CVE-2018-5738

Published Jan 16, 2019

Last updated 5 years ago

CVSS high 7.5

Overview

Description: Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.
Source: security-officer@isc.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEBAAC23-A533-4688-9BF4-1819C600D6FD"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71776282-A512-4AF8-A3ED-D9CB0A768410"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01452454-B7CC-4909-8B2B-B4DF06F8CB4F"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5410A39-A1B8-42BB-9C1B-EC50B1677144"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46216E94-DC78-4338-BAFA-C88FA202948C"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07F165FC-15DF-44F1-B578-A592045BEDEF"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8D007DF-0C42-444F-9D43-C52024A0C600"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DCE4BD2-2256-473F-B17F-192CAC145DF1"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F72B798C-6FF1-41D2-83BC-BBA8F0C71DDE"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1653E806-4F31-4ACA-B51F-5F0067D99208"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E5AB236-CBDE-48F3-B6E1-5C6B08996ED7"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F57F84D2-76D0-42B9-BA61-96204F527B7A"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF6D296A-A353-4D4D-BAD7-38E02A7AF298"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "440CFE40-C9B7-4E6E-800D-DD595F8FC38E"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E36C76-E5E0-42B9-ABF4-F71CE831A62B"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AE4CCD7-7825-4422-A972-E19984076091"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D425D9A9-872D-444D-B5DA-74CB5F775FC6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References