ISC BIND CVE-2018-5741 Security Bypass Vulnerability
BID:105379
CVE-2018-5741 |Info
ISC BIND CVE-2018-5741 Security Bypass Vulnerability
| Bugtraq ID: | 105379 |
| Class: | Design Error |
| CVE: |
CVE-2018-5741 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 19 2018 12:00AM |
| Updated: | Sep 19 2018 12:00AM |
| Credit: | Dominik George |
| Vulnerable: |
Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 ISC Bind 9.13.2 ISC Bind 9.13 ISC Bind 9.12.2 ISC Bind 9.12.1 ISC Bind 9.12 ISC Bind 9.11.4 ISC Bind 9.11.2 ISC Bind 9.11.1 ISC Bind 9.10.8 ISC Bind 9.10.6 ISC Bind 9.10.5 ISC Bind 9.10.3 ISC Bind 9.10.2 ISC Bind 9.10 ISC BIND 9.1.3 ISC BIND 9.1.2 ISC BIND 9.1.1 ISC BIND 9.1 ISC Bind 9.0.8 ISC Bind 9.0.7 ISC Bind 9.0.6 ISC Bind 9.0.5 ISC Bind 9.0.4 ISC Bind 9.0.3 ISC Bind 9.0.2 ISC BIND 9.0.1 ISC BIND 9.0 ISC Bind 9.12.2-P1 ISC Bind 9.12.1-P2 ISC Bind 9.12.1-P1 ISC Bind 9.12.0rc2 ISC Bind 9.12.0rc1 ISC Bind 9.12.0a1 ISC Bind 9.11.4-P1 ISC Bind 9.11.2-P1 ISC Bind 9.11.1rc3 ISC Bind 9.11.1rc2 ISC Bind 9.11.1rc1 ISC Bind 9.11.1b1 ISC Bind 9.11.1-P2 ISC Bind 9.11.1-P1 ISC Bind 9.11.0rc3 ISC Bind 9.11.0rc1 ISC Bind 9.11.0b2 ISC Bind 9.11.0b1 ISC Bind 9.11.0a3 ISC Bind 9.11.0-P5 ISC Bind 9.11.0-P4 ISC Bind 9.11.0-P3 ISC Bind 9.11.0-P2 ISC Bind 9.11.0-P1 ISC Bind 9.11.0 ISC Bind 9.10.8-P1 ISC Bind 9.10.6-S3 ISC Bind 9.10.6-S2 ISC Bind 9.10.6-S1 ISC Bind 9.10.6-P1 ISC Bind 9.10.5rc3 ISC Bind 9.10.5rc2 ISC Bind 9.10.5rc1 ISC Bind 9.10.5b1 ISC Bind 9.10.5-S4 ISC Bind 9.10.5-S3 ISC Bind 9.10.5-S2 ISC Bind 9.10.5-S1 ISC Bind 9.10.5-P2 ISC Bind 9.10.5-P1 ISC Bind 9.10.4-P8 ISC Bind 9.10.4-P7 ISC Bind 9.10.4-P6 ISC Bind 9.10.4-P5 ISC Bind 9.10.4-P4 ISC Bind 9.10.4-P3 ISC Bind 9.10.4-P2 ISC Bind 9.10.4-P1 ISC Bind 9.10.3rc1 ISC Bind 9.10.3-P4 ISC Bind 9.10.3-P3 ISC Bind 9.10.3-P2 ISC Bind 9.10.3-P1 ISC Bind 9.10.2-P4 ISC Bind 9.10.2-P3 ISC Bind 9.10.2-P2 ISC Bind 9.10.2 Rc1 ISC Bind 9.10.2 B1 ISC Bind 9.10.1-P2 ISC Bind 9.10.1-P1 ISC Bind 9.10.1 P1 ISC Bind 9.10.1 ISC Bind 9.10.0-P2 ISC Bind 9.10.0-P1 |
| Not Vulnerable: |
ISC Bind 9.13.3 ISC Bind 9.12.2-P2 ISC Bind 9.11.4-P2 |
Discussion
ISC BIND CVE-2018-5741 Security Bypass Vulnerability
ISC BIND is prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform unauthorized actions. This may aid in further attacks.
ISC BIND 9.x versions prior to 9.11.4-P2 and 9.12.2-P2 are vulnerable.
ISC BIND is prone to a security-bypass vulnerability.
An attacker can exploit this issue to perform unauthorized actions. This may aid in further attacks.
ISC BIND 9.x versions prior to 9.11.4-P2 and 9.12.2-P2 are vulnerable.
Exploit / POC
ISC BIND CVE-2018-5741 Security Bypass Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
ISC BIND CVE-2018-5741 Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
ISC BIND CVE-2018-5741 Security Bypass Vulnerability
References:
References:
- ISC BIND Homepage (ISC)
- #908595 krb5-subdomain and ms-subdomain update policy rules ineffective (Debian)
- Bug 1631131 CVE-2018-5741 bind: Incorrect documentation of krb5 (Redhat)
- CVE-2018-5741 (Redhat)
- CVE-2018-5741: Update policies krb5-subdomain and ms-subdomain (ISC)
- Oracle Solaris Third Party Bulletin - April 2019 (Oracle)