ID

VAR-201910-1646


CVE

CVE-2018-5743


TITLE

ISC BIND 9 Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-002957

DESCRIPTION

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743. ISC BIND 9 Contains the following multiple vulnerabilities: *TCP The number of client connections is not limited as configured - CVE-2018-5743 *nxdomain-redirect Due to lack of functions query.c In Assertion Failure Occurs - CVE-2019-6467 *nxdomain-redirect Due to lack of functions Assertion Failure Occurs - CVE-2019-6468The expected impact depends on each vulnerability, but can be affected as follows: * By attacker named File descriptors will be depleted, adversely affecting network connectivity and log and zone journal file management - CVE-2018-5743 *nxdomain-redirect If the function is enabled, an attacker may interfere with service operation (DoS) Attacked - CVE-2019-6467, CVE-2019-6468. ISC BIND is a set of open source software developed by ISC Corporation in the United States that implements the DNS protocol. An attacker could exploit this vulnerability to run out of file descriptors, affecting network connections and file management. ISC.org has confirmed the vulnerability and released software updates. ========================================================================== Ubuntu Security Notice USN-3956-2 May 09, 2019 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Bind could be made to consume resources if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: bind9 1:9.9.5.dfsg-3ubuntu0.19+esm1 Ubuntu 12.04 ESM: bind9 1:9.8.1.dfsg.P1-4ubuntu0.28 In general, a standard system update will make all the necessary changes. CVE-2018-5745 The "managed-keys" feature was susceptible to denial of service by triggering an assert. CVE-2019-6465 ACLs for zone transfers were incorrectly enforced for dynamically loadable zones (DLZs). For the stable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u5. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzUio4ACgkQEMKTtsN8 Tjb1uw/+MdjOu171QHxImVOxln3m0yQUVlBq1LLq5JuiFgPffYu0lVUTujBGINia T6DUFWnO5Ct7I+B4LIEXTpAY7UYTaBnt8cWxkGqacDxwG21wanJ+EWgo9NtfNmfw s6Zh1rfBDkvDT1OsOcmw8nuisyvZsWvZrNP+2mzfCTSm7jaqVLp1MfJZDBmXPlAF VoPvAwDO/XjDxQDUcxwCxRu590pbHrS5Fdi+9IN81Vd/MaKwebsQ4MFtLE5J1miU nnzWDT7V8JbLFj4KzFn7ugLTVw4e/lLXK3h+Qsssxa5o0emNPRz21q6HqTeFB8sg pT4F7krQq1lbEI1viTqXChK4Slj6uEnagt0WOzoJ+SLpcY9pojoVabivFf3UNXg7 ceflAcb9jdm1M7KCYy34XCMMwrFiwr078NTj5+158qrXX/I7ydFTkJLCmDrqcKfP sF738m0XuhnPunycZk6SFZpoRi+bZlbs6oEXyBU3QgFKjz/qkgCdXUC0TO6wxAed QkeSksPO5/Hwegr/UYDnB77htWmOaXUllDlGicGseFWe0GoeYr0p8AWIUnb1cCa4 YwtNJzEqK0TrN73IWFQd6YJxMxNajRXItnuijxon6vtjCTu+/8ROujqfNz9EYJZ2 85aJ/noHLePNV4MBka0kSBapZRocrcNKjKX8QMDb8N1nEvjSl8k= =VAvv -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: The TCP client quota set using the tcp-clients option could be exceeded in some cases. This could lead to exhaustion of file descriptors. For more information, see: https://kb.isc.org/docs/cve-2018-5743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.11.6_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.11.6_P1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.14.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.14.