7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
83.1%
Severity: Medium
Date : 2018-05-20
CVE-ID : CVE-2018-5736 CVE-2018-5737
Package : bind
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-706
The package bind before version 9.12.1.P2-1 is vulnerable to denial of
service.
Upgrade to 9.12.1.P2-1.
The problems have been fixed upstream in version 9.12.1.P2.
For servers which must receive notifies to keep slave zone contents
current, no complete workarounds are known although restricting BIND to
only accept NOTIFY messages from authorised sources can greatly
mitigate the risk of attack.
Setting “max-stale-ttl 0;” in named.conf will prevent exploitation of
this vulnerability (but will effectively disable the serve-stale
feature.)
An error in zone database reference counting can lead to an assertion
failure if a server which is running an affected version of BIND
attempts several transfers of a slave zone in quick succession.
A problem with the implementation of the new serve-stale feature in
BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-
answer-enable is off.
A remote attacker is able to cause a denial of service via crafted
queries.
http://marc.info/[email protected]
https://kb.isc.org/article/AA-01602/74/CVE-2018-5736
https://kb.isc.org/article/AA-01606/74/CVE-2018-5737
https://security.archlinux.org/CVE-2018-5736
https://security.archlinux.org/CVE-2018-5737
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
83.1%