1679303 – (CVE-2018-5745) CVE-2018-5745 bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

Bug 1679303 (CVE-2018-5745) - CVE-2018-5745 bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

Summary: CVE-2018-5745 bind: An assertion failure if a trust anchor rolls over to an u...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-5745
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1679925 1679926 1683015 1683016
Blocks:	1679305
TreeView+	depends on / blocked

Reported:	2019-02-20 20:43 UTC by Pedro Sampaio
Modified:	2022-03-13 17:01 UTC (History)
CC List:	18 users (show)
Fixed In Version:	bind 9.11.5-P4, bind 9.12.3-P4
Doc Type:	If docs needed, set a value
Doc Text:	An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.
Clone Of:
Environment:
Last Closed:	2019-11-06 00:52:19 UTC

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2019:3552	0	None	None	None	2019-11-05 21:09:24 UTC
Red Hat Product Errata	RHSA-2020:1061	0	None	None	None	2020-03-31 19:17:36 UTC

Description Pedro Sampaio 2019-02-20 20:43:31 UTC

A flaw was found in Bind. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure causing denial of service.

Comment 1 Andrej Nemec 2019-02-22 08:58:25 UTC

External References:

https://kb.isc.org/docs/cve-2018-5745

Comment 2 Andrej Nemec 2019-02-22 09:01:18 UTC

Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1679925]


Created bind99 tracking bugs for this issue:

Affects: fedora-all [bug 1679926]

Comment 4 Tomas Hoger 2019-02-25 09:33:43 UTC

Upstream advisory notes the following versions as being affected by this issue:

9.9.0 -> 9.10.8-P1
9.11.0 -> 9.11.5-P1
9.12.0 -> 9.12.3-P1
9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition
9.13.0 -> 9.13.6 of the 9.13 development branch
versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745

Comment 5 Tomas Hoger 2019-02-25 09:35:27 UTC

Acknowledgments:

Name: ISC

Comment 6 Huzaifa S. Sidhpurwala 2019-02-26 05:27:18 UTC

Upstream patch:

https://gitlab.isc.org/isc-projects/bind9/commit/f09352d20a9d360e50683cd1d2fc52ccedcd77a0
https://gitlab.isc.org/isc-projects/bind9/commit/38c2bdba0a5b785ef9f2da2329838b931754b3e4
https://gitlab.isc.org/isc-projects/bind9/commit/235a64a5a4c0143b183bd55f6ed756741d4d7880
https://gitlab.isc.org/isc-projects/bind9/commit/e7c12bffb

Comment 11 errata-xmlrpc 2019-11-05 21:09:23 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3552 https://access.redhat.com/errata/RHSA-2019:3552

Comment 12 Product Security DevOps Team 2019-11-06 00:52:19 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-5745

Comment 13 errata-xmlrpc 2020-03-31 19:17:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1061 https://access.redhat.com/errata/RHSA-2020:1061

Note You need to log in before you can comment on or make changes to this bug.