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: d6835a3a22d339df9ca0afd5ab8561bc bind-9.11.6_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 892265f47674a12362bf821dab2cc9fa bind-9.11.6_P1-x86_64-1_slack14.0.txz Slackware 14.1 package: 4c55681ae3fb61df7d1af3c92fc53db5 bind-9.11.6_P1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 932435bf42a652149c5d7a68267696f1 bind-9.11.6_P1-x86_64-1_slack14.1.txz Slackware 14.2 package: 65779b9f25e221aa3bb1726e331218d4 bind-9.11.6_P1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: a6b8c6ea2b4abd53b9cb21a77ffc93b7 bind-9.11.6_P1-x86_64-1_slack14.2.txz Slackware -current package: c1f720dd751a405a60b8e6b59dcb3279 n/bind-9.14.1-i586-1.txz Slackware x86_64 -current package: 65a617602a5e83d626d1a7045f346cf4 n/bind-9.14.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.11.6_P1-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2019:1294-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1294 Issue date: 2019-05-29 CVE Names: CVE-2018-5743 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.9.4-74.el7_6.1.src.rpm noarch: bind-license-9.9.4-74.el7_6.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-9.9.4-74.el7_6.1.i686.rpm bind-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-lite-9.9.4-74.el7_6.1.i686.rpm bind-libs-lite-9.9.4-74.el7_6.1.x86_64.rpm bind-utils-9.9.4-74.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.9.4-74.el7_6.1.x86_64.rpm bind-chroot-9.9.4-74.el7_6.1.x86_64.rpm bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-devel-9.9.4-74.el7_6.1.i686.rpm bind-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-lite-devel-9.9.4-74.el7_6.1.i686.rpm bind-lite-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.9.4-74.el7_6.1.src.rpm noarch: bind-license-9.9.4-74.el7_6.1.noarch.rpm x86_64: bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-9.9.4-74.el7_6.1.i686.rpm bind-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-lite-9.9.4-74.el7_6.1.i686.rpm bind-libs-lite-9.9.4-74.el7_6.1.x86_64.rpm bind-utils-9.9.4-74.el7_6.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.9.4-74.el7_6.1.x86_64.rpm bind-chroot-9.9.4-74.el7_6.1.x86_64.rpm bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-devel-9.9.4-74.el7_6.1.i686.rpm bind-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-lite-devel-9.9.4-74.el7_6.1.i686.rpm bind-lite-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.9.4-74.el7_6.1.src.rpm noarch: bind-license-9.9.4-74.el7_6.1.noarch.rpm ppc64: bind-9.9.4-74.el7_6.1.ppc64.rpm bind-chroot-9.9.4-74.el7_6.1.ppc64.rpm bind-debuginfo-9.9.4-74.el7_6.1.ppc.rpm bind-debuginfo-9.9.4-74.el7_6.1.ppc64.rpm bind-libs-9.9.4-74.el7_6.1.ppc.rpm bind-libs-9.9.4-74.el7_6.1.ppc64.rpm bind-libs-lite-9.9.4-74.el7_6.1.ppc.rpm bind-libs-lite-9.9.4-74.el7_6.1.ppc64.rpm bind-utils-9.9.4-74.el7_6.1.ppc64.rpm ppc64le: bind-9.9.4-74.el7_6.1.ppc64le.rpm bind-chroot-9.9.4-74.el7_6.1.ppc64le.rpm bind-debuginfo-9.9.4-74.el7_6.1.ppc64le.rpm bind-libs-9.9.4-74.el7_6.1.ppc64le.rpm bind-libs-lite-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.ppc64le.rpm bind-utils-9.9.4-74.el7_6.1.ppc64le.rpm s390x: bind-9.9.4-74.el7_6.1.s390x.rpm bind-chroot-9.9.4-74.el7_6.1.s390x.rpm bind-debuginfo-9.9.4-74.el7_6.1.s390.rpm bind-debuginfo-9.9.4-74.el7_6.1.s390x.rpm