CVE-2018-5741 — Incorrect Authorization in Bind
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 23.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 16
Latest updateMay 13
Description
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was adde…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-ghpp-72v8-mpmv: To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-polic↗2022-05-13
CVEList▶
Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation↗2019-01-16
OSV▶
CVE-2018-5741: To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-polic↗2019-01-16
📋Vendor Advisories
2💬Community
3Bugzilla▶
CVE-2018-5741 bind99: bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies [fedora-all]↗2018-09-20
Bugzilla▶
CVE-2018-5741 bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies [fedora-all]↗2018-09-20
Bugzilla▶
CVE-2018-5741 bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies↗2018-09-20