CVE-2018-5741 (GCVE-0-2018-5741)
Vulnerability from cvelistv5
Published
2019-01-16 20:00
Modified
2024-09-17 02:26
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.
References
security-officer@isc.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
security-officer@isc.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
security-officer@isc.orghttp://www.securityfocus.com/bid/105379Third Party Advisory, VDB Entry
security-officer@isc.orghttp://www.securitytracker.com/id/1041674Third Party Advisory, VDB Entry
security-officer@isc.orghttps://access.redhat.com/errata/RHSA-2019:2057
security-officer@isc.orghttps://kb.isc.org/docs/cve-2018-5741Vendor Advisory
security-officer@isc.orghttps://security.gentoo.org/glsa/201903-13Third Party Advisory
security-officer@isc.orghttps://security.netapp.com/advisory/ntap-20190830-0001/
security-officer@isc.orghttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105379Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041674Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2057
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/cve-2018-5741Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190830-0001/
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
Impacted products
Vendor Product Version
ISC BIND 9 Version: BIND 9 Versions prior to BIND 9.11.5 and BIND 9.12.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T05:40:51.195Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "105379",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/105379",
               },
               {
                  name: "1041674",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1041674",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://kb.isc.org/docs/cve-2018-5741",
               },
               {
                  name: "GLSA-201903-13",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_GENTOO",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201903-13",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us",
               },
               {
                  name: "RHSA-2019:2057",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:2057",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190830-0001/",
               },
               {
                  name: "openSUSE-SU-2020:1699",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html",
               },
               {
                  name: "openSUSE-SU-2020:1701",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "BIND 9",
               vendor: "ISC",
               versions: [
                  {
                     status: "affected",
                     version: "BIND 9 Versions prior to BIND 9.11.5 and BIND 9.12.3",
                  },
               ],
            },
         ],
         datePublic: "2018-09-19T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "The krb5-subdomain and ms-subdomain update policy rule types permit updates from any client authenticated with a valid Kerberos or Windows machine principal from the REALM specified in the identity field, to modify records in the zone at or below the name specified in the name field. The incorrect documentation, however, indicated that the policy would be restricted to names at or below the machine's name as encoded in the Windows or Kerberos principal.\n\nFor example, if named.conf contains the following configuration statement in the zone \"example.com\":\n\nzone example.com {\n        ...\n        update-policy {\n                grant SUB.EXAMPLE.COM krb5-subdomain . ANY;\n        };\n};\n\n...then a client possessing a valid Kerberos machine principal for host/machine.sub.example.com@SUB.EXAMPLE.COM would be allowed to update any record at or below \"example.com\", whereas the documentation indicated that updates would only be permitted at or below \"machine.sub.example.com\". In practice, the name of the machine encoded in the principal is not checked to ensure that it matches the records to be updated. The update policy for the zone, having established that the client possesses a valid machine principal from the SUB.EXAMPLE.COM realm, simply allows updates to all records within the zone \"example.com\".\n\nThe ms-subdomain rule type behaves similarly, but for Windows machine principals such as machine$@SUB.EXAMPLE.COM instead of Kerberos principals.\n\nThe krb5-subdomain and ms-subdomain rules are intended to limit updates to names below the name field (in this example, \".\", which covers the entire zone). Because of a separate bug in the named.conf parser, a name field below \".\" could not be configured in some releases.\n\nMaintenance releases of BIND released during or after October 2018 (9.11.5 or higher, 9.12.3 or higher) will address this configuration bug, as well as adding new krb5-selfsub and ms-selfsub rule types which more accurately implement the behavior that the ARM formerly attributed to krb5-subdomain and ms-subdomain.",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-10-20T11:06:45",
            orgId: "404fd4d2-a609-4245-b543-2c944a302a22",
            shortName: "isc",
         },
         references: [
            {
               name: "105379",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/105379",
            },
            {
               name: "1041674",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1041674",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://kb.isc.org/docs/cve-2018-5741",
            },
            {
               name: "GLSA-201903-13",
               tags: [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
               ],
               url: "https://security.gentoo.org/glsa/201903-13",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us",
            },
            {
               name: "RHSA-2019:2057",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:2057",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://security.netapp.com/advisory/ntap-20190830-0001/",
            },
            {
               name: "openSUSE-SU-2020:1699",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html",
            },
            {
               name: "openSUSE-SU-2020:1701",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html",
            },
         ],
         solutions: [
            {
               lang: "en",