bind-libs-9.9.4-74.el7_6.1.s390.rpm bind-libs-9.9.4-74.el7_6.1.s390x.rpm bind-libs-lite-9.9.4-74.el7_6.1.s390.rpm bind-libs-lite-9.9.4-74.el7_6.1.s390x.rpm bind-utils-9.9.4-74.el7_6.1.s390x.rpm x86_64: bind-9.9.4-74.el7_6.1.x86_64.rpm bind-chroot-9.9.4-74.el7_6.1.x86_64.rpm bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-9.9.4-74.el7_6.1.i686.rpm bind-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-lite-9.9.4-74.el7_6.1.i686.rpm bind-libs-lite-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.x86_64.rpm bind-utils-9.9.4-74.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: bind-9.9.4-74.el7_6.1.src.rpm aarch64: bind-9.9.4-74.el7_6.1.aarch64.rpm bind-chroot-9.9.4-74.el7_6.1.aarch64.rpm bind-debuginfo-9.9.4-74.el7_6.1.aarch64.rpm bind-libs-9.9.4-74.el7_6.1.aarch64.rpm bind-libs-lite-9.9.4-74.el7_6.1.aarch64.rpm bind-pkcs11-9.9.4-74.el7_6.1.aarch64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.aarch64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.aarch64.rpm bind-utils-9.9.4-74.el7_6.1.aarch64.rpm noarch: bind-license-9.9.4-74.el7_6.1.noarch.rpm ppc64le: bind-9.9.4-74.el7_6.1.ppc64le.rpm bind-chroot-9.9.4-74.el7_6.1.ppc64le.rpm bind-debuginfo-9.9.4-74.el7_6.1.ppc64le.rpm bind-libs-9.9.4-74.el7_6.1.ppc64le.rpm bind-libs-lite-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.ppc64le.rpm bind-utils-9.9.4-74.el7_6.1.ppc64le.rpm s390x: bind-9.9.4-74.el7_6.1.s390x.rpm bind-chroot-9.9.4-74.el7_6.1.s390x.rpm bind-debuginfo-9.9.4-74.el7_6.1.s390.rpm bind-debuginfo-9.9.4-74.el7_6.1.s390x.rpm bind-libs-9.9.4-74.el7_6.1.s390.rpm bind-libs-9.9.4-74.el7_6.1.s390x.rpm bind-libs-lite-9.9.4-74.el7_6.1.s390.rpm bind-libs-lite-9.9.4-74.el7_6.1.s390x.rpm bind-utils-9.9.4-74.el7_6.1.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bind-debuginfo-9.9.4-74.el7_6.1.ppc.rpm bind-debuginfo-9.9.4-74.el7_6.1.ppc64.rpm bind-devel-9.9.4-74.el7_6.1.ppc.rpm bind-devel-9.9.4-74.el7_6.1.ppc64.rpm bind-lite-devel-9.9.4-74.el7_6.1.ppc.rpm bind-lite-devel-9.9.4-74.el7_6.1.ppc64.rpm bind-pkcs11-9.9.4-74.el7_6.1.ppc64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.ppc.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.ppc64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.ppc.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.ppc64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.ppc64.rpm bind-sdb-9.9.4-74.el7_6.1.ppc64.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.ppc64.rpm ppc64le: bind-debuginfo-9.9.4-74.el7_6.1.ppc64le.rpm bind-devel-9.9.4-74.el7_6.1.ppc64le.rpm bind-lite-devel-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.ppc64le.rpm bind-sdb-9.9.4-74.el7_6.1.ppc64le.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.ppc64le.rpm s390x: bind-debuginfo-9.9.4-74.el7_6.1.s390.rpm bind-debuginfo-9.9.4-74.el7_6.1.s390x.rpm bind-devel-9.9.4-74.el7_6.1.s390.rpm bind-devel-9.9.4-74.el7_6.1.s390x.rpm bind-lite-devel-9.9.4-74.el7_6.1.s390.rpm bind-lite-devel-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.s390.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.s390.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.s390x.rpm bind-sdb-9.9.4-74.el7_6.1.s390x.