www.belgium.be Logo of the federal government

Highly Critical BIND Vulnerability

Reference: 
Advisory #2019-005
Version: 
1.0
Affected software: 
BIND 9.10.7 -> 9.10.8-P1
9.11.3 -> 9.11.5-P1
9.12.0 -> 9.12.3-P1
-> 9.11.5-S3 of BIND 9 Supported Preview Edition
Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected
Type: 
Remotely exploitable denial of service
CVE/CVSS: 

CVE-2018-5744

Date: 
22/02/2019

Sources

https://kb.isc.org/docs/cve-2018-5744

Risks

ISC has released security updates to address a vulnerability impacting numerous releases of BIND. A remote attacker could exploit this vulnerability to cause BIND to crash due to out-of-memory by sending a sufficient number of specially-crafted packets.

Description

This vulnerability, registered CVE-2018-5744, is considered to be highly critical by ISC. A proof of concept has not been published yet nor has this vulnerability been observed being actively exploited at this time.

By exploiting this condition, an attacker can potentially cause named's memory use to grow without bounds until all memory available to the process is exhausted. Typically a server process is limited as to the amount of memory it can use but if the named process is not limited by the operating system all free memory on the server could be exhausted.

Recommended Actions

CERT.be recommends administrators to update their BIND version.

  • Both BIND 9.11.5-P4 and BIND 9.11.5-P4 include a fix for the memory leak.
  • If patching is not possible immediately, there are no other known mitigations.