Описание
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | bind | Will not fix | ||
| Red Hat Enterprise Linux 8 | bind | Not affected | ||
| Red Hat Enterprise Linux 6 | bind | Fixed | RHSA-2018:0101 | 22.01.2018 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | bind | Fixed | RHSA-2018:0487 | 12.03.2018 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | bind | Fixed | RHSA-2018:0487 | 12.03.2018 |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | bind | Fixed | RHSA-2018:0487 | 12.03.2018 |
| Red Hat Enterprise Linux 6.6 Telco Extended Update Support | bind | Fixed | RHSA-2018:0487 | 12.03.2018 |
| Red Hat Enterprise Linux 6.7 Extended Update Support | bind | Fixed | RHSA-2018:0487 | 12.03.2018 |
| Red Hat Enterprise Linux 7 | bind | Fixed | RHSA-2018:0102 | 22.01.2018 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | bind | Fixed | RHSA-2018:0488 | 12.03.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
BIND was improperly sequencing cleanup operations on upstream recursio ...
EPSS
7.5 High
CVSS3