Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201902-25
HistoryFeb 25, 2019 - 12:00 a.m.

[ASA-201902-25] bind: multiple issues

2019-02-2500:00:00
security.archlinux.org
23

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON

Arch Linux Security Advisory ASA-201902-25

Severity: High
Date : 2019-02-25
CVE-ID : CVE-2018-5744 CVE-2018-5745 CVE-2019-6465
Package : bind
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-915

Summary

The package bind before version 9.13.7-1 is vulnerable to multiple
issues including denial of service and access restriction bypass.

Resolution

Upgrade to 9.13.7-1.

pacman -Syu “bind>=9.13.7-1”

The problems have been fixed upstream in version 9.13.7.

Workaround

None.

Description

  • CVE-2018-5744 (denial of service)

A failure to free memory can occur when processing messages having a
specific combination of EDNS options has been found in bind before
9.13.7. By exploiting this condition, an attacker can potentially cause
named’s memory use to grow without bounds until all memory available to
the process is exhausted. Typically a server process is limited as to
the amount of memory it can use but if the named process is not limited
by the operating system all free memory on the server could be
exhausted.

  • CVE-2018-5745 (denial of service)

“managed-keys” is a feature which allows a BIND resolver to
automatically maintain the keys used by trust anchors which operators
configure for use in DNSSEC validation. Before 9.13.7, due to an error
in the managed-keys feature, it is possible for a BIND server which
uses managed-keys to exit due to an assertion failure if, during key
rollover, a trust anchor’s keys are replaced with keys which use an
unsupported algorithm.

  • CVE-2019-6465 (access restriction bypass)

Controls for zone transfers may not be properly applied to Dynamically
Loadable Zones (DLZs) if the zones are writable in bind before 9.13.7.
A client exercising this defect can request and receive a zone transfer
of a DLZ even when not permitted to do so by the allow-transfer ACL.

Impact

A remote user can bypass the allow-transfer ACL to access sensitive
information in a DLZ, or crash the server.

References

https://kb.isc.org/docs/cve-2018-5744
https://kb.isc.org/docs/cve-2018-5745
https://kb.isc.org/docs/cve-2019-6465
https://security.archlinux.org/CVE-2018-5744
https://security.archlinux.org/CVE-2018-5745
https://security.archlinux.org/CVE-2019-6465

