A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named

CVE-2018-5740

7.5HIGH

Key Information

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 16 January 2019

Badges

👾 Exploit Exists🔴 Public PoC🟣 EPSS 94%

Summary

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Affected Version(s)

BIND 9 = BIND 9 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2018-5740
Created by sischkg

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 17, 2024
Vulnerability published.
Jan 16, 2019
Vulnerability Reserved.
Jan 17, 2018

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

ISC would like to thank Tony Finch of the University of Cambridge for reporting this issue.