CVE-2018-5745 – An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
https://notcve.org/view.php?id=CVE-2018-5745
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. • https://access.redhat.com/errata/RHSA-2019:3552 https://kb.isc.org/docs/cve-2018-5745 https://access.redhat.com/security/cve/CVE-2018-5745 https://bugzilla.redhat.com/show_bug.cgi?id=1679303 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-617: Reachable Assertion •
CVE-2018-5744 – A specially crafted packet can cause named to leak memory
https://notcve.org/view.php?id=CVE-2018-5744
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Se puede presentar un fallo al liberar memoria cuando se procesan mensajes que tienen una combinación específica de opciones EDNS. Las versiones afectadas son: BIND 9.10.7 hasta 9.10.8-P1, 9.11.3 hasta 9.11.5-P1, 9.12.0 hasta 9.12.3-P1, y las versiones 9.10.7-S1 hasta 9.11.5-S3 de BIND 9 Supported Preview Edition. • https://kb.isc.org/docs/cve-2018-5744 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2018-5741 – Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation
https://notcve.org/view.php?id=CVE-2018-5741
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.securityfocus.com/bid/105379 http://www.securitytracker.com/id/1041674 https://access.redhat.com/errata/RHSA-2019:2057 https://kb.isc.org/docs/cve-2018-5741 https://security.gentoo.org/glsa/201903-13 https://security.netapp.com/advisory/ntap-20190830-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&doc • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVE-2018-5737 – BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.
https://notcve.org/view.php?id=CVE-2018-5737
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1. Un problema con la implementación de la nueva característica "serve-stale" en BIND 9.12 puede conducir a un fallo de aserción en rbtdb.c, incluso cuando stale-answer-enable está desactivado. • http://www.securityfocus.com/bid/104236 http://www.securitytracker.com/id/1040942 https://kb.isc.org/docs/aa-01606 https://security.netapp.com/advisory/ntap-20180926-0004 • CWE-617: Reachable Assertion •
CVE-2018-5736
https://notcve.org/view.php?id=CVE-2018-5736
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1. Un error en el conteo de la base de datos de la zona puede conducir a un fallo de aserción si un servidor que está ejecutando una versión afectada de BIND intenta realizar varias transferencias hacia una zona esclava en rápida sucesión. Este defecto podría ser aprovechado deliberadamente por un atacante al que se le permite hacer que un servidor vulnerable inicie transferencias de zona (por ejemplo, mediante el envío de mensajes NOTIFY válidos), lo que provoca que el proceso named se cierre tras fallar la prueba de aserción. • http://www.securityfocus.com/bid/104386 http://www.securitytracker.com/id/1040941 https://kb.isc.org/docs/aa-01602 https://security.netapp.com/advisory/ntap-20180926-0004 • CWE-617: Reachable Assertion •