oss-sec mailing list archives
Multiple CVEs announced by ISC (ISC DHCP: CVE-2018-5732 & CVE-2018-5733, BIND CVE-2018-5734)
From: Michael McNally <mcnally () isc org>
Date: Wed, 28 Feb 2018 15:29:55 -0500
Today ISC publicly disclosed three CVEs, two in ISC DHCP and a third in BIND Supported Preview Edition [which is a customer-only non-public version of BIND, but since the disclosure is public we wish to be clear about it here so as not to confuse those who are following the public open source version of the product.] All three vulnerabilities are now public. Thank you, to those who were informed in advance, for cooperating with our disclosure schedule. The two DHCP vulnerabilities are: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 CVE-2018-5733: A malicious client can overflow a reference counter in ISC dhcpd https://kb.isc.org/article/AA-01567/75/CVE-2018-5733 And the (Supported Preview Edition-only) BIND vulnerability is: CVE-2018-5734: A malformed request can trigger an assertion failure in badcache.c https://kb.isc.org/article/AA-01562/74/CVE-2018-5734 If you have questions about these announcements please direct them to security-officer () isc org Michael McNally ISC Security Officer
Current thread:
- Multiple CVEs announced by ISC (ISC DHCP: CVE-2018-5732 & CVE-2018-5733, BIND CVE-2018-5734) Michael McNally (Feb 28)