Vulnerability Details : CVE-2018-5740
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.
Products affected by CVE-2018-5740
- cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*
Threat overview for CVE-2018-5740
Top countries where our scanners detected CVE-2018-5740
Top open port discovered on systems with this issue
53
IPs affected by CVE-2018-5740 413,172
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-5740!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-5740
95.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-5740
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Internet Systems Consortium (ISC) | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-5740
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-5740
-
https://security.gentoo.org/glsa/201903-13
BIND: Multiple vulnerabilities (GLSA 201903-13) — Gentoo securityThird Party Advisory
-
http://www.securitytracker.com/id/1041436
BIND 'deny-answer-aliases' Bug Lets Remote Users Cause the Target 'named' Service to Crash - SecurityTrackerThird Party Advisory;VDB Entry
-
https://security.netapp.com/advisory/ntap-20180926-0003/
CVE-2018-5740 ISC Bind Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://usn.ubuntu.com/3769-1/
USN-3769-1: Bind vulnerability | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html
[SECURITY] [DLA 2807-1] bind9 security updateMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/08/msg00033.html
[SECURITY] [DLA 1485-1] bind9 security updateThird Party Advisory
-
https://usn.ubuntu.com/3769-2/
USN-3769-2: Bind vulnerability | Ubuntu security noticesThird Party Advisory
-
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03927en_us
HPESBUX03927 rev.1 - HP-UX BIND, Remote Denial of Service (DoS) and Remote Unauthorized Data ModificationThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html
[security-announce] openSUSE-SU-2019:1533-1: important: Security updateMailing List;Third Party Advisory
-
https://kb.isc.org/docs/aa-01639
CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named - Security AdvisoriesVendor Advisory
-
http://www.securityfocus.com/bid/105055
ISC BIND CVE-2018-5740 Remote Denial of Service VulnerabilityVDB Entry;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2571
RHSA-2018:2571 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html
[security-announce] openSUSE-SU-2019:1532-1: important: Security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2570
RHSA-2018:2570 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to