release - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120429
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120429
    titleFedora 28 : 32:bind (2018-5417ca3713)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1281.NASL
    descriptionAccording to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the
    last seen2020-05-06
    modified2018-09-27
    plugin id117725
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117725
    titleEulerOS 2.0 SP2 : bind (EulerOS-SA-2018-1281)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201903-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201903-13 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : BIND can improperly permit recursive query service to unauthorized clients possibly resulting in a Denial of Service condition or to be used in DNS reflection attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id122835
    published2019-03-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122835
    titleGLSA-201903-13 : BIND: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1533.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id125808
    published2019-06-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125808
    titleopenSUSE Security Update : bind (openSUSE-2019-1533)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1376.NASL
    descriptionAccording to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was discovered in bind versions that include the
    last seen2020-06-01
    modified2020-06-02
    plugin id124879
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124879
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1343.NASL
    descriptionAccording to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the
    last seen2020-06-01
    modified2020-06-02
    plugin id118431
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118431
    titleEulerOS Virtualization 2.5.0 : bind (EulerOS-SA-2018-1343)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-222-01.NASL
    descriptionNew bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111660
    published2018-08-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111660
    titleSlackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2018-222-01)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-2570.NASL
    descriptionAn update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when
    last seen2020-06-01
    modified2020-06-02
    plugin id112164
    published2018-08-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112164
    titleCentOS 7 : bind (CESA-2018:2570)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2571.NASL
    descriptionAn update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when
    last seen2020-06-01
    modified2020-06-02
    plugin id112134
    published2018-08-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112134
    titleRHEL 6 : bind (RHSA-2018:2571)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_184R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id121068
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121068
    titleJuniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2570.NASL
    descriptionAn update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when
    last seen2020-06-01
    modified2020-06-02
    plugin id112133
    published2018-08-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112133
    titleRHEL 7 : bind (RHSA-2018:2570)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1407-1.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id125703
    published2019-06-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125703
    titleSUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1449-1.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : CVE-2018-5740: Fixed a denial of service vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id125799
    published2019-06-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125799
    titleSUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2571.NASL
    descriptionFrom Red Hat Security Advisory 2018:2571 : An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when
    last seen2020-06-01
    modified2020-06-02
    plugin id112130
    published2018-08-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112130
    titleOracle Linux 6 : bind (ELSA-2018-2571)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1485.NASL
    descriptionCVE-2018-5740 The
    last seen2020-06-01
    modified2020-06-02
    plugin id112197
    published2018-08-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112197
    titleDebian DLA-1485-1 : bind9 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-2570.NASL
    descriptionFrom Red Hat Security Advisory 2018:2570 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: processing of certain records when
    last seen2020-06-01
    modified2020-06-02
    plugin id112129
    published2018-08-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112129
    titleOracle Linux 7 : bind (ELSA-2018-2570)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180827_BIND_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - bind: processing of certain records when
    last seen2020-03-18
    modified2018-08-28
    plugin id112136
    published2018-08-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112136
    titleScientific Linux Security Update : bind on SL7.x x86_64 (20180827)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2020-0021.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.
    last seen2020-06-10
    modified2020-06-05
    plugin id137170
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137170
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1082.NASL
    descriptionA denial of service flaw was discovered in bind versions that include the
    last seen2020-06-01
    modified2020-06-02
    plugin id117606
    published2018-09-20
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117606
    titleAmazon Linux AMI : bind (ALAS-2018-1082)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1081.NASL
    descriptionAccording to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : -
    last seen2020-03-19
    modified2019-03-08
    plugin id122703
    published2019-03-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122703
    titleEulerOS Virtualization 2.5.2 : bind (EulerOS-SA-2019-1081)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2502-1.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129526
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129526
    titleSUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1082.NASL
    descriptionA denial of service flaw was discovered in bind versions that include the
    last seen2020-06-01
    modified2020-06-02
    plugin id117710
    published2018-09-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117710
    titleAmazon Linux 2 : bind (ALAS-2018-1082)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14074-1.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : CVE-2018-5740: Fixed a denial of service vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id125759
    published2019-06-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125759
    titleSUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1161.NASL
    descriptionAccording to the version of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A denial of service flaw was discovered in bind versions that include the
    last seen2020-03-19
    modified2019-04-09
    plugin id123847
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123847
    titleEulerOS Virtualization 2.5.3 : bind (EulerOS-SA-2019-1161)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180827_BIND_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - bind: processing of certain records when
    last seen2020-03-18
    modified2018-08-28
    plugin id112135
    published2018-08-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112135
    titleScientific Linux Security Update : bind on SL6.x i386/x86_64 (20180827)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-90F8FBD58E.NASL
    descriptionUpdate to 9.11.4-P1 - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-08-23
    plugin id112068
    published2018-08-23
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112068
    titleFedora 27 : 32:bind (2018-90f8fbd58e)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0252.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2018-5740) - Fix (CVE-2017-3145) - Change EDNS flags only after successful query (#1416035) - Fix crash in ldap driver at bind-sdb stop (#1426626) - Fix (CVE-2017-3142, CVE-2017-3143) - Update root servers and trust anchors - Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391) - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578)
    last seen2020-06-01
    modified2020-06-02
    plugin id112170
    published2018-08-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112170
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3769-1.NASL
    descriptionIt was discovered that Bind incorrectly handled the deny-answer-aliases feature. If this feature is enabled, a remote attacker could use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117630
    published2018-09-21
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117630
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : bind9 vulnerability (USN-3769-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1433.NASL
    descriptionAccording to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2016-2776) - A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash.(CVE-2016-1285) - A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.(CVE-2015-4620) - A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2015-5477) - A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.(CVE-2014-0591) - A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.(CVE-2015-5722) - It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the
    last seen2020-06-01
    modified2020-06-02
    plugin id124936
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124936
    titleEulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)

