Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DNS:QUERY:CVE-2018-5740-DOS

Severity

 Minor

Recommended

 Yes

Recommended Action

 Drop

Category

 DNS

Keywords

 ISC BIND deny-answer-aliases Assertion Failure Denial of Service

Release Date

 2018/09/25

Update Number

 3102

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DNS: ISC BIND deny-answer-aliases Assertion Failure Denial of Service


This signature detects attempts to exploit a known vulnerability against ISC BIND. A successful attack can result in a denial-of-service condition.

Extended Description

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Affected Products

  • Canonical ubuntu_linux 12.04
  • Canonical ubuntu_linux 14.04
  • Canonical ubuntu_linux 16.04
  • Canonical ubuntu_linux 18.04
  • Debian debian_linux 8.0
  • Isc bind 9.10.0
  • Isc bind 9.10.1
  • Isc bind 9.10.2
  • Isc bind 9.10.3
  • Isc bind 9.10.4
  • Isc bind 9.10.5
  • Isc bind 9.10.6
  • Isc bind 9.10.7
  • Isc bind 9.11.0
  • Isc bind 9.11.1
  • Isc bind 9.11.2
  • Isc bind 9.11.3
  • Isc bind 9.12.0
  • Isc bind 9.12.1
  • Isc bind 9.13.0
  • Isc bind 9.13.1
  • Isc bind 9.7.0
  • Isc bind 9.7.0a1
  • Isc bind 9.7.0a2
  • Isc bind 9.7.0a3
  • Isc bind 9.7.0b1
  • Isc bind 9.7.0b2
  • Isc bind 9.7.0b3
  • Isc bind 9.7.1
  • Isc bind 9.7.1b1
  • Isc bind 9.7.2
  • Isc bind 9.7.3
  • Isc bind 9.7.4
  • Isc bind 9.7.4b1
  • Isc bind 9.7.5
  • Isc bind 9.7.6
  • Isc bind 9.7.7
  • Isc bind 9.8.0
  • Isc bind 9.8.1
  • Isc bind 9.8.2
  • Isc bind 9.8.3
  • Isc bind 9.8.4
  • Isc bind 9.8.5
  • Isc bind 9.8.6
  • Isc bind 9.8.7
  • Isc bind 9.9.0
  • Isc bind 9.9.1
  • Isc bind 9.9.10
  • Isc bind 9.9.11
  • Isc bind 9.9.12
  • Isc bind 9.9.2
  • Isc bind 9.9.3
  • Isc bind 9.9.4
  • Isc bind 9.9.4-65
  • Isc bind 9.9.4-72
  • Isc bind 9.9.5
  • Isc bind 9.9.6
  • Isc bind 9.9.7
  • Isc bind 9.9.8
  • Isc bind 9.9.9
  • Netapp data_ontap_edge -
  • Redhat enterprise_linux_desktop 6.0
  • Redhat enterprise_linux_desktop 7.0
  • Redhat enterprise_linux_server 6.0
  • Redhat enterprise_linux_server 7.0
  • Redhat enterprise_linux_server_aus 7.6
  • Redhat enterprise_linux_server_eus 7.5
  • Redhat enterprise_linux_server_eus 7.6
  • Redhat enterprise_linux_workstation 6.0
  • Redhat enterprise_linux_workstation 7.0

References

  • CVE: CVE-2018-5740
  • URL: https://kb.isc.org/article/aa-01639/74/cve-2018-5740%3a-a-flaw-in-the-deny-answer-aliases-feature-can-cause-an-insist-assertion-failure-in-named.html
  • URL: http://securitytracker.com/id?1041436

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out