CVE-2018-5740

Name of the Vulnerable Software and Affected Versions BIND versions 9.7.0 through 9.8.8 BIND versions 9.9.0 through 9.9.13 BIND versions 9.10.0 through 9.10.8 BIND versions 9.11.0 through 9.11.4 BIND versions 9.12.0 through 9.12.2 BIND versions 9.13.0 through 9.13.2

Description The issue is related to the "deny-answer-aliases" feature in the BIND DNS server, which is intended to protect against DNS rebinding attacks. However, a defect in this feature can cause an assertion failure in name.c, leading to a denial of service. This can be exploited by a remote attacker. The feature is little-used and only servers with the feature explicitly enabled are at risk.

Recommendations To resolve the issue for BIND versions 9.7.0 through 9.8.8, disable the "deny-answer-aliases" feature. To resolve the issue for BIND versions 9.9.0 through 9.9.13, disable the "deny-answer-aliases" feature. To resolve the issue for BIND versions 9.10.0 through 9.10.8, disable the "deny-answer-aliases" feature. To resolve the issue for BIND versions 9.11.0 through 9.11.4, disable the "deny-answer-aliases" feature. To resolve the issue for BIND versions 9.12.0 through 9.12.2, disable the "deny-answer-aliases" feature. To resolve the issue for BIND versions 9.13.0 through 9.13.2, disable the "deny-answer-aliases" feature.