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.s390x.rpm x86_64: bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-devel-9.9.4-74.el7_6.1.i686.rpm bind-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-lite-devel-9.9.4-74.el7_6.1.i686.rpm bind-lite-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: bind-debuginfo-9.9.4-74.el7_6.1.aarch64.rpm bind-devel-9.9.4-74.el7_6.1.aarch64.rpm bind-lite-devel-9.9.4-74.el7_6.1.aarch64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.aarch64.rpm bind-sdb-9.9.4-74.el7_6.1.aarch64.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.aarch64.rpm ppc64le: bind-debuginfo-9.9.4-74.el7_6.1.ppc64le.rpm bind-devel-9.9.4-74.el7_6.1.ppc64le.rpm bind-lite-devel-9.9.4-74.el7_6.1.ppc64le.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.ppc64le.rpm bind-sdb-9.9.4-74.el7_6.1.ppc64le.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.ppc64le.rpm s390x: bind-debuginfo-9.9.4-74.el7_6.1.s390.rpm bind-debuginfo-9.9.4-74.el7_6.1.s390x.rpm bind-devel-9.9.4-74.el7_6.1.s390.rpm bind-devel-9.9.4-74.el7_6.1.s390x.rpm bind-lite-devel-9.9.4-74.el7_6.1.s390.rpm bind-lite-devel-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.s390.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.s390.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.s390x.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.s390x.rpm bind-sdb-9.9.4-74.el7_6.1.s390x.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.9.4-74.el7_6.1.src.rpm noarch: bind-license-9.9.4-74.el7_6.1.noarch.rpm x86_64: bind-9.9.4-74.el7_6.1.x86_64.rpm bind-chroot-9.9.4-74.el7_6.1.x86_64.rpm bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-9.9.4-74.el7_6.1.i686.rpm bind-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-libs-lite-9.9.4-74.el7_6.1.i686.rpm bind-libs-lite-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-libs-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-utils-9.9.4-74.el7_6.1.x86_64.rpm bind-utils-9.9.4-74.el7_6.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.9.4-74.el7_6.1.i686.rpm bind-debuginfo-9.9.4-74.el7_6.1.x86_64.rpm bind-devel-9.9.4-74.el7_6.1.i686.rpm bind-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-lite-devel-9.9.4-74.el7_6.1.i686.rpm bind-lite-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.i686.rpm bind-pkcs11-devel-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-9.9.4-74.el7_6.1.x86_64.rpm bind-sdb-chroot-9.9.4-74.el7_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5743 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXO7KxtzjgjWX9erEAQgq8A//Q5Ol4phAsO5vl4AXPrY/Aa2cPFQAsYsd twNvcla3/RGtC9lwna+3dJ3WTDfC1Vwtt8Nb8YC0NhiwutxvH4aO3oxB0gcRSymr xG0tWnNAONa6zFnz4r40UvbV8k62gq2dMpG6KcXpivSXZ5/3RirOZ5tLkaLM7eys IDkFbdI0B4bkmG6YKj/lgHRlZ0DZ2f0dtIa2UpY5vmE33S3IyZFlWzuqxTp4ITQQ EdQclzLSAqY3GYiAqHy5nZCM7x9MkUFToqz8jT1gdvalgpit8Ra286o6uXuqgL7J ho2+FakajgbLhYIUIzF+lxOvM/HjkrStcEVwE7OiCNBcpvi7Rg4L5hultu9QK10v R46N9fnzwLlKy0qicVIAuSjr/3Vj/e+2B23dSzTuaelkdhMcFd9VRuecOd+TPqlR hfYSuqQbwVTN6cL3SZDpXttjO3B+ipucYmVVbuoffXCDT9shweTQFGcJFbucCIcS PXHwIj23QakKWq2bA1OZIEO8tDQyuOgou5X4uAK0iS4p4KOIpv2Yh+LonxyyoTiU GLQzSr8XJMMhxNMdGmvTyIHcCRd7rlk9vj8EMYuVdhFIgd1MVhXp3XF4L7oM9WLC M3thS9i9YYSKtvAtVYEdc7JW5zUxmQz7tG41lDOP5/5nMo9klYcXiEOGw+1Rjq/B dwb7LNgk/TU=2g+S -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.4) - ppc64, ppc64le, s390x, x86_64 3

