// For flags

CVE-2018-5745

An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

Severity Score

4.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

"managed-keys" es una característica que permite a un solucionador BIND mantener automáticamente las claves usadas por los anclajes de confianza que los operadores configuran para su uso en la comprobación de DNSSEC. Debido a un error en la funcionalidad managed-keys, es posible que un servidor BIND que utiliza managed-keys salga debido a un error de aserción si, durante la renovación de claves, las claves de un ancla de confianza son reemplazadas por claves que utilizan un algoritmo no compatible. Versiones afectadas: BIND 9.9.0 hasta 9.10.8-P1, 9.11.0 hasta 9.11.5-P1, 9.12.0 hasta 9.12.3-P1 y versiones 9.9.3-S1 hasta 9.11.5- S3 de BIND 9 Supported Preview Edition. Las versiones 9.13.0 hasta 9.13.6 de la rama de desarrollo 9.13 también están afectadas. Las versiones anteriores a BIND 9.9.0 no han sido evaluadas para la vulnerabilidad de CVE-2018-5745.

An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-17 CVE Reserved
  • 2019-02-22 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
  • CWE-617: Reachable Assertion
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
>= 9.9.0 <= 9.10.7
Search vendor "Isc" for product "Bind" and version " >= 9.9.0 <= 9.10.7"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
>= 9.11.0 <= 9.11.4
Search vendor "Isc" for product "Bind" and version " >= 9.11.0 <= 9.11.4"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
>= 9.12.0 <= 9.12.2
Search vendor "Isc" for product "Bind" and version " >= 9.12.0 <= 9.12.2"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
>= 9.13.0 <= 9.13.6
Search vendor "Isc" for product "Bind" and version " >= 9.13.0 <= 9.13.6"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.3
Search vendor "Isc" for product "Bind" and version "9.9.3"
s1, supported_preview
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.10.7
Search vendor "Isc" for product "Bind" and version "9.10.7"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.10.8
Search vendor "Isc" for product "Bind" and version "9.10.8"
p1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.5
Search vendor "Isc" for product "Bind" and version "9.11.5"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.5
Search vendor "Isc" for product "Bind" and version "9.11.5"
p1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.5
Search vendor "Isc" for product "Bind" and version "9.11.5"
s3, supported_preview
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.12.3
Search vendor "Isc" for product "Bind" and version "9.12.3"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.12.3
Search vendor "Isc" for product "Bind" and version "9.12.3"
p1
Affected