Fedora Account System
Red Hat Associate
Red Hat Customer
BIND was found to not properly handle certain configuration options, unintentionally permiting all clients to perform recursive queries. This occurs when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default. The permitting of recursive queries to unauthorized clients can allow for: * Increase the load on a server, possibly degrading service to authorized clients. * A server to being co-opted for use in DNS reflection attacks. * An attacker may be able to deduce which queries a server has previously serviced by examining the results of queries answered from the cache, potentially leaking private information about what queries have been performed. This affects the following versions: * 9.9.12 * 9.10.7 * 9.11.3 * 9.12.0 to 9.12.1-P2 * 9.13.0
The flaw was introduced via the following upstream commit: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=89636d8f305956ad42e95a988502c7345e85ffe1 This change has not yet been included in any bind in Red Hat Enterprise Linux.
External Reference: https://kb.isc.org/article/AA-01616/0/CVE-2018-5738
Acknowledgments: Name: ISC
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1590580] Created bind99 tracking bugs for this issue: Affects: fedora-all [bug 1590579]