Trust: 2.43

sources: NVD: CVE-2018-5743 // JVNDB: JVNDB-2019-002957 // VULHUB: VHN-135775 // VULMON: CVE-2018-5743 // PACKETSTORM: 152776 // PACKETSTORM: 152632 // PACKETSTORM: 152781 // PACKETSTORM: 152658 // PACKETSTORM: 154767 // PACKETSTORM: 153130 // PACKETSTORM: 154423

AFFECTED PRODUCTS

vendor:iscmodel:bindscope:gteversion:9.11.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:iworkflowscope:eqversion:2.3.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:5.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:12.1.4

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.9.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:13.1.1

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.12.4

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:6.0.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:11.6.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.10.8

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:14.0.0

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.12.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:14.0.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.11.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.13.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:14.0.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.11.6

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:eqversion:15.0.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.9.3

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.10.8

Trust: 1.0

vendor:f5model:enterprise managerscope:eqversion:3.1.1

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:6.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:14.1.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.13.7

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.14.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip analyticsscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:gteversion:13.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip analyticsscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:lteversion:5.4.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip local traffic managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:14.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip domain name systemscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip fraud protection servicescope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:14.1.1

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip link controllerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:gteversion:13.0.0

Trust: 1.0

vendor:f5model:big-ip webacceleratorscope:gteversion:11.5.2

Trust: 1.0

vendor:f5model:big-ip application acceleration managerscope:lteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip edge gatewayscope:eqversion:15.0.0

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:12.1.4

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:13.1.1

Trust: 1.0

vendor:f5model:big-ip policy enforcement managerscope:lteversion:11.6.5

Trust: 1.0

vendor:f5model:big-ip global traffic managerscope:lteversion:11.6.5

Trust: 1.0

vendor:iscmodel:bindscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-002957 // NVD: CVE-2018-5743

CVSS

SEVERITY

CVSSV2

CVSSV3

JPCERT/CC: JVNDB-2019-002957
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-5743
value: HIGH

Trust: 1.0

security-officer@isc.org: CVE-2018-5743
value: HIGH

Trust: 1.0

IPA: JVNDB-2019-002957
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201904-1155
value: HIGH

Trust: 0.6

VULHUB: VHN-135775
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-5743
value: MEDIUM

Trust: 0.1

IPA: JVNDB-2019-002957
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-5743
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

JPCERT/CC: JVNDB-2019-002957
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-135775
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

JPCERT/CC: JVNDB-2019-002957
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-5743
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

security-officer@isc.org: CVE-2018-5743
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

IPA: JVNDB-2019-002957
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-135775 // VULMON: CVE-2018-5743 // JVNDB: JVNDB-2019-002957 // JVNDB: JVNDB-2019-002957 // JVNDB: JVNDB-2019-002957 // CNNVD: CNNVD-201904-1155 // NVD: CVE-2018-5743 // NVD: CVE-2018-5743

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

sources: VULHUB: VHN-135775 // NVD: CVE-2018-5743

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 152776 // PACKETSTORM: 152632 // CNNVD: CNNVD-201904-1155

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201904-1155

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-002957

PATCH

title:CVE-2018-5743: Limiting simultaneous TCP clients is ineffectiveurl:https://kb.isc.org/docs/cve-2018-5743

Trust: 0.8

title:CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.curl:https://kb.isc.org/docs/cve-2019-6467

Trust: 0.8

title:CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is usedurl:https://kb.isc.org/docs/cve-2019-6468

Trust: 0.8

title:ISC BIND Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91993

Trust: 0.6

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192977 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191145 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191492 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192698 - Security Advisory

Trust: 0.1

title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20191294 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: bind9 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3956-1

Trust: 0.1

title:Ubuntu Security Notice: bind9 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3956-2

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1244url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1244

Trust: 0.1

title:Debian CVElist Bug Report Logs: bind9: CVE-2018-5743: Limiting simultaneous TCP clients is ineffectiveurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=e2ecf48225c5d9f29642d90d21e50774

Trust: 0.1

title:Debian Security Advisories: DSA-4440-1 bind9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=544b2821aec132995469d882acc6474f

Trust: 0.1

title:Red Hat: CVE-2018-5743url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-5743

