Main Vulnerability Database SB2018052228

SB2018052228 - Assertion failure in bind (Alpine package)

Published: May 22, 2018

Security Bulletin ID SB2018052228

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Assertion failure (CVE-ID: CVE-2018-5737)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists on the systems that permit recursion to clients and that have the max-stale-ttl parameter set to a non-zero value due to a flaw in the serve-stale implementation even when serve-stale is not enabled. A remote attacker can trigger an assertion failure in rbtdb.c cause performance degradation on the target system such as recursion loops or excessive logging.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=a72a5291c3473990e2ec0256973c8ea1b78a2f77
https://git.alpinelinux.org/aports/commit/?id=5b89784c2f0f07bfbb31371b85fd9c1be3acada5
https://git.alpinelinux.org/aports/commit/?id=f676af6ec98416e43a39c2e2c8c98d361ddf99a5