oss-sec mailing list archives
ISC has announced CVE-2018-5738, a defect in some versions of BIND
From: ISC Security Officer <security-officer () isc org>
Date: Tue, 12 Jun 2018 16:07:30 -0800
Please be advised that ISC has publicly announced a vulnerability in some versions of BIND. CVE-2018-5738 is a medium severity vulnerability in which nameservers containing the previous change #4777 (from October 2017), if they are configured to permit recursive service to some clients, may because of this error improperly inherit the wrong default permission, causing the server to permit recursive service to ALL clients. Several workarounds are documented in the official security advisory document, which can be found in ISC's knowledge base: https://kb.isc.org/article/AA-01616/0/CVE-2018-5738 Michael McNally ISC Security Officer
Current thread:
- ISC has announced CVE-2018-5738, a defect in some versions of BIND ISC Security Officer (Jun 12)