               value: "At the time of public disclosure, ISC is not providing any code changing the behavior of the update-policy feature. While we believe that there are a few operators out there who are relying on the strictest interpretation permitted by the erroneous documentation, we have to balance that against changing the behavior of features in stable branches of BIND, including the 9.11 branch which is meant to be a feature-complete Extended Support Version of BIND 9. As a compromise between these conflicting priorities, we have decided that our best course of action is to disclose the error but leave the existing behavior of the krb5-subdomain and ms-subdomain policies as they are (while correcting the erroneous documentation).\n\nIn maintenance releases issued during or after October 2018, the name field for ms-subdomain and krb5-subdomain will be corrected so that names lower than \".\" can be configured, and two new rule types will be added, krb5-selfsub and ms-selfsub, analogous to the existing selfsub rule type, which implement the behavior that was formerly described in the documentation for krb5-subdomain and ms-subdomain: restricting updates to names at or below the machine name encoded in the client's Windows or Kerberos principal.",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation",
         workarounds: [
            {
               lang: "en",
               value: "To limit updates to a subset of a zone -- for example, \"sub.example.com\" -- create a new \"sub.example.com\" child zone beneath \"example.com\", and set the desired update-policy in the child zone rather than the parent.",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security-officer@isc.org",
               DATE_PUBLIC: "2018-09-19T00:00:00.000Z",
               ID: "CVE-2018-5741",
               STATE: "PUBLIC",
               TITLE: "Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "BIND 9",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "BIND 9",
                                          version_value: "Versions prior to BIND 9.11.5 and BIND 9.12.3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "ISC",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "The krb5-subdomain and ms-subdomain update policy rule types permit updates from any client authenticated with a valid Kerberos or Windows machine principal from the REALM specified in the identity field, to modify records in the zone at or below the name specified in the name field. The incorrect documentation, however, indicated that the policy would be restricted to names at or below the machine's name as encoded in the Windows or Kerberos principal.\n\nFor example, if named.conf contains the following configuration statement in the zone \"example.com\":\n\nzone example.com {\n        ...\n        update-policy {\n                grant SUB.EXAMPLE.COM krb5-subdomain . ANY;\n        };\n};\n\n...then a client possessing a valid Kerberos machine principal for host/machine.sub.example.com@SUB.EXAMPLE.COM would be allowed to update any record at or below \"example.com\", whereas the documentation indicated that updates would only be permitted at or below \"machine.sub.example.com\". In practice, the name of the machine encoded in the principal is not checked to ensure that it matches the records to be updated. The update policy for the zone, having established that the client possesses a valid machine principal from the SUB.EXAMPLE.COM realm, simply allows updates to all records within the zone \"example.com\".\n\nThe ms-subdomain rule type behaves similarly, but for Windows machine principals such as machine$@SUB.EXAMPLE.COM instead of Kerberos principals.\n\nThe krb5-subdomain and ms-subdomain rules are intended to limit updates to names below the name field (in this example, \".\", which covers the entire zone). Because of a separate bug in the named.conf parser, a name field below \".\" could not be configured in some releases.\n\nMaintenance releases of BIND released during or after October 2018 (9.11.5 or higher, 9.12.3 or higher) will address this configuration bug, as well as adding new krb5-selfsub and ms-selfsub rule types which more accurately implement the behavior that the ARM formerly attributed to krb5-subdomain and ms-subdomain.",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "105379",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/105379",
                  },
                  {
                     name: "1041674",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1041674",
                  },
                  {
                     name: "https://kb.isc.org/docs/cve-2018-5741",
                     refsource: "CONFIRM",
                     url: "https://kb.isc.org/docs/cve-2018-5741",
                  },
                  {
                     name: "GLSA-201903-13",
                     refsource: "GENTOO",
                     url: "https://security.gentoo.org/glsa/201903-13",
                  },
                  {
                     name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us",
                     refsource: "CONFIRM",
                     url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us",
                  },
                  {
                     name: "RHSA-2019:2057",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2019:2057",
                  },
                  {
                     name: "https://security.netapp.com/advisory/ntap-20190830-0001/",
                     refsource: "CONFIRM",
                     url: "https://security.netapp.com/advisory/ntap-20190830-0001/",
                  },
                  {
                     name: "openSUSE-SU-2020:1699",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html",
                  },
                  {
                     name: "openSUSE-SU-2020:1701",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html",
                  },
               ],
            },
            solution: [
               {
                  lang: "en",
