CVE-2018-5738

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-5738
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5738.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-5738
Downstream
Related
Published
2019-01-16T20:29:00.907Z
Modified
2026-04-10T04:10:58.707692Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.

References

Affected packages

Git / gitlab.isc.org/isc-projects/bind9

Affected ranges

Type
GIT
Repo
https://gitlab.isc.org/isc-projects/bind9
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4eb49c48823a2abbe0b3784305906cce5f520a4c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
470cee7071b278e016ae94cd403dbc13689d3444
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
db65d701b999d10e555c13454bceb74df4494975
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
fe1302d54424009769409e46c0d50c0bcccd1d31
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a37581543167cd471036b0d43e767c9ffb825625
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
617639b7cc40ba9eb6fde2d98099726d50da812e
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
71a40862c0be867999867cd99e21c2266a5e452b
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
08a3dedda1254acbbc7ebbfee33915d27efaa902
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
08a3dedda1254acbbc7ebbfee33915d27efaa902
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
5b1e929b8b07586a24d32dc0d7590bc25dacf754
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f9c3aba9b3070603bd8582399646480ec6bc5912
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
4bb22b64006b4b0d248b918005359b055a03ac46
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b2307b25465c16d37ff6de22438a2d214287417c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ed829a6ba4ff56d4eb82074e0498736fa9d68f8c
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
14b0e01fee2e288e01eef3dd88f3212030ad3c42
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
29b3a7d84240a51099490c0f39ae537f4e0d6a7a
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.9.12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.9.12-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.10.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.10.7-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.11.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.11.3-s1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.0-a1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.0-b1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.0-b2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.0-rc1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.0-rc3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.1-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.12.1-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.13.0"
        }
    ]
}

Affected versions

v9.*
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.10.0rc2
v9.10.1
v9.10.1b1
v9.10.1b2
v9.10.1rc1
v9.10.1rc2
v9.10.2
v9.10.2b1
v9.10.2rc1
v9.10.2rc2
v9.10.3
v9.10.3b1
v9.10.3rc1
v9.10.4
v9.10.4b1
v9.10.4b2
v9.10.4b3
v9.10.4rc1
v9.10.5
v9.10.5b1
v9.10.5rc1
v9.10.5rc2
v9.10.5rc3
v9.10.6b1
v9.10.6rc1
v9.10.7
v9.10.7b1
v9.10.7rc1
v9.11.0
v9.11.0a1
v9.11.0a2
v9.11.0a3
v9.11.0b1
v9.11.0b2
v9.11.0b3
v9.11.0rc1
v9.11.0rc2
v9.11.0rc3
v9.11.1
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.2b1
v9.11.2rc1
v9.11.3
v9.11.3b1
v9.11.3rc1
v9.12.0
v9.12.0a1
v9.12.0b1
v9.12.0b2
v9.12.0rc1
v9.12.0rc2
v9.12.0rc3
v9.12.1
v9.12.1-P2
v9.12.1b1
v9.12.1rc1
v9.13.0
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.7.0a1
v9.9.0
v9.9.0rc3
v9.9.0rc4
v9.9.1
v9.9.10
v9.9.10b1
v9.9.10rc1
v9.9.10rc2
v9.9.10rc3
v9.9.11b1
v9.9.11rc1
v9.9.12
v9.9.12b1
v9.9.12rc1
v9.9.2b1
v9.9.2rc1
v9.9.3
v9.9.3b1
v9.9.3b2
v9.9.3rc1
v9.9.3rc2
v9.9.4
v9.9.4b1
v9.9.4rc2
v9.9.5
v9.9.5b1
v9.9.5rc1
v9.9.5rc2
v9.9.6
v9.9.6b1
v9.9.6b2
v9.9.6rc1
v9.9.6rc2
v9.9.7
v9.9.7b1
v9.9.7rc1
v9.9.7rc2
v9.9.8
v9.9.8b1
v9.9.8rc1
v9.9.9
v9.9.9b1
v9.9.9b2
v9.9.9rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5738.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.11.3-s2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]