SB2019052919 - Red Hat Enterprise Linux 7 update for bind 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019052919

SB2019052919 - Red Hat Enterprise Linux 7 update for bind

Published: May 29, 2019

Security Bulletin ID SB2019052919
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2018-5743)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.


Remediation

Install update from vendor's website.

References