Redhat

advisories
  • bugzilla
    id1613595
    title is in use may trigger an assert leading to a denial of service
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentbind-devel is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570001
          • commentbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651004
        • AND
          • commentbind-sdb-chroot is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570003
          • commentbind-sdb-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767018
        • AND
          • commentbind-pkcs11 is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570005
          • commentbind-pkcs11 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767020
        • AND
          • commentbind-chroot is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570007
          • commentbind-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651008
        • AND
          • commentbind-pkcs11-devel is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570009
          • commentbind-pkcs11-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767004
        • AND
          • commentbind-sdb is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570011
          • commentbind-sdb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651002
        • AND
          • commentbind is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570013
          • commentbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651006
        • AND
          • commentbind-pkcs11-libs is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570015
          • commentbind-pkcs11-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767006
        • AND
          • commentbind-lite-devel is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570017
          • commentbind-lite-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767016
        • AND
          • commentbind-pkcs11-utils is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570019
          • commentbind-pkcs11-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767014
        • AND
          • commentbind-license is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570021
          • commentbind-license is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767022
        • AND
          • commentbind-libs-lite is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570023
          • commentbind-libs-lite is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767024
        • AND
          • commentbind-libs is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570025
          • commentbind-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651010
        • AND
          • commentbind-utils is earlier than 32:9.9.4-61.el7_5.1
            ovaloval:com.redhat.rhsa:tst:20182570027
          • commentbind-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651012
    rhsa
    idRHSA-2018:2570
    released2018-08-27
    severityImportant
    titleRHSA-2018:2570: bind security update (Important)
  • bugzilla
    id1613595
    title is in use may trigger an assert leading to a denial of service
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentbind-devel is earlier than 32:9.8.2-0.68.rc1.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20182571001
          • commentbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651004
        • AND
          • commentbind-sdb is earlier than 32:9.8.2-0.68.rc1.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20182571003
          • commentbind-sdb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651002
        • AND
          • commentbind-chroot is earlier than 32:9.8.2-0.68.rc1.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20182571005
          • commentbind-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651008
        • AND
          • commentbind is earlier than 32:9.8.2-0.68.rc1.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20182571007
          • commentbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651006
        • AND
          • commentbind-utils is earlier than 32:9.8.2-0.68.rc1.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20182571009
          • commentbind-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651012
        • AND
          • commentbind-libs is earlier than 32:9.8.2-0.68.rc1.el6_10.1
            ovaloval:com.redhat.rhsa:tst:20182571011
          • commentbind-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651010
    rhsa
    idRHSA-2018:2571
    released2018-08-27
    severityImportant
    titleRHSA-2018:2571: bind security update (Important)
rpms
  • bind-32:9.9.4-61.el7_5.1
  • bind-chroot-32:9.9.4-61.el7_5.1
  • bind-debuginfo-32:9.9.4-61.el7_5.1
  • bind-devel-32:9.9.4-61.el7_5.1
  • bind-libs-32:9.9.4-61.el7_5.1
  • bind-libs-lite-32:9.9.4-61.el7_5.1
  • bind-license-32:9.9.4-61.el7_5.1
  • bind-lite-devel-32:9.9.4-61.el7_5.1
  • bind-pkcs11-32:9.9.4-61.el7_5.1
  • bind-pkcs11-devel-32:9.9.4-61.el7_5.1
  • bind-pkcs11-libs-32:9.9.4-61.el7_5.1
  • bind-pkcs11-utils-32:9.9.4-61.el7_5.1
  • bind-sdb-32:9.9.4-61.el7_5.1
  • bind-sdb-chroot-32:9.9.4-61.el7_5.1
  • bind-utils-32:9.9.4-61.el7_5.1
  • bind-32:9.8.2-0.68.rc1.el6_10.1
  • bind-chroot-32:9.8.2-0.68.rc1.el6_10.1
  • bind-debuginfo-32:9.8.2-0.68.rc1.el6_10.1
  • bind-devel-32:9.8.2-0.68.rc1.el6_10.1
  • bind-libs-32:9.8.2-0.68.rc1.el6_10.1
  • bind-sdb-32:9.8.2-0.68.rc1.el6_10.1
  • bind-utils-32:9.8.2-0.68.rc1.el6_10.1

References