| Severity |
|
| Remote |
|
| Type |
|
| Description |
| + |
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. |
|
| References |
| + |
https://kb.isc.org/article/AA-01606/74/CVE-2018-5737 |
|
| Notes |
| + |
Workaround: |
| + |
|
| + |
Setting "max-stale-ttl 0;" in named.conf will prevent exploitation of this vulnerability (but will effectively disable the serve-stale feature.) |
| + |
|
| + |
Setting "stale-answer enable off;" is not sufficient to prevent exploitation, max-stale-ttl needs to be set to zero. |
|