Synology-SA-18:42 ISC BIND

Publish Time: 2018-08-10 13:59:39 UTC+8

Last Updated: 2019-12-24 14:16:20 UTC+8

Severity
Not affected
Status
Resolved

Abstract

CVE-2018-5740 allows remote attackers to conduct denial-of-service attacks via a susceptible version of ISC BIND.

None of Synology products are affected as CVE-2018-5740 only affects when "deny-answer-aliases" feature is enabled.

Affected Products

Product Severity Fixed Release Availability
DNS Server Not affected N/A

Mitigation

None

Detail

  • CVE-2018-5740
    • Severity: Not affected
    • CVSS3 Base Score: 0.0
    • CVSS3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    • "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

Reference

Revision

Revision Date Description
1 2018-08-10 Initial public release.
2 2019-12-24 Disclosed vulnerability details.