Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5743

Опубликовано: 24 апр. 2019
Источник: redhat
CVSS3: 8.6
EPSS Низкий

Описание

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.

Отчет

This bind flaw can be exploited by a remote attacker (AV:N) by opening large number of simultaneous TCP client connections with the server. No special exploit code is required apart from the ability to open large number of TCP connections simultaneously either from one attacker machine or via some distributed attacker network (AC:L and PR:L). No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by exhausting the file descriptor pool which named has access to. Also in cases where named process is not limited by OS-enforced per-process limits, this could cause exhaustion of available free file descriptors on the system running the named server causing denial of service for other processes running on that machine (S:C).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5bindOut of support scope
Red Hat Enterprise Linux 5bind97Out of support scope
Red Hat Enterprise Linux 6bindFixedRHSA-2019:149217.06.2019
Red Hat Enterprise Linux 7bindFixedRHSA-2019:129429.05.2019
Red Hat Enterprise Linux 7.4 Extended Update SupportbindFixedRHSA-2019:269812.09.2019
Red Hat Enterprise Linux 7.5 Extended Update SupportbindFixedRHSA-2019:297708.10.2019
Red Hat Enterprise Linux 8bindFixedRHSA-2019:114513.05.2019
Red Hat Enterprise Linux 8bindFixedRHSA-2019:114513.05.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1702541bind: Limiting simultaneous TCP clients is ineffective

EPSS

Процентиль: 82%
0.01766
Низкий

8.6 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5743

CVSS3: 7.5
ubuntu
больше 6 лет назад

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

nvd логотип

CVE-2018-5743

CVSS3: 7.5
nvd
больше 6 лет назад

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

debian логотип

CVE-2018-5743

CVSS3: 7.5
debian
больше 6 лет назад

By design, BIND is intended to limit the number of TCP clients that ca ...

github логотип

GHSA-3cr4-c5wq-3ccv

CVSS3: 7.5
github
больше 3 лет назад

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

oracle-oval логотип

ELSA-2019-1492

oracle-oval
больше 6 лет назад

ELSA-2019-1492: bind security update (IMPORTANT)

EPSS

Процентиль: 82%
0.01766
Низкий

8.6 High

CVSS3