Showing 1 - 3 of 3

CVE-2018-5738

Status Candidate

Overview

Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.

Related Files

Gentoo Linux Security Advisory 201903-13: Posted Mar 14, 2019; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201903-13 - Multiple vulnerabilities have been found in BIND, the worst of which could result in a Denial of Service condition. Versions less than 9.12.1_p2-r1 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2018-5738, CVE-2018-5740, CVE-2018-5741; SHA-256 | 20178947f78d93af28560f3c97f646f81bdf530ecfd3cbf7c3069ee86f198ce7; Download | Favorite | View

Slackware Security Advisory - bind Updates: Posted Jul 12, 2018; Authored by Slackware Security Team | Site slackware.com; Slackware Security Advisory - New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.; tags | advisory; systems | linux, slackware; advisories | CVE-2018-5738; SHA-256 | 412d7e1d5c3b61f0857d300cb1c0b4082cd19640e580ecfd77fb5db68b6cbd67; Download | Favorite | View

Ubuntu Security Notice USN-3683-1: Posted Jun 13, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3683-1 - Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations.; tags | advisory; systems | linux, ubuntu; advisories | CVE-2018-5738; SHA-256 | 557989e0c3fe742a04e173c917971c9dc1a8ee5c4aabfeef3e629659a271c31d; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2018-5738

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems