fkie_cve-2018-5738
Vulnerability from fkie_nvd
Published
2019-01-16 20:29
Modified
2024-11-21 04:09
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.
References
security-officer@isc.orghttp://www.securitytracker.com/id/1041115Third Party Advisory, VDB Entry
security-officer@isc.orghttps://kb.isc.org/docs/aa-01616Mitigation, Vendor Advisory
security-officer@isc.orghttps://security.gentoo.org/glsa/201903-13Third Party Advisory
security-officer@isc.orghttps://security.netapp.com/advisory/ntap-20190830-0002/
security-officer@isc.orghttps://usn.ubuntu.com/3683-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041115Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/aa-01616Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190830-0002/
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3683-1/Third Party Advisory
Impacted products
Vendor Product Version
isc bind 9.9.12
isc bind 9.9.12
isc bind 9.10.7
isc bind 9.10.7
isc bind 9.11.3
isc bind 9.11.3
isc bind 9.11.3
isc bind 9.12.0
isc bind 9.12.0
isc bind 9.12.0
isc bind 9.12.0
isc bind 9.12.0
isc bind 9.12.0
isc bind 9.12.1
isc bind 9.12.1
isc bind 9.12.1
isc bind 9.13.0
canonical ubuntu_linux 18.04


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBAAC23-A533-4688-9BF4-1819C600D6FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*",
              "matchCriteriaId": "71776282-A512-4AF8-A3ED-D9CB0A768410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "01452454-B7CC-4909-8B2B-B4DF06F8CB4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*",
              "matchCriteriaId": "F5410A39-A1B8-42BB-9C1B-EC50B1677144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46216E94-DC78-4338-BAFA-C88FA202948C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*",
              "matchCriteriaId": "07F165FC-15DF-44F1-B578-A592045BEDEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*",
              "matchCriteriaId": "E8D007DF-0C42-444F-9D43-C52024A0C600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DCE4BD2-2256-473F-B17F-192CAC145DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*",
              "matchCriteriaId": "F72B798C-6FF1-41D2-83BC-BBA8F0C71DDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*",
              "matchCriteriaId": "1653E806-4F31-4ACA-B51F-5F0067D99208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*",
              "matchCriteriaId": "8E5AB236-CBDE-48F3-B6E1-5C6B08996ED7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F57F84D2-76D0-42B9-BA61-96204F527B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FF6D296A-A353-4D4D-BAD7-38E02A7AF298",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "440CFE40-C9B7-4E6E-800D-DD595F8FC38E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*",
              "matchCriteriaId": "F1E36C76-E5E0-42B9-ABF4-F71CE831A62B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*",
              "matchCriteriaId": "5AE4CCD7-7825-4422-A972-E19984076091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D425D9A9-872D-444D-B5DA-74CB5F775FC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the \"allow-recursion\" setting, it SHOULD default to one of the following: none, if \"recursion no;\" is set in named.conf; a value inherited from the \"allow-query-cache\" or \"allow-query\" settings IF \"recursion yes;\" (the default for that setting) AND match lists are explicitly set for \"allow-query-cache\" or \"allow-query\" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of \"allow-recursion {localhost; localnets;};\" if \"recursion yes;\" is in effect and no values are explicitly set for \"allow-query-cache\" or \"allow-query\". However, because of the regression introduced by change #4777, it is possible when \"recursion yes;\" is in effect and no match list values are provided for \"allow-query-cache\" or \"allow-query\" for the setting of \"allow-recursion\" to inherit a setting of all hosts from the \"allow-query\" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0-\u003e9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition."
    },
    {
      "lang": "es",
      "value": "El cambio #4777 (presentado en octubre de 2017) introdujo un problema no imaginado en las versiones lanzadas tras esa fecha, que afecta a los clientes que pueden realizar consultas recursivas a un servidor de nombre de BIND. El comportamiento planeado (y documentado) es que, si un operador no ha especificado un valor para la opci\u00f3n \"allow-recursion\", DEBER\u00cdA ser por defecto uno de los siguientes: si \"recursion no;\" est\u00e1 configurado como named.conf; un valor heredado de las opciones \"allow-query-cache\" o \"allow-query\" SI \"recursion yes;\" (la opci\u00f3n por defecto) Y las listas de coincidencias est\u00e1 configuradas de forma expl\u00edcita para \"allow-query-cache\" o \"allow-query\" (v\u00e9ase el manual de referencia administrativa de BIND9, secci\u00f3n 6.2, para m\u00e1s detalles); o la opci\u00f3n por defecto planeada de \"allow-recursion {localhost; localnets;};\" si \"recursion yes;\" est\u00e1 en uso y no hay valores configurados de forma expl\u00edcita para \"allow-query-cache\" o \"allow-query\". Sin embargo, debido a la regresi\u00f3n introducida por el cambio #4777, es posible que, cuando \"recursion yes;\" est\u00e1 en uso y no se proporcionan valores de lista de coincidencias para \"allow-query-cache\" o \"allow-query\" para la configuraci\u00f3n de \"allow-recursion\", se herede una configuraci\u00f3n de todos los hosts de la opci\u00f3n por defecto \"allow-query\". Esto permite de forma incorrecta la recursi\u00f3n a todos los clientes. Afecta a BIND en versiones 9.9.12, 9.10.7, 9.11.3, desde la versi\u00f3n 9.12.0 hasta la 9.12.1-P2, la versi\u00f3n de desarrollo 9.13.0, adem\u00e1s de las versiones 9.9.12-S1, 9.10.7-S1, 9.11.3-S1 y 9.11.3-S2 de BIND 9 Supported Preview Edition."
    }
  ],
  "id": "CVE-2018-5738",
  "lastModified": "2024-11-21T04:09:17.273",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T20:29:00.907",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041115"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01616"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-13"
    },
    {
      "source": "security-officer@isc.org",
      "url": "https://security.netapp.com/advisory/ntap-20190830-0002/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3683-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/aa-01616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20190830-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3683-1/"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.