Trust: 0.1

title:Debian CVElist Bug Report Logs: bind9: CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limiturl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=247473d5aba8f01187166a35adfceab1

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics Systemurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=a0d09a7ad8163b845aadbc6389d96936

Trust: 0.1

title:IBM: IBM Security Bulletin: A vulnerability in Open Source Bind affects IBM Netezza Host Managementurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=24e164459efefe5589b2b05f26860c48

Trust: 0.1

title:Debian CVElist Bug Report Logs: bind9: CVE-2019-6465: Zone transfer controls for writable DLZ zones were not effectiveurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4f0524147ca87a483fe85c94107ccc19

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1231url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1231

Trust: 0.1

title:Debian CVElist Bug Report Logs: bind9: CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keysurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a62e24c826d0a13a259e9ab36c5d1073

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - July 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=767e8ff3a913d6c9b177c63c24420933

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=b76ca4c2e9a0948d77d969fddc7b121b

Trust: 0.1

title:Forcepoint Security Advisories: CVE-2019-6477 (BIND)url:https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=acfaaa68f2cd5ea533fe51483a0ff8e5

Trust: 0.1

title:IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-zurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ef3e54cc5cdc194f0526779f9480f89

Trust: 0.1

title:dnsonsen_advent_calendarurl:https://github.com/sischkg/dnsonsen_advent_calender

Trust: 0.1

sources: VULMON: CVE-2018-5743 // JVNDB: JVNDB-2019-002957 // CNNVD: CNNVD-201904-1155

EXTERNAL IDS

db:NVDid:CVE-2018-5743

Trust: 3.4

db:PACKETSTORMid:152658

Trust: 0.8

db:PACKETSTORMid:152632

Trust: 0.8

db:JVNid:JVNVU99876126

Trust: 0.8

db:JVNDBid:JVNDB-2019-002957

Trust: 0.8

db:CNNVDid:CNNVD-201904-1155

Trust: 0.7

db:BIDid:108077

Trust: 0.7

db:AUSCERTid:ESB-2019.1676

Trust: 0.6

db:AUSCERTid:ESB-2019.1408

Trust: 0.6

db:AUSCERTid:ESB-2019.1405.2

Trust: 0.6

db:AUSCERTid:ESB-2020.2134

Trust: 0.6

db:PACKETSTORMid:154423

Trust: 0.2

db:PACKETSTORMid:152820

Trust: 0.2

db:PACKETSTORMid:153130

Trust: 0.2

db:PACKETSTORMid:152776

Trust: 0.2

db:PACKETSTORMid:154767

Trust: 0.2

db:PACKETSTORMid:152781

Trust: 0.2

db:PACKETSTORMid:153311

Trust: 0.1

db:VULHUBid:VHN-135775

Trust: 0.1

db:VULMONid:CVE-2018-5743

Trust: 0.1

sources: VULHUB: VHN-135775 // VULMON: CVE-2018-5743 // JVNDB: JVNDB-2019-002957 // PACKETSTORM: 152776 // PACKETSTORM: 152632 // PACKETSTORM: 152781 // PACKETSTORM: 152658 // PACKETSTORM: 152820 // PACKETSTORM: 154767 // PACKETSTORM: 153130 // PACKETSTORM: 154423 // CNNVD: CNNVD-201904-1155 // NVD: CVE-2018-5743

REFERENCES

url:https://kb.isc.org/docs/cve-2018-5743

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-5743

Trust: 2.2

url:https://www.synology.com/security/advisory/synology_sa_19_20

Trust: 1.7

url:https://access.redhat.com/security/cve/cve-2018-5743

Trust: 1.0

url:https://support.f5.com/csp/article/k74009656?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5743

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6467

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6468

Trust: 0.8

url:https://www.jpcert.or.jp/at/2019/at190019.html

Trust: 0.8

url:https://jprs.jp/tech/security/2019-04-25-bind9-vuln-tcp-clients.html

Trust: 0.8

url:https://jprs.jp/tech/security/2019-04-25-bind9-vuln-nxdomain-redirect.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu99876126/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6467

