CVE-2018-5737 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-706	bind	9.12.1-1	9.12.1.P2-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
20 May 2018	ASA-201805-20	AVG-706	bind	Medium	denial of service

References
https://kb.isc.org/article/AA-01606/74/CVE-2018-5737

Notes
Workaround: Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.) Setting "stale-answer enable off;" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero.

Notes

Workaround:

Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.)

Setting "stale-answer enable off;" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero.