Bug 1679303 (CVE-2018-5745) - CVE-2018-5745 bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
Summary: CVE-2018-5745 bind: An assertion failure if a trust anchor rolls over to an u...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-5745
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1679925 1679926 1683015 1683016
Blocks: 1679305
TreeView+ depends on / blocked
 
Reported: 2019-02-20 20:43 UTC by Pedro Sampaio
Modified: 2020-03-31 19:17 UTC (History)
18 users (show)

Fixed In Version: bind 9.11.5-P4, bind 9.12.3-P4
Doc Type: If docs needed, set a value
Doc Text:
An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.
Clone Of:
Environment:
Last Closed: 2019-11-06 00:52:19 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2019:3552 None None None 2019-11-05 21:09:24 UTC
Red Hat Product Errata RHSA-2020:1061 None None None 2020-03-31 19:17:36 UTC

Description Pedro Sampaio 2019-02-20 20:43:31 UTC
A flaw was found in Bind. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure causing denial of service.

Comment 1 Andrej Nemec 2019-02-22 08:58:25 UTC
External References:

https://kb.isc.org/docs/cve-2018-5745

Comment 2 Andrej Nemec 2019-02-22 09:01:18 UTC
Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1679925]


Created bind99 tracking bugs for this issue:

Affects: fedora-all [bug 1679926]

Comment 4 Tomas Hoger 2019-02-25 09:33:43 UTC
Upstream advisory notes the following versions as being affected by this issue:

9.9.0 -> 9.10.8-P1
9.11.0 -> 9.11.5-P1
9.12.0 -> 9.12.3-P1
9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition
9.13.0 -> 9.13.6 of the 9.13 development branch
versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745

Comment 5 Tomas Hoger 2019-02-25 09:35:27 UTC
Acknowledgments:

Name: ISC

Comment 11 errata-xmlrpc 2019-11-05 21:09:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2019:3552 https://access.redhat.com/errata/RHSA-2019:3552

Comment 12 Product Security DevOps Team 2019-11-06 00:52:19 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-5745

Comment 13 errata-xmlrpc 2020-03-31 19:17:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1061 https://access.redhat.com/errata/RHSA-2020:1061


Note You need to log in before you can comment on or make changes to this bug.