CVE-2018-5736

Published: August 31, 2023Last modified: August 31, 2023

Description

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

Severity score breakdown

Parameter	Value
Base score	5.3
Attack Vector	NETWORK
Attack complexity	HIGH
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity impact	NONE
Availability impact	HIGH
Vector	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	bind	Not affected (9.18.16-r0)
Alpaquita Linux	Stream	bind	Not affected (9.18.18-r0)

References

http://www.securityfocus.com/bid/104386
http://www.securitytracker.com/id/1040941
https://kb.isc.org/docs/aa-01602
https://security.netapp.com/advisory/ntap-20180926-0004/