Bug 1578591 (CVE-2018-5736) - CVE-2018-5736 bind: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c
Summary: CVE-2018-5736 bind: Multiple transfers of a zone in quick succession can caus...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-5736
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1578903
Blocks: 1578592
TreeView+ depends on / blocked
 
Reported: 2018-05-15 23:52 UTC by Sam Fowler
Modified: 2019-09-29 14:39 UTC (History)
16 users (show)

Fixed In Version: bind 9.12.1-P2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the way zone databases were handled by bind. An attacker with permissions to initiate a zone transfer could cause bind to crash.
Clone Of:
Environment:
Last Closed: 2018-05-17 04:01:31 UTC


Attachments (Terms of Use)

Description Sam Fowler 2018-05-15 23:52:04 UTC
BIND versions 9.12.0 and 9.12.1 have an error in zone database reference counting that can lead to an assertion failure if a server attempts several transfers of a slave zone in quick succession.

This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test.

Comment 2 Huzaifa S. Sidhpurwala 2018-05-17 03:59:20 UTC
Statement:

This security flaw only affects bind versions 9.12.0 and 9.12.1. Since Red Hat Enterprise Linux does not ship any of these bind versions, it is not affected.


Note You need to log in before you can comment on or make changes to this bug.