CVE-2018-5738 – Some versions of BIND can improperly permit recursive query service to unauthorized clients
https://notcve.org/view.php?id=CVE-2018-5738
Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. El cambio #4777 (presentado en octubre de 2017) introdujo un problema no imaginado en las versiones lanzadas tras esa fecha, que afecta a los clientes que pueden realizar consultas recursivas a un servidor de nombre de BIND. • http://www.securitytracker.com/id/1041115 https://kb.isc.org/docs/aa-01616 https://security.gentoo.org/glsa/201903-13 https://security.netapp.com/advisory/ntap-20190830-0002 https://usn.ubuntu.com/3683-1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-3145 – Improper fetch cleanup sequencing in the resolver can cause named to crash
https://notcve.org/view.php?id=CVE-2017-3145
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1. BIND secuenciaba incorrectamente las operaciones de limpieza en contextos fetch de recursión ascendente, lo que conduce en algunos casos a un error de uso de memoria previamente liberada que puede desencadenar un fallo de aserción y un cierre inesperado en named. Afecta a BIND desde la versión 9.0.0 hasta la versión 9.8.x, desde la versión 9.9.0 hasta la versión 9.9.11, desde la versión 9.10.0 hasta la versión 9.10.6, desde la versión 9.11.0 hasta la versión 9.11.2, desde la versión 9.9.3-S1 hasta la versión 09.9.11-S1, desde la versión 9.10.5-S1 hasta la versión 9.10.6-S1 y desde la 9.12.0a1 hasta la 9.12.0rc1. A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. • http://www.securityfocus.com/bid/102716 http://www.securitytracker.com/id/1040195 https://access.redhat.com/errata/RHSA-2018:0101 https://access.redhat.com/errata/RHSA-2018:0102 https://access.redhat.com/errata/RHSA-2018:0487 https://access.redhat.com/errata/RHSA-2018:0488 https://kb.isc.org/docs/aa-01542 https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html https://security.netapp.com/advisory/ntap-20180117-0003 https://supportportal.juniper.net/s/article/ • CWE-416: Use After Free •