CVE-2018-5737
BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.
Un problema con la implementación de la nueva característica "serve-stale" en BIND 9.12 puede conducir a un fallo de aserción en rbtdb.c, incluso cuando stale-answer-enable está desactivado. Además, la interacción problemática entre la característica serve-stale y el cacheo negativo agresivo NSEC puede provocar en algunos casos un comportamiento no deseado en named, como un bucle de recursión o el registro excesivo. La explotación deliberada de esta condición podría provocar problemas operativos sobre la manifestación concreta, ya sea una degradación o una denegación de servicio (DoS). Afecta a BIND en versiones 9.12.0 y 9.12.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-17 CVE Reserved
- 2019-01-16 CVE Published
- 2024-09-16 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-617: Reachable Assertion
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/104236 | Third Party Advisory | |
http://www.securitytracker.com/id/1040942 | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20180926-0004 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://kb.isc.org/docs/aa-01606 | 2019-10-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.12.0 Search vendor "Isc" for product "Bind" and version "9.12.0" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.12.1 Search vendor "Isc" for product "Bind" and version "9.12.1" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Data Ontap Edge Search vendor "Netapp" for product "Data Ontap Edge" | - | - |
Affected
|