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-6468

Trust: 0.8

url:https://access.redhat.com/errata/rhsa-2019:1145

Trust: 0.7

url:http://www.isc.org/products/bind/

Trust: 0.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=1702541

Trust: 0.6

url:https://support.f5.com/csp/article/k74009656?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://support.f5.com/csp/article/k74009656

Trust: 0.6

url:https://usn.ubuntu.com/3956-1/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79630

Trust: 0.6

url:https://www.auscert.org.au/bulletins/80750

Trust: 0.6

url:https://packetstormsecurity.com/files/152632/ubuntu-security-notice-usn-3956-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/79654

Trust: 0.6

url:https://vigilance.fr/vulnerability/isc-bind-measure-against-denial-of-service-ineffective-29129

Trust: 0.6

url:https://packetstormsecurity.com/files/152658/slackware-security-advisory-bind-updates.html

Trust: 0.6

url:https://www.securityfocus.com/bid/108077

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2134/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://usn.ubuntu.com/usn/usn-3956-1

Trust: 0.2

url:https://support.f5.com/csp/article/k74009656?utm_source=f5support&amp;amp;utm_medium=rss

Trust: 0.1

url:https://usn.ubuntu.com/usn/usn-3956-2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-8ubuntu1.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.11.4+dfsg-3ubuntu5.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.11.5.p1+dfsg-1ubuntu2.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.7

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-6465

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/bind9

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-5745

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:2977

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:1294

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2019:2698

Trust: 0.1

sources: VULHUB: VHN-135775 // JVNDB: JVNDB-2019-002957 // PACKETSTORM: 152776 // PACKETSTORM: 152632 // PACKETSTORM: 152781 // PACKETSTORM: 152658 // PACKETSTORM: 152820 // PACKETSTORM: 154767 // PACKETSTORM: 153130 // PACKETSTORM: 154423 // CNNVD: CNNVD-201904-1155 // NVD: CVE-2018-5743

CREDITS

Ubuntu,Slackware Security Team

Trust: 0.6

sources: CNNVD: CNNVD-201904-1155

SOURCES

db:VULHUBid:VHN-135775
db:VULMONid:CVE-2018-5743
db:JVNDBid:JVNDB-2019-002957
db:PACKETSTORMid:152776
db:PACKETSTORMid:152632
db:PACKETSTORMid:152781
db:PACKETSTORMid:152658
db:PACKETSTORMid:152820
db:PACKETSTORMid:154767
db:PACKETSTORMid:153130
db:PACKETSTORMid:154423
db:CNNVDid:CNNVD-201904-1155
db:NVDid:CVE-2018-5743

LAST UPDATE DATE

2024-11-20T19:58:02.520000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-135775date:2019-12-18T00:00:00
db:VULMONid:CVE-2018-5743date:2019-12-18T00:00:00
db:JVNDBid:JVNDB-2019-002957date:2019-12-02T00:00:00
db:CNNVDid:CNNVD-201904-1155date:2020-06-19T00:00:00
db:NVDid:CVE-2018-5743date:2023-11-07T02:58:49.943

SOURCES RELEASE DATE

db:VULHUBid:VHN-135775date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-5743date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2019-002957date:2019-04-26T00:00:00
db:PACKETSTORMid:152776date:2019-05-09T03:33:33
db:PACKETSTORMid:152632date:2019-04-25T16:00:50
db:PACKETSTORMid:152781date:2019-05-09T23:44:44
db:PACKETSTORMid:152658date:2019-04-29T10:21:11
db:PACKETSTORMid:152820date:2019-05-13T15:13:10
db:PACKETSTORMid:154767date:2019-10-08T19:58:17
db:PACKETSTORMid:153130date:2019-05-30T14:50:14
db:PACKETSTORMid:154423date:2019-09-10T23:08:50
db:CNNVDid:CNNVD-201904-1155date:2019-04-25T00:00:00
db:NVDid:CVE-2018-5743date:2019-10-09T16:15:13.763