CVE-2018-5737 - OpenCVE

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Data Ontap Edge Cloud Backup
Isc	Bind

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:9.12.0:::::::*
	cpe:2.3:a:isc:bind:9.12.1:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:data_ontap_edge:-:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/104236	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040942	Third Party Advisory VDB Entry
https://kb.isc.org/docs/aa-01606	Vendor Advisory
https://security.netapp.com/advisory/ntap-20180926-0004/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: isc

Published: 2018-05-18T00:00:00

Updated: 2019-01-17T10:57:01

Reserved: 2018-01-17T00:00:00

Link: CVE-2018-5737

JSON object: View

NVD Information

Status : Modified

Published: 2019-01-16T20:29:00.877

Modified: 2019-10-09T23:41:33.157

Link: CVE-2018-5737

JSON object: View

Redhat Information

No data.

CWE

CWE-617

{"containers": {"cna": {"affected": [{"product": "BIND 9", "vendor": "ISC", "versions": [{"status": "affected", "version": "9.12.0 and 9.12.1"}]}], "credits": [{"lang": "en", "value": "ISC would like to thank Tony Finch of the University of Cambridge for his assistance in discovering and analyzing this vulnerability."}], "datePublic": "2018-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-01-17T10:57:01", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"name": "104236", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104236"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/aa-01606"}, {"name": "1040942", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040942"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/"}], "solutions": [{"lang": "en", "value": "The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2"}], "source": {"discovery": "UNKNOWN"}, "title": "BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.", "workarounds": [{"lang": "en", "value": "Setting \"max-stale-ttl 0;\" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)\n\nSetting \"stale-answer enable off;\" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero."}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2018-05-18T00:00:00.000Z", "ID": "CVE-2018-5737", "STATE": "PUBLIC", "TITLE": "BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled."}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIND 9", "version": {"version_data": [{"version_value": "9.12.0 and 9.12.1"}]}}]}, "vendor_name": "ISC"}]}}, "credit": [{"lang": "eng", "value": "ISC would like to thank Tony Finch of the University of Cambridge for his assistance in discovering and analyzing this vulnerability."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk."}]}]}, "references": {"reference_data": [{"name": "104236", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104236"}, {"name": "https://kb.isc.org/docs/aa-01606", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/aa-01606"}, {"name": "1040942", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040942"}, {"name": "https://security.netapp.com/advisory/ntap-20180926-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180926-0004/"}]}, "solution": [{"lang": "en", "value": "The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2"}], "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Setting \"max-stale-ttl 0;\" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)\n\nSetting \"stale-answer enable off;\" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero."}]}}}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2018-5737", "datePublished": "2018-05-18T00:00:00", "dateReserved": "2018-01-17T00:00:00", "dateUpdated": "2019-01-17T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DCE4BD2-2256-473F-B17F-192CAC145DF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "440CFE40-C9B7-4E6E-800D-DD595F8FC38E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1."}, {"lang": "es", "value": "Un problema con la implementaci\u00f3n de la nueva caracter\u00edstica \"serve-stale\" en BIND 9.12 puede conducir a un fallo de aserci\u00f3n en rbtdb.c, incluso cuando stale-answer-enable est\u00e1 desactivado. Adem\u00e1s, la interacci\u00f3n problem\u00e1tica entre la caracter\u00edstica serve-stale y el cacheo negativo agresivo NSEC puede provocar en algunos casos un comportamiento no deseado en named, como un bucle de recursi\u00f3n o el registro excesivo. La explotaci\u00f3n deliberada de esta condici\u00f3n podr\u00eda provocar problemas operativos sobre la manifestaci\u00f3n concreta, ya sea una degradaci\u00f3n o una denegaci\u00f3n de servicio (DoS). Afecta a BIND en versiones 9.12.0 y 9.12.1."}], "id": "CVE-2018-5737", "lastModified": "2019-10-09T23:41:33.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}]}, "published": "2019-01-16T20:29:00.877", "references": [{"source": "security-officer@isc.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104236"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040942"}, {"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/aa-01606"}, {"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180926-0004/"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}