CVE-2018-5736

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

References

http://www.securityfocus.com/bid/104386

http://www.securitytracker.com/id/1040941

https://kb.isc.org/docs/aa-01602

https://security.netapp.com/advisory/ntap-20180926-0004/

Details

Source: MITRE

Published: 2019-01-16

Updated: 2019-10-03

Type: CWE-617

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 1.6

Severity: MEDIUM

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
122238ISC BIND Assertion Failure Vulnerability (DoS)NessusDNS
medium
109947ISC BIND 9.12.x < 9.12.1-P1 Multiple VulnerabilitiesNessusDNS
high
109929FreeBSD : BIND -- multiple vulnerabilities (94599fe0-5ca3-11e8-8be1-d05099c0ae8c)NessusFreeBSD Local Security Checks
high