A warning has been issued by the Internet Systems Consortium (ISC) about a severe vulnerability that could be leveraged in DoS attacks in the open-source BIND software. The vulnerability was discovered by security researcher Tony Finch of the University of Cambridge, and has been identified as CVE-2018-5740.
Official Description of CVE-2018-5740
“deny-answer-aliases” is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an INSIST assertion failure in name.c.
What Is the Impact of CVE-2018-5740?
Accidental or deliberate triggering of the described flaw will lead to an INSIST assertion failure in named, causing the named process to stop execution and resulting in denial of service to clients, ISC explained in an advisory. Only servers which have explicitly enabled the “deny-answer-aliases” feature are at risk. So, disabling the feature prevents exploitation, the organization added.
To counter the exploit, “most operators will not need to make any changes unless they are using the “deny-answer-aliases” feature (which is described in the BIND 9 Adminstrator Reference Manual section 6.2.) “deny-answer-aliases” is off by default; only configurations which explicitly enable it can be affected by this defect“.
More about the BIND Software
BIND is open-source software that enables individuals to publish their Domain Name System (DNS) information on the Internet, and to resolve DNS queries for their users. As for the meaning of the abbreviation, BIND stands for “Berkeley Internet Name Domain”. Historically, the software originated in the early 1980s at the University of California at Berkeley. It appears that it is the most widely adopted DNS software on the internet. This large adoption (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/cve-2018-5740-bind-vulnerability-dos-attacks/