Project

General

Profile

Bug #9461

bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)

Added by Alicha CH 8 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
09/25/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:
CVE-2018-5741

Description

In order to provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were.

Versions affected:

The behavior described is present in all versions of BIND 9 which contain the krb5-subdomain and ms-subdomain update
policies prior to our upcoming maintenance releases, BIND 9.11.5 and 9.12.3. However, the misleading documentation
is not present in all versions.

References:

https://kb.isc.org/docs/cve-2018-5741
https://www.openwall.com/lists/oss-security/2018/09/19/11


Subtasks

Bug #9462: [3.9] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)ClosedNatanael Copa

Bug #9463: [3.8] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)ClosedNatanael Copa

Bug #9464: [3.7] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)ClosedNatanael Copa

Bug #9465: [3.6] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)ClosedNatanael Copa

Bug #9466: [3.5] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)ClosedNatanael Copa

History

#1 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from New to Closed

Also available in: Atom PDF