CVE-2018-5745
An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.
"managed-keys" es una característica que permite a un solucionador BIND mantener automáticamente las claves usadas por los anclajes de confianza que los operadores configuran para su uso en la comprobación de DNSSEC. Debido a un error en la funcionalidad managed-keys, es posible que un servidor BIND que utiliza managed-keys salga debido a un error de aserción si, durante la renovación de claves, las claves de un ancla de confianza son reemplazadas por claves que utilizan un algoritmo no compatible. Versiones afectadas: BIND 9.9.0 hasta 9.10.8-P1, 9.11.0 hasta 9.11.5-P1, 9.12.0 hasta 9.12.3-P1 y versiones 9.9.3-S1 hasta 9.11.5- S3 de BIND 9 Supported Preview Edition. Las versiones 9.13.0 hasta 9.13.6 de la rama de desarrollo 9.13 también están afectadas. Las versiones anteriores a BIND 9.9.0 no han sido evaluadas para la vulnerabilidad de CVE-2018-5745.
An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-17 CVE Reserved
- 2019-02-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-617: Reachable Assertion
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://kb.isc.org/docs/cve-2018-5745 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2019:3552 | 2019-11-06 | |
| https://access.redhat.com/security/cve/CVE-2018-5745 | 2020-03-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1679303 | 2020-03-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.9.0 <= 9.10.7 Search vendor "Isc" for product "Bind" and version " >= 9.9.0 <= 9.10.7" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.11.0 <= 9.11.4 Search vendor "Isc" for product "Bind" and version " >= 9.11.0 <= 9.11.4" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.12.0 <= 9.12.2 Search vendor "Isc" for product "Bind" and version " >= 9.12.0 <= 9.12.2" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.13.0 <= 9.13.6 Search vendor "Isc" for product "Bind" and version " >= 9.13.0 <= 9.13.6" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.3 Search vendor "Isc" for product "Bind" and version "9.9.3" | s1, supported_preview |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.7 Search vendor "Isc" for product "Bind" and version "9.10.7" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.8 Search vendor "Isc" for product "Bind" and version "9.10.8" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5" | p1 |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5" | s3, supported_preview |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.12.3 Search vendor "Isc" for product "Bind" and version "9.12.3" | - |
Affected
| ||||||
| Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.12.3 Search vendor "Isc" for product "Bind" and version "9.12.3" | p1 |
Affected
| ||||||