Bug 1578593 (CVE-2018-5737) - CVE-2018-5737 bind: Interaction between NSEC aggresive negative caching and the serve-stale feature can cause a denial of service
Summary: CVE-2018-5737 bind: Interaction between NSEC aggresive negative caching and t...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-5737
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1578904
Blocks: 1578592
TreeView+ depends on / blocked
 
Reported: 2018-05-16 00:01 UTC by Sam Fowler
Modified: 2019-09-29 14:39 UTC (History)
16 users (show)

Fixed In Version: bind 9.12.1-P2
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the "serve-stale" feature as implemented in bind. Problematic interaction between serve-stale feature and NSEC aggressive negative caching could cause denial of service.
Clone Of:
Environment:
Last Closed: 2018-05-17 04:02:18 UTC


Attachments (Terms of Use)

Description Sam Fowler 2018-05-16 00:01:43 UTC
BIND versions 9.12.0 and 9.12.1 are vulnerable to problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or an assertion failure resulting in termination of the named process.

Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service.

Comment 2 Huzaifa S. Sidhpurwala 2018-05-17 04:01:02 UTC
Statement:

This security flaw only affects bind versions 9.12.0 and 9.12.1. Since Red Hat Enterprise Linux does not ship any of these bind versions, it is not affected.


Note You need to log in before you can comment on or make changes to this bug.