admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 14:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-16 15:05:38 -05:00
parent 3772227d7b
commit b6a704aa3b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
20 changed files with 1150 additions and 1168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
2016/9xxx/CVE-2016-9778.json
View File

@ -1,97 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-01-11T00:00:00.000Z",
"ID": "CVE-2016-9778",
"STATE": "PUBLIC",
"TITLE": "An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-01-11T00:00:00.000Z",
"ID" : "CVE-2016-9778",
"STATE" : "PUBLIC",
"TITLE" : "An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_name": "BIND 9",
"version_value": "9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1"
"version_name" : "BIND 9",
"version_value" : "9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes.\n\nPlease note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1."
"lang" : "eng",
"value" : "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Only servers which are performing NXDOMAIN redirection using the \"nxdomain-redirect\" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients."
"lang" : "eng",
"value" : "Only servers which are performing NXDOMAIN redirection using the \"nxdomain-redirect\" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/article/AA-01442/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01442/"
"name" : "https://kb.isc.org/article/AA-01442/",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01442/"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.11.0-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.9.9-S7 "
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.11.0-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.9.9-S7 "
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Either provide an ordinary (that is: not redirected) NXDOMAIN for non-existent resource records in zones for which authoritative data is served on the same server or use redirect zones instead of the nxdomain-redirect feature."
"lang" : "eng",
"value" : "Either provide an ordinary (that is: not redirected) NXDOMAIN for non-existent resource records in zones for which authoritative data is served on the same server or use redirect zones instead of the nxdomain-redirect feature."
}
]
}

125
2017/3xxx/CVE-2017-3135.json
View File

@ -1,109 +1,108 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-02-08T00:00:00.000Z",
"ID": "CVE-2017-3135",
"STATE": "PUBLIC",
"TITLE": "Combination of DNS64 and RPZ Can Lead to Crash"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-02-08T00:00:00.000Z",
"ID" : "CVE-2017-3135",
"STATE" : "PUBLIC",
"TITLE" : "Combination of DNS64 and RPZ Can Lead to Crash"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_name": "BIND 9",
"version_value": "9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1"
"version_name" : "BIND 9",
"version_value" : "9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition."
"lang" : "eng",
"value" : "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition."
}
],
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox) for reporting the issue and assisting us in the investigation."
"lang" : "eng",
"value" : "ISC would like to thank Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox) for reporting the issue and assisting us in the investigation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1."
"lang" : "eng",
"value" : "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition. When this condition occurs, it will result in either an INSIST assertion failure (and subsequent abort) or an attempt to read through a NULL pointer. On most platforms a NULL pointer read leads to a segmentation fault (SEGFAULT), which causes the process to be terminated.\n\nOnly servers which are configured to simultaneously use both Response Policy Zones (RPZ) and DNS64 (a method for synthesizing AAAA records from A records) can be affected by this vulnerability."
"lang" : "eng",
"value" : "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition. When this condition occurs, it will result in either an INSIST assertion failure (and subsequent abort) or an attempt to read through a NULL pointer. On most platforms a NULL pointer read leads to a segmentation fault (SEGFAULT), which causes the process to be terminated.\n\nOnly servers which are configured to simultaneously use both Response Policy Zones (RPZ) and DNS64 (a method for synthesizing AAAA records from A records) can be affected by this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01453",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01453"
"name" : "https://kb.isc.org/docs/aa-01453",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01453"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P6\n BIND 9 version 9.10.4-P6\n BIND 9 version 9.11.0-P3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S8"
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P6\n BIND 9 version 9.10.4-P6\n BIND 9 version 9.11.0-P3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S8"
}
],
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability."
"lang" : "eng",
"value" : "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability."
}
]
}

117
2017/3xxx/CVE-2017-3136.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-03-12T00:00:00.000Z",
"ID": "CVE-2017-3136",
"STATE": "PUBLIC",
"TITLE": "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\""
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-03-12T00:00:00.000Z",
"ID" : "CVE-2017-3136",
"STATE" : "PUBLIC",
"TITLE" : "An error handling synthesized records could cause an assertion failure when using DNS64 with \"break-dnssec yes;\""
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8"
"version_value" : "9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability."
"lang" : "eng",
"value" : "ISC would like to thank Oleg Gorokhov of Yandex for making us aware of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate.\n\nAn attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8."
"lang" : "eng",
"value" : "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 5.9,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use."
"lang" : "eng",
"value" : "Servers are at risk if they are configured to use DNS64 and if the option \"break-dnssec yes;\" is in use."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01465",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01465"
"name" : "https://kb.isc.org/docs/aa-01465",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01465"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect."
"lang" : "eng",
"value" : "Servers which have configurations which require DNS64 and \"break-dnssec yes;\" should upgrade. Servers which are not using these features in conjunction are not at risk from this defect."
}
]
}

111
2017/3xxx/CVE-2017-3137.json
View File

@ -1,96 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-03-12T00:00:00.000Z",
"ID": "CVE-2017-3137",
"STATE": "PUBLIC",
"TITLE": "A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-03-12T00:00:00.000Z",
"ID" : "CVE-2017-3137",
"STATE" : "PUBLIC",
"TITLE" : "A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8"
"version_value" : "9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8."
"lang" : "eng",
"value" : "Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "A server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering. An attacker can cause a denial of service by exploiting this condition. Recursive resolvers are at highest risk but authoritative servers are theoretically vulnerable if they perform recursion."
"lang" : "eng",
"value" : "A server which is performing recursion can be forced to exit with an assertion failure if it can be caused to receive a response containing CNAME or DNAME resource records with certain ordering. An attacker can cause a denial of service by exploiting this condition. Recursive resolvers are at highest risk but authoritative servers are theoretically vulnerable if they perform recursion."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01466",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01466"
"name" : "https://kb.isc.org/docs/aa-01466",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01466"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"
"lang" : "eng",
"value" : " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "None known.\n\n"
"lang" : "eng",
"value" : "None known.\n\n"
}
]
}

117
2017/3xxx/CVE-2017-3138.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-03-12T00:00:00.000Z",
"ID": "CVE-2017-3138",
"STATE": "PUBLIC",
"TITLE": " named exits with a REQUIRE assertion failure if it receives a null command string on its control channel"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-03-12T00:00:00.000Z",
"ID" : "CVE-2017-3138",
"STATE" : "PUBLIC",
"TITLE" : " named exits with a REQUIRE assertion failure if it receives a null command string on its control channel"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9"
"version_value" : "9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention."
"lang" : "eng",
"value" : "ISC would like to thank Mike Lalumiere of Dyn, Inc., for bringing this issue to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc.\n\nA regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9."
"lang" : "eng",
"value" : "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key. Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them. In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel. Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server. The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution."
"lang" : "eng",
"value" : "The BIND control channel is not configured by default, but when configured will accept commands from those IP addresses that are specified in its access control list and/or from clients which present the proper transaction key. Using this defect, an attacker can cause a running server to stop if they can get it to accept control channel input from them. In most instances this is not as bad as it sounds, because existing commands permitted over the control channel (i.e. \"rndc stop\") can already be given to cause the server to stop.\n\nHowever, BIND 9.11.0 introduced a new option to allow \"read only\" commands over the command channel. Using this restriction, a server can be configured to limit specified clients to giving control channel commands which return information only (e.g. \"rndc status\") without affecting the operational state of the server. The defect described in this advisory, however, is not properly stopped by the \"read only\" restriction, in essence permitting a privilege escalation allowing a client which should only be permitted the limited set of \"read only\" operations to cause the server to stop execution."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01471",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01471"
"name" : "https://kb.isc.org/docs/aa-01471",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01471"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P8\n BIND 9 version 9.10.4-P8\n BIND 9 version 9.11.0-P5\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S10\n\nNew maintenance releases of BIND are also scheduled which contain the fix for this vulnerability. In addition to the security releases listed above, fixes for this vulnerability are also included in these release candidate versions:\n\n BIND 9 version 9.9.10rc3\n BIND 9 version 9.10.5rc3\n BIND 9 version 9.11.1rc3"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "None. However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both.\n"
"lang" : "eng",
"value" : "None. However, in a properly configured server, access to the control channel should already be limited by either network ACLs, TSIG keys, or both.\n"
}
]
}

117
2017/3xxx/CVE-2017-3140.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-06-14T00:00:00.000Z",
"ID": "CVE-2017-3140",
"STATE": "PUBLIC",
"TITLE": " An error processing RPZ rules can cause named to loop endlessly after handling a query"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-06-14T00:00:00.000Z",
"ID" : "CVE-2017-3140",
"STATE" : "PUBLIC",
"TITLE" : " An error processing RPZ rules can cause named to loop endlessly after handling a query"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1"
"version_value" : "9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention."
"lang" : "eng",
"value" : "ISC would like to thank Oli Schacher of Switch for bringing this defect to our attention."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1."
"lang" : "eng",
"value" : "If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 3.7,
"baseSeverity" : "LOW",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "A server is potentially vulnerable to degradation of service if\n\n the server is configured to use RPZ,\n the server uses NSDNAME or NSIP policy rules, and\n an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation. It is for this reason that the decision was made to issue this advisory despite its low CVSS score."
"lang" : "eng",
"value" : "A server is potentially vulnerable to degradation of service if\n\n the server is configured to use RPZ,\n the server uses NSDNAME or NSIP policy rules, and\n an attacker can cause the server to process a specific query\n\nSuccessful exploitation of this condition will cause named to enter a state where it continues to loop while processing the query without ever reaching an end state. While in this state, named repeatedly queries the same sets of authoritative nameservers and this behavior will usually persist indefinitely beyond the normal client query processing timeout. By triggering this condition multiple times, an attacker could cause a deliberate and substantial degradation in service.\n\nOperators of servers that meet the above conditions 1. and 2. may also accidentally encounter this defect during normal operation. It is for this reason that the decision was made to issue this advisory despite its low CVSS score."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01495",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01495"
"name" : "https://kb.isc.org/docs/aa-01495",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01495"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2"
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur. You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect."
"lang" : "eng",
"value" : "Only the NSDNAME and NSIP RPZ rule types can cause this condition to occur. You can work around this vulnerability if you are able to express your desired policy while avoiding NSDNAME or NSIP rules, otherwise it is advised that you upgrade to a version which corrects the defect."
}
]
}

123
2017/3xxx/CVE-2017-3141.json
View File

@ -1,108 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-06-14T00:00:00.000Z",
"ID": "CVE-2017-3141",
"STATE": "PUBLIC",
"TITLE": "Windows service and uninstall paths are not quoted when BIND is installed"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-06-14T00:00:00.000Z",
"ID" : "CVE-2017-3141",
"STATE" : "PUBLIC",
"TITLE" : "Windows service and uninstall paths are not quoted when BIND is installed"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1"
"version_value" : "9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank John Page aka hyp3rlinx for reporting this issue."
"lang" : "eng",
"value" : "ISC would like to thank John Page aka hyp3rlinx for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1."
"lang" : "eng",
"value" : "The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "No known active exploits but this generic weakness is already a well-known attack vector if user file access permissions do not adequately prevent the installation of malicious executables. "
"lang" : "eng",
"value" : "No known active exploits but this generic weakness is already a well-known attack vector if user file access permissions do not adequately prevent the installation of malicious executables. "
}
],
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.2,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "This vulnerability exists in the installer delivered with BIND for Windows and not within BIND itself. Non-Windows builds and installations are unaffected. A manual installation of BIND where the service path is quoted when added would not be at risk."
"lang" : "eng",
"value" : "This vulnerability exists in the installer delivered with BIND for Windows and not within BIND itself. Non-Windows builds and installations are unaffected. A manual installation of BIND where the service path is quoted when added would not be at risk."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01496",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01496"
"name" : "https://kb.isc.org/docs/aa-01496",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01496"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2"
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "BIND installations on Windows are not at risk if the host file permissions prevent creation of a binary in a location where the service executor would run it instead of named.exe."
"lang" : "eng",
"value" : "BIND installations on Windows are not at risk if the host file permissions prevent creation of a binary in a location where the service executor would run it instead of named.exe."
}
]
}

