Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 726
    • Issues 726
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 373
    • Merge requests 373
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #8922

Closed
Open
Created May 21, 2018 by Alicha CH@alichaReporter

[3.8] bind: Multiple vulnerabilities (CVE-2018-5736, CVE-2018-5737)

CVE-2018-5736: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c

An error in zone database reference counting can lead to an assertion failure if a server which is running an
affected version of BIND attempts several transfers of a slave zone in quick succession.

This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone
transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test.

Affected versions:

9.12.0 and 9.12.1

Reference:

https://kb.isc.org/article/AA-01602/74/CVE-2018-5736%3A-Multiple-transfers-of-a-zone-in-quick-succession-can-cause-an-assertion-failure-in-rbtdb.c.html

Patch:

https://ftp.isc.org/isc/bind9/9.12.1-P2/patches/cve5736.patch

CVE-2018-5737: BIND 9.12’s serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c,
even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive
negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging.

Affected versions:

9.12.0 and 9.12.1

Reference:

https://kb.isc.org/article/AA-01606/74/CVE-2018-5737%3A-BIND-9.12s-serve-stale-implementation-can-cause-an-assertion-failure-in-rbtdb.c-or-other-undesirable-behavior-even-if-serve-stale-is-not-enabled.html

Patch:

https://ftp.isc.org/isc/bind9/9.12.1-P2/patches/cve5737.patch

(from redmine: issue id 8922, created on 2018-05-21, closed on 2018-05-22)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking