CVE-2018-5743

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

References

https://kb.isc.org/docs/cve-2018-5743

https://support.f5.com/csp/article/K74009656?utm_source=f5support&utm_medium=RSS

https://www.synology.com/security/advisory/Synology_SA_19_20

Details

Source: MITRE

Published: 2019-10-09

Updated: 2019-12-18

Type: CWE-770

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*

Configuration 6

OR

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*

Configuration 7

OR

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*

Configuration 8

OR

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*

Configuration 9

OR

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*

Configuration 10

OR

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 13.0.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*

Configuration 11

OR

cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*

Configuration 12

OR

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*

Configuration 13

OR

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.9.0 to 9.10.8 (inclusive)

cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*

cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.11.0 to 9.11.6 (inclusive)

cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*

cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.12.0 to 9.12.4 (inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.13.0 to 9.13.7 (inclusive)

cpe:2.3:a:isc:bind:9.14.0:*:*:*:*:*:*:*

Configuration 14

OR

cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*

Configuration 15

OR

cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* versions from 5.0.0 to 5.4.0 (inclusive)

cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:* versions from 6.0.0 to 6.1.0 (inclusive)

Configuration 16

OR

cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*

Configuration 17

OR

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 11.5.2 to 11.6.5 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 12.1.0 to 12.1.4 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 13.1.0 to 13.1.1 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* versions from 14.0.0 to 14.1.0 (inclusive)

cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*

Tenable Plugins

View all (40 total)

IDNameProductFamilySeverity
137170OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)NessusOracleVM Local Security Checks
high
129739RHEL 7 : bind (RHSA-2019:2977)NessusRed Hat Local Security Checks
high
129526SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1)NessusSuSE Local Security Checks
medium
129233EulerOS 2.0 SP3 : bind (EulerOS-SA-2019-2040)NessusHuawei Local Security Checks
high
128699NewStart CGSL MAIN 4.06 : bind Vulnerability (NS-SA-2019-0174)NessusNewStart CGSL Local Security Checks
high
128663RHEL 7 : bind (RHSA-2019:2698)NessusRed Hat Local Security Checks
high
127580Oracle Linux 8 : bind (ELSA-2019-1145)NessusOracle Linux Local Security Checks
high
127454NewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0167)NessusNewStart CGSL Local Security Checks
high
127437NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0158)NessusNewStart CGSL Local Security Checks
high
127303NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Vulnerability (NS-SA-2019-0087)NessusNewStart CGSL Local Security Checks
high
127072Amazon Linux AMI : bind (ALAS-2019-1244)NessusAmazon Linux Local Security Checks
high
126857EulerOS 2.0 SP2 : bind (EulerOS-SA-2019-1730)NessusHuawei Local Security Checks
high
126836Debian DLA-1859-1 : bind9 security updateNessusDebian Local Security Checks
high
126546EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2019-1704)NessusHuawei Local Security Checks
high
126448F5 Networks BIG-IP : BIND vulnerability (K74009656)NessusF5 Networks Local Security Checks
high
126384Amazon Linux 2 : bind (ALAS-2019-1231)NessusAmazon Linux Local Security Checks
high
126291EulerOS 2.0 SP5 : bind (EulerOS-SA-2019-1664)NessusHuawei Local Security Checks
high
126268EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-1641)NessusHuawei Local Security Checks
high
126048Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2019-1492)NessusVirtuozzo Local Security Checks
high
126024Oracle Linux 6 : bind (ELSA-2019-1492)NessusOracle Linux Local Security Checks
high
126021OracleVM 3.3 / 3.4 : bind (OVMSA-2019-0027)NessusOracleVM Local Security Checks
high
126008CentOS 6 : bind (CESA-2019:1492)NessusCentOS Local Security Checks
high
125979Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20190617)NessusScientific Linux Local Security Checks
high
125978RHEL 6 : bind (RHSA-2019:1492)NessusRed Hat Local Security Checks
high
125808openSUSE Security Update : bind (openSUSE-2019-1533)NessusSuSE Local Security Checks
medium
125807openSUSE Security Update : bind (openSUSE-2019-1532)NessusSuSE Local Security Checks
medium
125801CentOS 7 : bind (CESA-2019:1294)NessusCentOS Local Security Checks
high
125799SUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1)NessusSuSE Local Security Checks
medium
125759SUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1)NessusSuSE Local Security Checks
high
125703SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1)NessusSuSE Local Security Checks
medium
125591Scientific Linux Security Update : bind on SL7.x x86_64 (20190529)NessusScientific Linux Local Security Checks
high
125590RHEL 7 : bind (RHSA-2019:1294)NessusRed Hat Local Security Checks
high
125589Oracle Linux 7 : bind (ELSA-2019-1294)NessusOracle Linux Local Security Checks
high
124846RHEL 8 : bind (RHSA-2019:1145)NessusRed Hat Local Security Checks
high
124758Ubuntu 14.04 LTS : bind9 vulnerability (USN-3956-2)NessusUbuntu Local Security Checks
high
124722Debian DSA-4440-1 : bind9 - security updateNessusDebian Local Security Checks
medium
124652ISC BIND 9 Denial of Service Vulnerability (CVE-2018-5743)NessusDNS
high
124607Fedora 30 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-f791948895)NessusFedora Local Security Checks
high
124354Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2019-116-01)NessusSlackware Local Security Checks
high
124323Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Bind vulnerability (USN-3956-1)NessusUbuntu Local Security Checks
high