117
2017/3xxx/CVE-2017-3142.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-06-29T00:00:00.000Z",
"ID": "CVE-2017-3142",
"STATE": "PUBLIC",
"TITLE": "An error in TSIG authentication can permit unauthorized zone transfers"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-06-29T00:00:00.000Z",
"ID" : "CVE-2017-3142",
"STATE" : "PUBLIC",
"TITLE" : "An error in TSIG authentication can permit unauthorized zone transfers"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2"
"version_value" : "9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Clément Berthaux from Synacktiv for reporting this issue.\n"
"lang" : "eng",
"value" : "ISC would like to thank Clément Berthaux from Synacktiv for reporting this issue.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2."
"lang" : "eng",
"value" : "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "An unauthorized AXFR (full zone transfer) permits an attacker to view the entire contents of a zone. Protection of zone contents is often a commercial or business requirement. \nIf accepted, a NOTIFY sets the zone refresh interval to 'now'. If there is not already a refresh cycle in progress then named will initiate one by asking for the SOA RR from its list of masters. If there is already a refresh cycle in progress, then named will queue the new refresh request. If there is already a queued refresh request, the new NOTIFY will be discarded. Bogus notifications can't be used to force a zone transfer from a malicious server, but could trigger a high rate of zone refresh cycles."
"lang" : "eng",
"value" : "An unauthorized AXFR (full zone transfer) permits an attacker to view the entire contents of a zone. Protection of zone contents is often a commercial or business requirement. \nIf accepted, a NOTIFY sets the zone refresh interval to 'now'. If there is not already a refresh cycle in progress then named will initiate one by asking for the SOA RR from its list of masters. If there is already a refresh cycle in progress, then named will queue the new refresh request. If there is already a queued refresh request, the new NOTIFY will be discarded. Bogus notifications can't be used to force a zone transfer from a malicious server, but could trigger a high rate of zone refresh cycles."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01504",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01504"
"name" : "https://kb.isc.org/docs/aa-01504",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01504"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P2\n BIND 9 version 9.10.5-P2\n BIND 9 version 9.11.1-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S3\n BIND 9 version 9.10.5-S3"
"lang" : "eng",
"value" : " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P2\n BIND 9 version 9.10.5-P2\n BIND 9 version 9.11.1-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S3\n BIND 9 version 9.10.5-S3"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in conjunction. For information on how to configure this type of compound authentication control, please see: https://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html. (Note that this technique may not be effective against bogus NOTIFY packets if an attacker is able to reach the target DNS server whilst using a spoofed sending address)."
"lang" : "eng",
"value" : "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in conjunction. For information on how to configure this type of compound authentication control, please see: https://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html. (Note that this technique may not be effective against bogus NOTIFY packets if an attacker is able to reach the target DNS server whilst using a spoofed sending address)."
}
]
}

117
2017/3xxx/CVE-2017-3143.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-06-29T00:00:00.000Z",
"ID": "CVE-2017-3143",
"STATE": "PUBLIC",
"TITLE": "An error in TSIG authentication can permit unauthorized dynamic updates"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-06-29T00:00:00.000Z",
"ID" : "CVE-2017-3143",
"STATE" : "PUBLIC",
"TITLE" : "An error in TSIG authentication can permit unauthorized dynamic updates"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2"
"version_value" : "9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Clément Berthaux from Synacktiv for reporting this issue.\n"
"lang" : "eng",
"value" : "ISC would like to thank Clément Berthaux from Synacktiv for reporting this issue.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2."
"lang" : "eng",
"value" : "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "A server that relies solely on TSIG keys with no other address-based ACL protection could be vulnerable to malicious zone content manipulation using this technique.\n\nNote that the local update policy (configured with \"update-policy local;\" in named.conf) implicitly defines a key with a known key name (local-ddns) and default algorithm and no IP-based access controls on the zone updates. In conjunction with this failure in TSIG verification, \"update-policy local\" is potentially very dangerous."
"lang" : "eng",
"value" : "A server that relies solely on TSIG keys with no other address-based ACL protection could be vulnerable to malicious zone content manipulation using this technique.\n\nNote that the local update policy (configured with \"update-policy local;\" in named.conf) implicitly defines a key with a known key name (local-ddns) and default algorithm and no IP-based access controls on the zone updates. In conjunction with this failure in TSIG verification, \"update-policy local\" is potentially very dangerous."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01503",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01503"
"name" : "https://kb.isc.org/docs/aa-01503",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01503"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P2\n BIND 9 version 9.10.5-P2\n BIND 9 version 9.11.1-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S3\n BIND 9 version 9.10.5-S3"
"lang" : "eng",
"value" : " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P2\n BIND 9 version 9.10.5-P2\n BIND 9 version 9.11.1-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S3\n BIND 9 version 9.10.5-S3"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in conjunction. For information on how to configure this type of compound authentication control, please see: https://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html.\n\nAdministrators who have made use of named.conf option \"update-policy local;\" should patch their servers as soon as possible and if this is not possible should replace the update-policy configuration statement with an allow-update statement implementing the key requirement for updates but additionally imposing an IP ACL limitation, e.g.:\n\nallow-update { !{ !localhost; }; key local-ddns; };\n"
"lang" : "eng",
"value" : "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in conjunction. For information on how to configure this type of compound authentication control, please see: https://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html.\n\nAdministrators who have made use of named.conf option \"update-policy local;\" should patch their servers as soon as possible and if this is not possible should replace the update-policy configuration statement with an allow-update statement implementing the key requirement for updates but additionally imposing an IP ACL limitation, e.g.:\n\nallow-update { !{ !localhost; }; key local-ddns; };\n"
}
]
}

107
2017/3xxx/CVE-2017-3144.json
View File

@ -1,91 +1,90 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
"ID": "CVE-2017-3144",
"STATE": "PUBLIC",
"TITLE": "Failure to properly clean up closed OMAPI connections can exhaust available sockets"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-01-16T00:00:00.000Z",
"ID" : "CVE-2017-3144",
"STATE" : "PUBLIC",
"TITLE" : "Failure to properly clean up closed OMAPI connections can exhaust available sockets"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
"product_name" : "ISC DHCP",
"version" : {
"version_data" : [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
"version_name" : "ISC DHCP",
"version_value" : "4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
"lang" : "eng",
"value" : "A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."
"lang" : "eng",
"value" : "By intentionally exploiting this vulnerability an attacker who is permitted to establish connections to the OMAPI control port can exhaust the pool of socket descriptors available to the DHCP server.\n\nOnce exhausted, the server will not accept additional connections, potentially denying access to legitimate connections from the server operator. While the server will continue to receive and service DHCP client requests, the operator can be blocked from the ability to use OMAPI to control server state, add new lease reservations, etc."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01541",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01541"
"name" : "https://kb.isc.org/docs/aa-01541",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01541"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
"lang" : "eng",
"value" : "The recommended remedy is to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation)."
}
]
}

117
2017/3xxx/CVE-2017-3145.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-01-16T00:00:00.000Z",
"ID": "CVE-2017-3145",
"STATE": "PUBLIC",
"TITLE": "Improper fetch cleanup sequencing in the resolver can cause named to crash"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-01-16T00:00:00.000Z",
"ID" : "CVE-2017-3145",
"STATE" : "PUBLIC",
"TITLE" : "Improper fetch cleanup sequencing in the resolver can cause named to crash"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1"
"version_value" : "9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Jayachandran Palanisamy of Cygate AB for making us aware of this vulnerability."
"lang" : "eng",
"value" : "ISC would like to thank Jayachandran Palanisamy of Cygate AB for making us aware of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1."
"lang" : "eng",
"value" : "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "While this bug has existed in BIND since 9.0.0, there are no known code paths leading to it in ISC releases prior to those containing the fix for CVE-2017-3137. Thus while all instances of BIND ought to be patched, only ISC versions [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1] acting as DNSSEC validating resolvers are currently known to crash due to this bug. The known crash is an assertion failure in netaddr.c."
"lang" : "eng",
"value" : "While this bug has existed in BIND since 9.0.0, there are no known code paths leading to it in ISC releases prior to those containing the fix for CVE-2017-3137. Thus while all instances of BIND ought to be patched, only ISC versions [9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2, 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1] acting as DNSSEC validating resolvers are currently known to crash due to this bug. The known crash is an assertion failure in netaddr.c."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01542",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01542"
"name" : "https://kb.isc.org/docs/aa-01542",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01542"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.11-P1\n BIND 9 version 9.10.6-P1\n BIND 9 version 9.11.2-P1\n BIND 9 version 9.12.0rc2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.11-S2\n BIND 9 version 9.10.6-S2"
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.11-P1\n BIND 9 version 9.10.6-P1\n BIND 9 version 9.11.2-P1\n BIND 9 version 9.12.0rc2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.11-S2\n BIND 9 version 9.10.6-S2"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "If an operator is experiencing crashes due to this, temporarily disabling DNSSEC validation can be used to avoid the known problematic code path while replacement builds are prepared."
"lang" : "eng",
"value" : "If an operator is experiencing crashes due to this, temporarily disabling DNSSEC validation can be used to avoid the known problematic code path while replacement builds are prepared."
}
]
}

101
2018/15xxx/CVE-2018-15782.json
View File

@ -1,83 +1,84 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-01-03T06:00:00.000Z",
"ID": "CVE-2018-15782",
"STATE": "PUBLIC",
"TITLE": "DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2019-01-03T06:00:00.000Z",
"ID" : "CVE-2018-15782",
"STATE" : "PUBLIC",
"TITLE" : "DSA-2018-226: RSA® Authentication Manager Relative Path Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "RSA Authentication Manager",
"version": {
"version_data": [
"product_name" : "RSA Authentication Manager",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "8.4"
"affected" : "<",
"version_value" : "8.4"
}
]
}
}
]
},
"vendor_name": "Dell"
"vendor_name" : "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path \ntraversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if \nused during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker \nunauthorized access to that system."
"lang" : "eng",
"value" : "The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.7,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "relative path traversal vulnerability"
"lang" : "eng",
"value" : "relative path traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://seclists.org/fulldisclosure/2019/Jan/18"
"name" : "20190103 DSA-2018-226: RSA Authentication Manager Relative Path Traversal Vulnerability",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2019/Jan/18"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

113
2018/5xxx/CVE-2018-5733.json
View File

@ -1,97 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5733",
"STATE": "PUBLIC",
"TITLE": "A malicious client can overflow a reference counter in ISC dhcpd"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-02-28T00:00:00.000Z",
"ID" : "CVE-2018-5733",
"STATE" : "PUBLIC",
"TITLE" : "A malicious client can overflow a reference counter in ISC dhcpd"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ISC DHCP",
"version": {
"version_data": [
"product_name" : "ISC DHCP",
"version" : {
"version_data" : [
{
"version_name": "ISC DHCP",
"version_value": "4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0"
"version_name" : "ISC DHCP",
"version_value" : "4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
"lang" : "eng",
"value" : "ISC would like to thank Felix Wilhelm, Google Security Team, for reporting this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0."
"lang" : "eng",
"value" : "A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 5.9,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients."
"lang" : "eng",
"value" : "Successful exploitation of this vulnerability may exhaust the memory available to dhcpd and/or cause it to crash, resulting in a denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01567",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01567"
"name" : "https://kb.isc.org/docs/aa-01567",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01567"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of DHCP.\n\n DHCP 4.1-ESV-R15-P1\n DHCP 4.3.6-P1\n DHCP 4.4.1"
}
],
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
}
}

111
2018/5xxx/CVE-2018-5734.json
View File

@ -1,96 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5734",
"STATE": "PUBLIC",
"TITLE": "A malformed request can trigger an assertion failure in badcache.c"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-02-28T00:00:00.000Z",
"ID" : "CVE-2018-5734",
"STATE" : "PUBLIC",
"TITLE" : "A malformed request can trigger an assertion failure in badcache.c"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2"
"version_value" : "9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2."
"lang" : "eng",
"value" : "While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view."
"lang" : "eng",
"value" : "Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01562",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01562"
"name" : "https://kb.isc.org/docs/aa-01562",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01562"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to the patched release.\n\n No publicly released versions of BIND are affected\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.10.6-S3"
"lang" : "eng",
"value" : "Upgrade to the patched release.\n\n No publicly released versions of BIND are affected\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.10.6-S3"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Disabling the SERVFAIL cache with 'servfail-ttl 0;' will prevent taking the code path that leads to the assertion failure."
"lang" : "eng",
"value" : "Disabling the SERVFAIL cache with 'servfail-ttl 0;' will prevent taking the code path that leads to the assertion failure."
}
]
}

117
2018/5xxx/CVE-2018-5736.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-05-18T00:00:00.000Z",
"ID": "CVE-2018-5736",
"STATE": "PUBLIC",
"TITLE": "Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-05-18T00:00:00.000Z",
"ID" : "CVE-2018-5736",
"STATE" : "PUBLIC",
"TITLE" : "Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.12.0 and 9.12.1"
"version_value" : "9.12.0 and 9.12.1"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank SWITCH for informing us of this vulnerability."
"lang" : "eng",
"value" : "ISC would like to thank SWITCH for informing us of this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1."
"lang" : "eng",
"value" : "An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Authoritative servers that serve slave zones are vulnerable to potential denial of service if all of the following are true:\n\n they are running an affected version of BIND (BIND 9.12.0 or 9.12.1)\n at least one of the zones for which they are providing service is of type \"slave\"\n they permit NOTIFY messages from any source."
"lang" : "eng",
"value" : "Authoritative servers that serve slave zones are vulnerable to potential denial of service if all of the following are true:\n\n they are running an affected version of BIND (BIND 9.12.0 or 9.12.1)\n at least one of the zones for which they are providing service is of type \"slave\"\n they permit NOTIFY messages from any source."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01602",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01602"
"name" : "https://kb.isc.org/docs/aa-01602",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01602"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The reference counting error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1.\n\nIf you are running an affected version then upgrade to BIND 9.12.1-P1"
"lang" : "eng",
"value" : "The reference counting error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1.\n\nIf you are running an affected version then upgrade to BIND 9.12.1-P1"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "For servers which must receive notifies to keep slave zone contents current, no complete workarounds are known although restricting BIND to only accept NOTIFY messages from authorized sources can greatly mitigate the risk of attack."
"lang" : "eng",
"value" : "For servers which must receive notifies to keep slave zone contents current, no complete workarounds are known although restricting BIND to only accept NOTIFY messages from authorized sources can greatly mitigate the risk of attack."
}
]
}

117
2018/5xxx/CVE-2018-5737.json
View File

@ -1,102 +1,101 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-05-18T00:00:00.000Z",
"ID": "CVE-2018-5737",
"STATE": "PUBLIC",
"TITLE": "BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled."
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-05-18T00:00:00.000Z",
"ID" : "CVE-2018-5737",
"STATE" : "PUBLIC",
"TITLE" : "BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled."
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.12.0 and 9.12.1"
"version_value" : "9.12.0 and 9.12.1"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Tony Finch of the University of Cambridge for his assistance in discovering and analyzing this vulnerability."
"lang" : "eng",
"value" : "ISC would like to thank Tony Finch of the University of Cambridge for his assistance in discovering and analyzing this vulnerability."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1."
"lang" : "eng",
"value" : "A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 5.9,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk."
"lang" : "eng",
"value" : "Servers running a vulnerable version of BIND (9.12.0, 9.12.1) which permit recursion to clients and which have the max-stale-ttl parameter set to a non-zero value are at risk."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01606",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01606"
"name" : "https://kb.isc.org/docs/aa-01606",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01606"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2"
"lang" : "eng",
"value" : "The error which can be exploited in this vulnerability is present in only two public release versions of BIND, 9.12.0 and 9.12.1. If you are running an affected version then upgrade to BIND 9.12.1-P2"
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "Setting \"max-stale-ttl 0;\" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)\n\nSetting \"stale-answer enable off;\" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero."
"lang" : "eng",
"value" : "Setting \"max-stale-ttl 0;\" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)\n\nSetting \"stale-answer enable off;\" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero."
}
]
}

123
2018/5xxx/CVE-2018-5738.json
View File

@ -1,108 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-05-18T00:00:00.000Z",
"ID": "CVE-2018-5738",
"STATE": "PUBLIC",
"TITLE": "Some versions of BIND can improperly permit recursive query service to unauthorized clients"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-05-18T00:00:00.000Z",
"ID" : "CVE-2018-5738",
"STATE" : "PUBLIC",
"TITLE" : "Some versions of BIND can improperly permit recursive query service to unauthorized clients"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_value": "9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition."
"version_value" : "9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition."
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": " ISC would like to thank Andrew Skalski for reporting this issue."
"lang" : "eng",
"value" : " ISC would like to thank Andrew Skalski for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the \"allow-recursion\" setting, it SHOULD default to one of the following: none, if \"recursion no;\" is set in named.conf; a value inherited from the \"allow-query-cache\" or \"allow-query\" settings IF \"recursion yes;\" (the default for that setting) AND match lists are explicitly set for \"allow-query-cache\" or \"allow-query\" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of \"allow-recursion {localhost; localnets;};\" if \"recursion yes;\" is in effect and no values are explicitly set for \"allow-query-cache\" or \"allow-query\". However, because of the regression introduced by change #4777, it is possible when \"recursion yes;\" is in effect and no match list values are provided for \"allow-query-cache\" or \"allow-query\" for the setting of \"allow-recursion\" to inherit a setting of all hosts from the \"allow-query\" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition."
"lang" : "eng",
"value" : "Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the \"allow-recursion\" setting, it SHOULD default to one of the following: none, if \"recursion no;\" is set in named.conf; a value inherited from the \"allow-query-cache\" or \"allow-query\" settings IF \"recursion yes;\" (the default for that setting) AND match lists are explicitly set for \"allow-query-cache\" or \"allow-query\" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of \"allow-recursion {localhost; localnets;};\" if \"recursion yes;\" is in effect and no values are explicitly set for \"allow-query-cache\" or \"allow-query\". However, because of the regression introduced by change #4777, it is possible when \"recursion yes;\" is in effect and no match list values are provided for \"allow-query-cache\" or \"allow-query\" for the setting of \"allow-recursion\" to inherit a setting of all hosts from the \"allow-query\" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition."
}
]
},
"exploit": [
"exploit" : [
{
"lang": "eng",
"value": "We are not aware of any exploits deliberately targeting this specific defect but it is not uncommon for scanners to search for open resolvers for use in reflection attacks and other mischief. We have at least one report from an operator who discovered that unauthorized clients were successfully making queries to his server and it is reasonable to assume that other servers with similar configurations may be currently affected although their operators are unaware."
"lang" : "eng",
"value" : "We are not aware of any exploits deliberately targeting this specific defect but it is not uncommon for scanners to search for open resolvers for use in reflection attacks and other mischief. We have at least one report from an operator who discovered that unauthorized clients were successfully making queries to his server and it is reasonable to assume that other servers with similar configurations may be currently affected although their operators are unaware."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "There are several potential problems which can be caused by improperly permitting recursive service to unauthorized clients, including:\n\n Additional queries from unauthorized clients may increase the load on a server, possibly degrading service to authorized clients.\n Allowing queries from unauthorized clients can potentially allow a server to be co-opted for use in DNS reflection attacks.\n An attacker may be able to deduce which queries a server has previously serviced by examining the results of queries answered from the cache, potentially leaking private information about what queries have been performed.\n"
"lang" : "eng",
"value" : "There are several potential problems which can be caused by improperly permitting recursive service to unauthorized clients, including:\n\n Additional queries from unauthorized clients may increase the load on a server, possibly degrading service to authorized clients.\n Allowing queries from unauthorized clients can potentially allow a server to be co-opted for use in DNS reflection attacks.\n An attacker may be able to deduce which queries a server has previously serviced by examining the results of queries answered from the cache, potentially leaking private information about what queries have been performed.\n"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01616",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01616"
"name" : "https://kb.isc.org/docs/aa-01616",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01616"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Future maintenance releases of BIND will correct the regression which introduced this issue but ISC does not believe that replacement security releases of BIND are required, given that several easy, safe, and completely effective configuration workarounds are available for any operators with affected configurations. However, an advance version of the patch diff which will be applied to future versions is available upon request to security-officer@isc.org and a correction for the behavior in question will debut in the release candidates for BIND 9.9.13, BIND 9.10.8, BIND 9.11.4, and BIND 9.12.2."
"lang" : "eng",
"value" : "Future maintenance releases of BIND will correct the regression which introduced this issue but ISC does not believe that replacement security releases of BIND are required, given that several easy, safe, and completely effective configuration workarounds are available for any operators with affected configurations. However, an advance version of the patch diff which will be applied to future versions is available upon request to security-officer@isc.org and a correction for the behavior in question will debut in the release candidates for BIND 9.9.13, BIND 9.10.8, BIND 9.11.4, and BIND 9.12.2."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "A number of configuration workarounds are available which completely avoid the problem. \n\nIf an operator has not chosen to specify some other permission, explicitly specifying \"allow-query {localnets; localhost;};\" in named.conf will provide behavior equivalent to the intended default.\n\nIf the default setting is not appropriate (because the operator wants a different behavior) then depending on which clients are intended to be able to receive service for recursive queries, explicitly setting a match list value for any of:\n\n allow-recursion\n allow-query\n allow-query-cache\n\nwill prevent the \"allow-recursion\" control from improperly inheriting a setting from the allow-query default. If a value is set for any of those values the behavior of allow-recursion will be set directly or inherited from one of the other values as described in the BIND Adminstrator Reference Manual section 6.2.\n\nServers which are not intended to perform recursion at all may also effectively prevent this condition by setting \"recursion no;\" in named.conf."
"lang" : "eng",
"value" : "A number of configuration workarounds are available which completely avoid the problem. \n\nIf an operator has not chosen to specify some other permission, explicitly specifying \"allow-query {localnets; localhost;};\" in named.conf will provide behavior equivalent to the intended default.\n\nIf the default setting is not appropriate (because the operator wants a different behavior) then depending on which clients are intended to be able to receive service for recursive queries, explicitly setting a match list value for any of:\n\n allow-recursion\n allow-query\n allow-query-cache\n\nwill prevent the \"allow-recursion\" control from improperly inheriting a setting from the allow-query default. If a value is set for any of those values the behavior of allow-recursion will be set directly or inherited from one of the other values as described in the BIND Adminstrator Reference Manual section 6.2.\n\nServers which are not intended to perform recursion at all may also effectively prevent this condition by setting \"recursion no;\" in named.conf."
}
]
}

113
2018/5xxx/CVE-2018-5739.json
View File

@ -1,97 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-07-11T00:00:00.000Z",
"ID": "CVE-2018-5739",
"STATE": "PUBLIC",
"TITLE": "Failure to release memory may exhaust system resources"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-07-11T00:00:00.000Z",
"ID" : "CVE-2018-5739",
"STATE" : "PUBLIC",
"TITLE" : "Failure to release memory may exhaust system resources"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Kea DHCP",
"version": {
"version_data": [
"product_name" : "Kea DHCP",
"version" : {
"version_data" : [
{
"version_name": "Kea DHCP",
"version_value": "1.4.0"
"version_name" : "Kea DHCP",
"version_value" : "1.4.0"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0."
"lang" : "eng",
"value" : "An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Only servers using hooks which make use of the callout handle store are affected. A Kea server which is using one or more hooks libraries that exhibit this problem will increase its memory use over time, with the rate of increase being proportional to the amount of DHCP traffic processed. Eventually, due to uncontrolled growth, the server will either exhaust all system memory or, if the administrator has set a per-process memory limit, will hit that limit, after which point further memory allocations will fail and the Kea server will crash. \n\nAn attacker who is within the broadcast domain of the Kea server or in a network which is permitted to relay DHCP traffic to the Kea server can hasten the arrival of this outcome by deliberately sending a large volume of requests to the Kea server.\n\nAbility to deliberately trigger this vulnerability depends on the hooks libraries used and the hook points used for callouts. Our scoring for this vulnerability is based on the hook points used for hook libraries distributed by ISC and also based on the assumption that the Kea server does not accept arbitrary traffic from the internet (but is protected, e.g. by firewall, and only accepts DHCP traffic from the local broadcast domain and from nearby networks via authorized DHCP relay agents.) We cannot score every combination, but the risk could be higher to custom-developed hook libraries using other hook points or to servers which accept arbitrary DHCP traffic without restriction."
"lang" : "eng",
"value" : "Only servers using hooks which make use of the callout handle store are affected. A Kea server which is using one or more hooks libraries that exhibit this problem will increase its memory use over time, with the rate of increase being proportional to the amount of DHCP traffic processed. Eventually, due to uncontrolled growth, the server will either exhaust all system memory or, if the administrator has set a per-process memory limit, will hit that limit, after which point further memory allocations will fail and the Kea server will crash. \n\nAn attacker who is within the broadcast domain of the Kea server or in a network which is permitted to relay DHCP traffic to the Kea server can hasten the arrival of this outcome by deliberately sending a large volume of requests to the Kea server.\n\nAbility to deliberately trigger this vulnerability depends on the hooks libraries used and the hook points used for callouts. Our scoring for this vulnerability is based on the hook points used for hook libraries distributed by ISC and also based on the assumption that the Kea server does not accept arbitrary traffic from the internet (but is protected, e.g. by firewall, and only accepts DHCP traffic from the local broadcast domain and from nearby networks via authorized DHCP relay agents.) We cannot score every combination, but the risk could be higher to custom-developed hook libraries using other hook points or to servers which accept arbitrary DHCP traffic without restriction."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01626",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01626"
"name" : "https://kb.isc.org/docs/aa-01626",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01626"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Upgrade to Kea 1.4.0-P1 or higher, available via https://www.isc.org/downloads."
"lang" : "eng",
"value" : "Upgrade to Kea 1.4.0-P1 or higher, available via https://www.isc.org/downloads."
}
],
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "\n + Monitoring and routinely restarting ISC Kea DHCPv4 and DHCPv6 services may be an effective mitigation for some production environments\n + Running a new build of Kea without any hook libraries that use the callout store is another option, though it may not be a viable option where the production environment is dependent on the other hooks that need to be omitted to avoid these symptoms. These hooks distributed by ISC do not use the callout store and are safe to use: Lease Commands, Stat Commands, Host Commands (a Kea Premium hook) and Subnet Commands (a subscriber-only hook provided to Kea support customers).\n + Reverting to Kea DHCP 1.3.0 may be possible for some production environments but because of differences in the database schema operators should check carefully before attempting rollback:\n - If using memfile storage entirely, there should not be any compatibility issues.\n - If using a database solution for hosts or leases, the 1.4.0 schema will be incompatible with ISC Kea 1.3.0; the database therefore must be restored from a pre-upgrade backup for this to be successful.\n - If you are unsure whether or not you can roll back to 1.3.0 without restoring a previous version of your database, you may send an e-mail to security-officer@isc.org describing your storage setup and we will advise.\n"
"lang" : "eng",
"value" : "\n + Monitoring and routinely restarting ISC Kea DHCPv4 and DHCPv6 services may be an effective mitigation for some production environments\n + Running a new build of Kea without any hook libraries that use the callout store is another option, though it may not be a viable option where the production environment is dependent on the other hooks that need to be omitted to avoid these symptoms. These hooks distributed by ISC do not use the callout store and are safe to use: Lease Commands, Stat Commands, Host Commands (a Kea Premium hook) and Subnet Commands (a subscriber-only hook provided to Kea support customers).\n + Reverting to Kea DHCP 1.3.0 may be possible for some production environments but because of differences in the database schema operators should check carefully before attempting rollback:\n - If using memfile storage entirely, there should not be any compatibility issues.\n - If using a database solution for hosts or leases, the 1.4.0 schema will be incompatible with ISC Kea 1.3.0; the database therefore must be restored from a pre-upgrade backup for this to be successful.\n - If you are unsure whether or not you can roll back to 1.3.0 without restoring a previous version of your database, you may send an e-mail to security-officer@isc.org describing your storage setup and we will advise.\n"
}
]
}

129
2018/5xxx/CVE-2018-5740.json
View File

@ -1,113 +1,112 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-08-08T08:00:00.000Z",
"ID": "CVE-2018-5740",
"STATE": "PUBLIC",
"TITLE": "A flaw in the \"deny-answer-aliases\" feature can cause an assertion failure in named"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-08-08T08:00:00.000Z",
"ID" : "CVE-2018-5740",
"STATE" : "PUBLIC",
"TITLE" : "A flaw in the \"deny-answer-aliases\" feature can cause an assertion failure in named"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_name": "BIND 9 ",
"version_value": "9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2"
"version_name" : "BIND 9 ",
"version_value" : "9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"configuration": [
"configuration" : [
{
"lang": "eng",
"value": "Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation."
"lang" : "eng",
"value" : "Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation."
}
],
"credit": [
"credit" : [
{
"lang": "eng",
"value": "ISC would like to thank Tony Finch of the University of Cambridge for reporting this issue."
"lang" : "eng",
"value" : "ISC would like to thank Tony Finch of the University of Cambridge for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2."
"lang" : "eng",
"value" : "\"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients."
"lang" : "eng",
"value" : "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients."
},
{
"lang": "eng",
"value": "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients. Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation."
"lang" : "eng",
"value" : "Accidental or deliberate triggering of this defect will cause a REQUIRE assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients. Only servers which have explicitly enabled the \"deny-answer-aliases\" feature are at risk and disabling the feature prevents exploitation."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/aa-01639",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01639"
"name" : "https://kb.isc.org/docs/aa-01639",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01639"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "Most operators will not need to make any changes unless they are using the \"deny-answer-aliases\" feature (which is described in the BIND 9 Adminstrator Reference Manual section 6.2.) \"deny-answer-aliases\" is off by default; only configurations which explicitly enable it can be affected by this defect.\n\nIf you are using \"deny-answer-aliases\", upgrade to the patched release most closely related to your current version of BIND.\n\n 9.9.13-P1\n 9.10.8-P1\n 9.11.4-P1\n 9.12.2-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n 9.11.3-S3\n"
"lang" : "eng",
"value" : "Most operators will not need to make any changes unless they are using the \"deny-answer-aliases\" feature (which is described in the BIND 9 Adminstrator Reference Manual section 6.2.) \"deny-answer-aliases\" is off by default; only configurations which explicitly enable it can be affected by this defect.\n\nIf you are using \"deny-answer-aliases\", upgrade to the patched release most closely related to your current version of BIND.\n\n 9.9.13-P1\n 9.10.8-P1\n 9.11.4-P1\n 9.12.2-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n 9.11.3-S3\n"
}
],
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "This vulnerability can be avoided by disabling the \"deny-answer-aliases\" feature if it is in use."
"lang" : "eng",
"value" : "This vulnerability can be avoided by disabling the \"deny-answer-aliases\" feature if it is in use."
}
]
}