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanybind< 9.13.7-1UNKNOWN

Related

nessus 38
openvas 22
altlinux 3
cisa 1
fedora 1
ibm 5
ubuntu 2
osv 5
redhat 3
debian 2
oraclelinux 2
centos 1
amazon 1
suse 2
f5 3
alpinelinux 3
ubuntucve 3
prion 3
redhatcve 3
debiancve 3
checkpoint_advisories 1
cve 3
photon 4
rosalinux 1
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Bind vulnerabilities (USN-3893-1)
2019-02-22 00:00:00
Oracle Linux 8 : bind (ELSA-2019-3552)
2023-09-07 00:00:00
RHEL 8 : bind (RHSA-2019:3552)
2019-11-06 00:00:00
openvas
openvas
Fedora Update for bind FEDORA-2019-5396a60397
2019-05-07 00:00:00
ISC BIND Multiple Vulnerabilities (Feb 2019) - Windows
2019-02-25 00:00:00
Ubuntu: Security Advisory (USN-3893-1)
2019-02-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package bind version 9.11.5.P4-alt1
2019-02-22 00:00:00
Security fix for the ALT Linux 10 package bind version 9.11.5.P4-alt1
2019-02-22 00:00:00
Security fix for the ALT Linux 8 package bind version 9.10.8.P1-alt1
2019-08-26 00:00:00
cisa
cisa
ISC Releases Security Updates for BIND
2019-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: bind-9.11.5-4.P4.fc29
2019-02-26 03:08:57
ibm
ibm
Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System
2020-11-10 10:27:57
Security Bulletin: IBM i is affected by networking BIND vulnerabilities CVE-2018-5744 CVE-2019-6465 and CVE-2018-5745.
2022-08-15 16:26:47
Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console (CVE-2018-5745, CVE-2019-6465 and CVE-2019-6477)
2021-09-22 23:38:15
ubuntu
ubuntu
Bind vulnerabilities
2019-02-22 00:00:00
Bind vulnerabilities
2019-02-25 00:00:00
osv
osv
bind9 - security update
2019-02-28 00:00:00
bind9 - security update
2019-05-09 00:00:00
CVE-2018-5744
2019-10-09 16:15:13
redhat
redhat
(RHSA-2019:3552) Low: bind security and bug fix update
2019-11-05 17:59:08
(RHSA-2020:1061) Moderate: bind security and bug fix update
2020-03-31 09:13:57
(RHSA-2020:1277) Moderate: OpenShift Container Platform 4.3.10 openshift-enterprise-hyperkube-container security update
2020-04-08 07:06:28
debian
debian
[SECURITY] [DLA 1697-1] bind9 security updat
2019-02-28 21:11:35
[SECURITY] [DSA 4440-1] bind9 security update
2019-05-09 20:23:59
oraclelinux
oraclelinux
bind security and bug fix update
2020-04-06 00:00:00
bind security and bug fix update
2019-11-14 00:00:00
centos
centos
bind security update
2020-04-08 17:45:58
amazon
amazon
Medium: bind
2020-06-26 22:51:00
suse
suse
Security update for bind (important)
2019-06-10 00:00:00
Security update for bind (important)
2019-06-10 00:00:00
f5
f5
K00040234 : BIND vulnerability CVE-2018-5744
2019-02-22 00:00:00
K01713115 : BIND vulnerability CVE-2019-6465
2019-02-22 00:00:00
K25244852 : BIND vulnerability CVE-2018-5745
2019-02-22 00:00:00
alpinelinux
alpinelinux
CVE-2018-5744
2019-10-09 16:15:00
CVE-2019-6465
2019-10-09 16:15:00
CVE-2018-5745
2019-10-09 16:15:00
ubuntucve
ubuntucve
CVE-2018-5744
2019-02-21 00:00:00
CVE-2019-6465
2019-02-21 00:00:00
CVE-2018-5745
2019-02-21 00:00:00
prion
prion
Design/Logic Flaw
2019-10-09 16:15:00
Code injection
2019-10-09 16:15:00
Design/Logic Flaw
2019-10-09 16:15:00
redhatcve
redhatcve
CVE-2018-5744
2020-01-24 16:05:14
CVE-2019-6465
2020-04-04 05:47:06
CVE-2018-5745
2020-01-25 22:03:18
debiancve
debiancve
CVE-2018-5744
2019-10-09 16:15:00
CVE-2019-6465
2019-10-09 16:15:00
CVE-2018-5745
2019-10-09 16:15:00
checkpoint_advisories
checkpoint_advisories
ISC BIND Denial Of Service (CVE-2018-5744)
2019-11-25 00:00:00
cve
cve
CVE-2018-5744
2019-10-09 16:15:00
CVE-2019-6465
2019-10-09 16:15:00
CVE-2018-5745
2019-10-09 16:15:00
photon
photon
Important Photon OS Security Update - PHSA-2019-0199
2019-12-30 00:00:00
Critical Photon OS Security Update - PHSA-2020-0049
2020-01-18 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0049
2020-01-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1803
2021-07-02 16:31:31

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.025 Low

EPSS

Percentile

90.0%

JSON
Related for ASA-201902-25
nessus38openvas22altlinux3cisa1fedora1ibm5ubuntu2osv5redhat3debian2oraclelinux2centos1amazon1suse2f53alpinelinux3ubuntucve3prion3redhatcve3debiancve3checkpoint_advisories1cve3photon4rosalinux1