                  value: "At the time of public disclosure, ISC is not providing any code changing the behavior of the update-policy feature. While we believe that there are a few operators out there who are relying on the strictest interpretation permitted by the erroneous documentation, we have to balance that against changing the behavior of features in stable branches of BIND, including the 9.11 branch which is meant to be a feature-complete Extended Support Version of BIND 9. As a compromise between these conflicting priorities, we have decided that our best course of action is to disclose the error but leave the existing behavior of the krb5-subdomain and ms-subdomain policies as they are (while correcting the erroneous documentation).\n\nIn maintenance releases issued during or after October 2018, the name field for ms-subdomain and krb5-subdomain will be corrected so that names lower than \".\" can be configured, and two new rule types will be added, krb5-selfsub and ms-selfsub, analogous to the existing selfsub rule type, which implement the behavior that was formerly described in the documentation for krb5-subdomain and ms-subdomain: restricting updates to names at or below the machine name encoded in the client's Windows or Kerberos principal.",
               },
            ],
            source: {
               discovery: "EXTERNAL",
            },
            work_around: [
               {
                  lang: "en",
                  value: "To limit updates to a subset of a zone -- for example, \"sub.example.com\" -- create a new \"sub.example.com\" child zone beneath \"example.com\", and set the desired update-policy in the child zone rather than the parent.",
               },
            ],
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "404fd4d2-a609-4245-b543-2c944a302a22",
      assignerShortName: "isc",
      cveId: "CVE-2018-5741",
      datePublished: "2019-01-16T20:00:00Z",
      dateReserved: "2018-01-17T00:00:00",
      dateUpdated: "2024-09-17T02:26:39.095Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.11.5\", \"matchCriteriaId\": \"CC616163-DA27-439B-BCD7-6BE80C074BFF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"9.12.0\", \"versionEndExcluding\": \"9.12.3\", \"matchCriteriaId\": \"C1B4653B-EE51-40D1-8845-FF2873C6D135\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.\"}, {\"lang\": \"es\", \"value\": \"Para proporcionar controles detallados sobre la capacidad de emplear DNS din\\u00e1mico (DDNS) para actualizar registros en una zona, BIND 9 proporciona una caracter\\u00edstica llamada update-policy. Pueden configurarse varias reglas para limitar los tipos de subidas que pueden ser realizadas por un cliente, dependiendo de la clave empleada al enviar la petici\\u00f3n de actualizaci\\u00f3n. Desgraciadamente, algunos tipos de reglas no se documentaron inicialmente y, cuando su documentaci\\u00f3n se a\\u00f1adi\\u00f3 al manual de referencia de administrador (ARM) en el cambio #3112, el texto que se a\\u00f1adi\\u00f3 al ARM en ese momento describ\\u00eda el comportamiento de dos tipos de regla, krb5-subdomain y ms-subdomain. Esta documentaci\\u00f3n incorrecta podr\\u00eda hacer que los operadores piensen que las pol\\u00edticas que han configurado son m\\u00e1s restrictivas de lo que lo son en realidad. Esto afecta a BIND en versiones anteriores a la 9.11.5 y BIND 9.12.3.\"}]",
         id: "CVE-2018-5741",
         lastModified: "2024-11-21T04:09:17.707",
         metrics: "{\"cvssMetricV30\": [{\"source\": \"security-officer@isc.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2019-01-16T20:29:01.050",
         references: "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"http://www.securityfocus.com/bid/105379\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041674\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2057\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"https://kb.isc.org/docs/cve-2018-5741\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201903-13\", \"source\": \"security-officer@isc.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190830-0001/\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/105379\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041674\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:2057\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.isc.org/docs/cve-2018-5741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201903-13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190830-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "security-officer@isc.org",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2018-5741\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2019-01-16T20:29:01.050\",\"lastModified\":\"2024-11-21T04:09:17.707\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.\"},{\"lang\":\"es\",\"value\":\"Para proporcionar controles detallados sobre la capacidad de emplear DNS dinámico (DDNS) para actualizar registros en una zona, BIND 9 proporciona una característica llamada update-policy. Pueden configurarse varias reglas para limitar los tipos de subidas que pueden ser realizadas por un cliente, dependiendo de la clave empleada al enviar la petición de actualización. Desgraciadamente, algunos tipos de reglas no se documentaron inicialmente y, cuando su documentación se añadió al manual de referencia de administrador (ARM) en el cambio #3112, el texto que se añadió al ARM en ese momento describía el comportamiento de dos tipos de regla, krb5-subdomain y ms-subdomain. Esta documentación incorrecta podría hacer que los operadores piensen que las políticas que han configurado son más restrictivas de lo que lo son en realidad. Esto afecta a BIND en versiones anteriores a la 9.11.5 y BIND 9.12.3.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.11.5\",\"matchCriteriaId\":\"CC616163-DA27-439B-BCD7-6BE80C074BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.12.0\",\"versionEndExcluding\":\"9.12.3\",\"matchCriteriaId\":\"C1B4653B-EE51-40D1-8845-FF2873C6D135\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\",\"source\":\"security-officer@isc.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\",\"source\":\"security-officer@isc.org\"},{\"url\":\"http://www.securityfocus.com/bid/105379\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041674\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2057\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://kb.isc.org/docs/cve-2018-5741\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-13\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190830-0001/\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us\",\"source\":\"security-officer@isc.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/105379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041674\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.isc.org/docs/cve-2018-5741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201903-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190830-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.