[ASA-201902-25] bind: multiple issues

Morten Linderud foxboron at archlinux.org
Tue Feb 26 11:06:12 UTC 2019


Arch Linux Security Advisory ASA-201902-25
==========================================

Severity: High
Date    : 2019-02-25
CVE-ID  : CVE-2018-5744 CVE-2018-5745 CVE-2019-6465
Package : bind
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-915

Summary
=======

The package bind before version 9.13.7-1 is vulnerable to multiple
issues including denial of service and access restriction bypass.

Resolution
==========

Upgrade to 9.13.7-1.

# pacman -Syu "bind>=9.13.7-1"

The problems have been fixed upstream in version 9.13.7.

Workaround
==========

None.

Description
===========

- CVE-2018-5744 (denial of service)

A failure to free memory can occur when processing messages having a
specific combination of EDNS options has been found in bind before
9.13.7. By exploiting this condition, an attacker can potentially cause
named's memory use to grow without bounds until all memory available to
the process is exhausted. Typically a server process is limited as to
the amount of memory it can use but if the named process is not limited
by the operating system all free memory on the server could be
exhausted.

- CVE-2018-5745 (denial of service)

"managed-keys" is a feature which allows a BIND resolver to
automatically maintain the keys used by trust anchors which operators
configure for use in DNSSEC validation. Before 9.13.7, due to an error
in the managed-keys feature, it is possible for a BIND server which
uses managed-keys to exit due to an assertion failure if, during key
rollover, a trust anchor's keys are replaced with keys which use an
unsupported algorithm.

- CVE-2019-6465 (access restriction bypass)

Controls for zone transfers may not be properly applied to Dynamically
Loadable Zones (DLZs) if the zones are writable in bind before 9.13.7.
A client exercising this defect can request and receive a zone transfer
of a DLZ even when not permitted to do so by the allow-transfer ACL.

Impact
======

A remote user can bypass the allow-transfer ACL to access sensitive
information in a DLZ, or crash the server.

References
==========

https://kb.isc.org/docs/cve-2018-5744
https://kb.isc.org/docs/cve-2018-5745
https://kb.isc.org/docs/cve-2019-6465
https://security.archlinux.org/CVE-2018-5744
https://security.archlinux.org/CVE-2018-5745
https://security.archlinux.org/CVE-2019-6465
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20190226/101edfc2/attachment.sig>


More information about the arch-security mailing list