CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-5738 – Some versions of BIND can improperly permit recursive query service to unauthorized clients
https://notcve.org/view.php?id=CVE-2018-5738
Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. El cambio #4777 (presentado en octubre de 2017) introdujo un problema no imaginado en las versiones lanzadas tras esa fecha, que afecta a los clientes que pueden realizar consultas recursivas a un servidor de nombre de BIND. • http://www.securitytracker.com/id/1041115 https://kb.isc.org/docs/aa-01616 https://security.gentoo.org/glsa/201903-13 https://security.netapp.com/advisory/ntap-20190830-0002 https://usn.ubuntu.com/3683-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 7%CPEs: 55EXPL: 0CVE-2018-5733 – A malicious client can overflow a reference counter in ISC dhcpd
https://notcve.org/view.php?id=CVE-2018-5733
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0. Un cliente malicioso al que se le permite enviar grandes cantidades de tráfico (miles de millones de paquetes) a un servidor DHCP puede terminar desbordando un contador de referencia de 32 bits, provocando el cierre inesperado de dhcpd. Afecta a ISC DHCP desde la versión 4.1.0 hasta la 4.1-ESV-R15, desde la versión 4.2.0 hasta la 4.2.8, desde la versión 4.3.0 hasta la 4.3.6 y a la versión 4.4.0. A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. • http://www.securityfocus.com/bid/103188 http://www.securitytracker.com/id/1040437 https://access.redhat.com/errata/RHSA-2018:0469 https://access.redhat.com/errata/RHSA-2018:0483 https://kb.isc.org/docs/aa-01567 https://lists.debian.org/debian-lts-announce/2018/03/msg00015.html https://usn.ubuntu.com/3586-1 https://usn.ubuntu.com/3586-2 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2018-5733 https://bugzilla.redhat • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2018-5732 – A specially constructed response from a malicious server can cause a buffer overflow in dhclient
https://notcve.org/view.php?id=CVE-2018-5732
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0 Un fallo al comprobar apropiadamente los límites de un búfer usado para procesar las opciones de DHCP, permite a un servidor malicioso (o a una entidad que se hace pasar por un servidor) causar un desbordamiento del búfer (y el bloqueo resultante) en dhclient mediante el envío de una respuesta que contiene una sección de opciones especialmente construida. Afecta a ISC DHCP versiones 4.1.0 hasta 4.1-ESV-R15, 4.2.0 hasta 4.2.8, 4.3.0 hasta 4.3.6, y 4.4.0. An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. • https://kb.isc.org/docs/aa-01565 https://access.redhat.com/security/cve/CVE-2018-5732 https://bugzilla.redhat.com/show_bug.cgi?id=1549960 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 14%CPEs: 51EXPL: 0CVE-2017-3144 – Failure to properly clean up closed OMAPI connections can exhaust available sockets
https://notcve.org/view.php?id=CVE-2017-3144
A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. Una vulnerabilidad derivada del error al limpiar correctamente las conexiones OMAPI cerradas puede conducir al agotamiento del grupo de descriptores del socket disponibles para el servidor DHCP. • http://www.securityfocus.com/bid/102726 http://www.securitytracker.com/id/1040194 https://access.redhat.com/errata/RHSA-2018:0158 https://kb.isc.org/docs/aa-01541 https://usn.ubuntu.com/3586-1 https://www.debian.org/security/2018/dsa-4133 https://access.redhat.com/security/cve/CVE-2017-3144 https://bugzilla.redhat.com/show_bug.cgi?id=1522918 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 5%CPEs: 72EXPL: 0CVE-2017-3145 – Improper fetch cleanup sequencing in the resolver can cause named to crash
https://notcve.org/view.php?id=CVE-2017-3145
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursión ascendente, lo que conduce en algunos casos a un error de uso de memoria previamente liberada que puede desencadenar un fallo de aserción y un cierre inesperado en named. Afecta a BIND desde la versión 9.0.0 hasta la versión 9.8.x, desde la versión 9.9.0 hasta la versión 9.9.11, desde la versión 9.10.0 hasta la versión 9.10.6, desde la versión 9.11.0 hasta la versión 9.11.2, desde la versión 9.9.3-S1 hasta la versión 09.9.11-S1, desde la versión 9.10.5-S1 hasta la versión 9.10.6-S1 y desde la 9.12.0a1 hasta la 9.12.0rc1. A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. • http://www.securityfocus.com/bid/102716 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0488 https://kb.isc.org/docs/aa-01542 https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html https://security.netapp.com/advisory/ntap-20180117-0003 https://supportportal.juniper.net/s/article/ • CWE-416: Use After Free •