113
2018/5xxx/CVE-2018-5741.json
View File

@ -1,97 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-09-19T00:00:00.000Z",
"ID": "CVE-2018-5741",
"STATE": "PUBLIC",
"TITLE": "Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation"
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2018-09-19T00:00:00.000Z",
"ID" : "CVE-2018-5741",
"STATE" : "PUBLIC",
"TITLE" : "Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "BIND 9",
"version": {
"version_data": [
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_name": "BIND 9",
"version_value": "Versions prior to BIND 9.11.5 and BIND 9.12.3"
"version_name" : "BIND 9",
"version_value" : "Versions prior to BIND 9.11.5 and BIND 9.12.3"
}
]
}
}
]
},
"vendor_name": "ISC"
"vendor_name" : "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3."
"lang" : "eng",
"value" : "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "The krb5-subdomain and ms-subdomain update policy rule types permit updates from any client authenticated with a valid Kerberos or Windows machine principal from the REALM specified in the identity field, to modify records in the zone at or below the name specified in the name field. The incorrect documentation, however, indicated that the policy would be restricted to names at or below the machine's name as encoded in the Windows or Kerberos principal.\n\nFor example, if named.conf contains the following configuration statement in the zone \"example.com\":\n\nzone example.com {\n ...\n update-policy {\n grant SUB.EXAMPLE.COM krb5-subdomain . ANY;\n };\n};\n\n...then a client possessing a valid Kerberos machine principal for host/machine.sub.example.com@SUB.EXAMPLE.COM would be allowed to update any record at or below \"example.com\", whereas the documentation indicated that updates would only be permitted at or below \"machine.sub.example.com\". In practice, the name of the machine encoded in the principal is not checked to ensure that it matches the records to be updated. The update policy for the zone, having established that the client possesses a valid machine principal from the SUB.EXAMPLE.COM realm, simply allows updates to all records within the zone \"example.com\".\n\nThe ms-subdomain rule type behaves similarly, but for Windows machine principals such as machine$@SUB.EXAMPLE.COM instead of Kerberos principals.\n\nThe krb5-subdomain and ms-subdomain rules are intended to limit updates to names below the name field (in this example, \".\", which covers the entire zone). Because of a separate bug in the named.conf parser, a name field below \".\" could not be configured in some releases.\n\nMaintenance releases of BIND released during or after October 2018 (9.11.5 or higher, 9.12.3 or higher) will address this configuration bug, as well as adding new krb5-selfsub and ms-selfsub rule types which more accurately implement the behavior that the ARM formerly attributed to krb5-subdomain and ms-subdomain."
"lang" : "eng",
"value" : "The krb5-subdomain and ms-subdomain update policy rule types permit updates from any client authenticated with a valid Kerberos or Windows machine principal from the REALM specified in the identity field, to modify records in the zone at or below the name specified in the name field. The incorrect documentation, however, indicated that the policy would be restricted to names at or below the machine's name as encoded in the Windows or Kerberos principal.\n\nFor example, if named.conf contains the following configuration statement in the zone \"example.com\":\n\nzone example.com {\n ...\n update-policy {\n grant SUB.EXAMPLE.COM krb5-subdomain . ANY;\n };\n};\n\n...then a client possessing a valid Kerberos machine principal for host/machine.sub.example.com@SUB.EXAMPLE.COM would be allowed to update any record at or below \"example.com\", whereas the documentation indicated that updates would only be permitted at or below \"machine.sub.example.com\". In practice, the name of the machine encoded in the principal is not checked to ensure that it matches the records to be updated. The update policy for the zone, having established that the client possesses a valid machine principal from the SUB.EXAMPLE.COM realm, simply allows updates to all records within the zone \"example.com\".\n\nThe ms-subdomain rule type behaves similarly, but for Windows machine principals such as machine$@SUB.EXAMPLE.COM instead of Kerberos principals.\n\nThe krb5-subdomain and ms-subdomain rules are intended to limit updates to names below the name field (in this example, \".\", which covers the entire zone). Because of a separate bug in the named.conf parser, a name field below \".\" could not be configured in some releases.\n\nMaintenance releases of BIND released during or after October 2018 (9.11.5 or higher, 9.12.3 or higher) will address this configuration bug, as well as adding new krb5-selfsub and ms-selfsub rule types which more accurately implement the behavior that the ARM formerly attributed to krb5-subdomain and ms-subdomain."
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kb.isc.org/docs/cve-2018-5741",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2018-5741"
"name" : "https://kb.isc.org/docs/cve-2018-5741",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/cve-2018-5741"
}
]
},
"solution": [
"solution" : [
{
"lang": "eng",
"value": "At the time of public disclosure, ISC is not providing any code changing the behavior of the update-policy feature. While we believe that there are a few operators out there who are relying on the strictest interpretation permitted by the erroneous documentation, we have to balance that against changing the behavior of features in stable branches of BIND, including the 9.11 branch which is meant to be a feature-complete Extended Support Version of BIND 9. As a compromise between these conflicting priorities, we have decided that our best course of action is to disclose the error but leave the existing behavior of the krb5-subdomain and ms-subdomain policies as they are (while correcting the erroneous documentation).\n\nIn maintenance releases issued during or after October 2018, the name field for ms-subdomain and krb5-subdomain will be corrected so that names lower than \".\" can be configured, and two new rule types will be added, krb5-selfsub and ms-selfsub, analogous to the existing selfsub rule type, which implement the behavior that was formerly described in the documentation for krb5-subdomain and ms-subdomain: restricting updates to names at or below the machine name encoded in the client's Windows or Kerberos principal. \n"
"lang" : "eng",
"value" : "At the time of public disclosure, ISC is not providing any code changing the behavior of the update-policy feature. While we believe that there are a few operators out there who are relying on the strictest interpretation permitted by the erroneous documentation, we have to balance that against changing the behavior of features in stable branches of BIND, including the 9.11 branch which is meant to be a feature-complete Extended Support Version of BIND 9. As a compromise between these conflicting priorities, we have decided that our best course of action is to disclose the error but leave the existing behavior of the krb5-subdomain and ms-subdomain policies as they are (while correcting the erroneous documentation).\n\nIn maintenance releases issued during or after October 2018, the name field for ms-subdomain and krb5-subdomain will be corrected so that names lower than \".\" can be configured, and two new rule types will be added, krb5-selfsub and ms-selfsub, analogous to the existing selfsub rule type, which implement the behavior that was formerly described in the documentation for krb5-subdomain and ms-subdomain: restricting updates to names at or below the machine name encoded in the client's Windows or Kerberos principal. \n"
}
],
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
},
"work_around": [
"work_around" : [
{
"lang": "eng",
"value": "To limit updates to a subset of a zone -- for example, \"sub.example.com\" -- create a new \"sub.example.com\" child zone beneath \"example.com\", and set the desired update-policy in the child zone rather than the parent."
"lang" : "eng",
"value" : "To limit updates to a subset of a zone -- for example, \"sub.example.com\" -- create a new \"sub.example.com\" child zone beneath \"example.com\", and set the desired update-policy in the child zone rather than the parent."
}
]
}