oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

ISC has announced CVE-2018-5738, a defect in some versions of BIND

From: ISC Security Officer <security-officer () isc org>
Date: Tue, 12 Jun 2018 16:07:30 -0800
Please be advised that ISC has publicly announced a vulnerability in
some versions of BIND.

CVE-2018-5738 is a medium severity vulnerability in which nameservers
containing the previous change #4777 (from October 2017), if they
are configured to permit recursive service to some clients, may because
of this error improperly inherit the wrong default permission, causing
the server to permit recursive service to ALL clients.  Several workarounds
are documented in the official security advisory document, which can be
found in ISC's knowledge base:

   https://kb.isc.org/article/AA-01616/0/CVE-2018-5738


Michael McNally
ISC Security Officer
Previous By Date Next
Previous By Thread Next

Current thread: