CVE-2018-5745 : "managed-keys" is a feature which allows a BIND resolver to automatically mainta

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

Published 2019-10-09 16:15:14

Updated 2019-11-06 01:15:18

Source Internet Systems Consortium (ISC)

View at NVD, CVE.org

Products affected by CVE-2018-5745

ISC » Bind
Versions from including (>=) 9.12.0 and up to, including, (<=) 9.12.2
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Matching versions
ISC » Bind
Versions from including (>=) 9.13.0 and up to, including, (<=) 9.13.6
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Matching versions
ISC » Bind
Versions from including (>=) 9.9.0 and up to, including, (<=) 9.10.7
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Matching versions
ISC » Bind
Versions from including (>=) 9.11.0 and up to, including, (<=) 9.11.4
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.10.7
cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.11.5 Update P1
cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.9.3 Update S1 For Supported Preview
cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*
Matching versions
ISC » Bind » Version: 9.12.3 Update P1
cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.12.3
cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.11.5 Update S3 For Supported Preview
cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*
Matching versions
ISC » Bind » Version: 9.10.8 Update P1
cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*
Matching versions
ISC » Bind » Version: 9.11.5
cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2018-5745

Top countries where our scanners detected CVE-2018-5745

Top open port discovered on systems with this issue 53

IPs affected by CVE-2018-5745 227,125

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2018-5745!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2018-5745

EPSS FAQ

0.56%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2018-5745

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:N/I:N/A:P	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
4.9	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	1.2	3.6	Internet Systems Consortium (ISC)
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2018-5745

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2018-5745

https://kb.isc.org/docs/cve-2018-5745

Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3552

RHSA-2019:3552 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url