Highly Critical BIND Vulnerability

Reference:
Advisory #2019-005

Version:
1.0

Affected software:
-> 9.11.5-S3 of BIND 9 Supported Preview Edition
9.11.3 -> 9.11.5-P1
9.12.0 -> 9.12.3-P1
BIND 9.10.7 -> 9.10.8-P1
Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected

Type:
Remotely exploitable denial of service

CVE/CVSS:
CVE-2018-5744

Sources

https://kb.isc.org/docs/cve-2018-5744

Risks

ISC has released security updates to address a vulnerability impacting numerous releases of BIND. A remote attacker could exploit this vulnerability to cause BIND to crash due to out-of-memory by sending a sufficient number of specially-crafted packets.

Description

This vulnerability, registered CVE-2018-5744, is considered to be highly critical by ISC. A proof of concept has not been published yet nor has this vulnerability been observed being actively exploited at this time.

By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.

Recommended Actions

CERT.be recommends administrators to update their BIND version.

• Both BIND 9.11.5-P4 and BIND 9.11.5-P4 include a fix for the memory leak.
• If patching is not possible immediately, there are no other known mitigations.