Russian Vulnerability Scanner Database

Back to List

CVE-2018-5740

Scores

EPSS

0.645medium64.5%
0%20%40%60%80%100%

Percentile: 64.5%

CVSS

7.5high3.x
0246810

CVSS Score: 7.5/10

All CVSS Scores

CVSS 3.x
7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0
5.0

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Description

“deny-answer-aliases” is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

astradebiannvdredhatubuntu

CWEs

CWE-617

Related Vulnerabilities

BDU:2019-01628

Exploits

Exploit ID: CVE-2018-5740

Source: github-poc

URL: https://github.com/sischkg/cve-2018-5740

Recommendations

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.

URL: https://access.redhat.com/errata/RHSA-2018:2571

Source: nvd

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.

URL: https://access.redhat.com/errata/RHSA-2018:2570

Vulnerable Software (18)

Type: Configuration

Product: bind

Operating System: rhel 6

Trait: 
{  "fixed": "9.8.2-0.68.rc1.el6_10.1"}

Source: redhat

Type: Configuration

Product: bind

Operating System: rhel 7

Trait: 
{  "fixed": "9.9.4-61.el7_5.1"}

Source: redhat

Type: Configuration

Product: bind9

Operating System: debian

Trait: 
{  "fixed": "1:9.11.4.P1+dfsg-1"}

Source: debian

Type: Configuration

Product: bind9

Operating System: astra 1.6.3

Trait: 
{  "unaffected": true}

Source: astra

Type: Configuration

Product: bind9

Operating System: ubuntu bionic 18.04

Trait: 
{  "fixed": "1:9.11.3+dfsg-1ubuntu1.2"}

Source: ubuntu

Type: Configuration

Product: bind9

Operating System: ubuntu trusty 14.04

Trait: 
{  "fixed": "1:9.9.5.dfsg-3ubuntu0.18"}

Source: ubuntu

Type: Configuration

Product: bind9

Operating System: ubuntu xenial 16.04

Trait: 
{  "fixed": "1:9.10.3.dfsg.P4-8ubuntu1.11"}

Source: ubuntu

Type: Configuration

Vendor: *

Product: bind

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",      "versionEndExcluding": "9.8.8",      "versionStartIncluding": "9.7.0",      "vulnerable": true    },    {   ...

Source: nvd

Type: Configuration

Vendor: *

Product: data_ontap_edge

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: debian_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_desktop

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server_aus

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server_eus

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_workstation

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:redhat:enterprise_linux_des...

Source: nvd

Type: Configuration

Vendor: *

Product: hp-ux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: leap

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",      "vu...

Source: nvd

Type: Configuration

Vendor: *

Product: ubuntu_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*...

Source: nvd

End of list