Vulnerability CVE-2018-5743: Information

Description

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-5743

Published: Oct. 9, 2019

Modified: Nov. 7, 2023

Error type identifier: CWE-770

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
bind	sisyphus	9.11.6.P1-alt1	9.18.27-alt1	ALT-PU-2019-1739-1	228141	Fixed
bind	p10	9.11.6.P1-alt1	9.16.48-alt1	ALT-PU-2019-1739-1	228141	Fixed
bind	p9	9.11.6.P1-alt1	9.11.37-alt1	ALT-PU-2019-1739-1	228141	Fixed
bind	p8	9.10.8.P1-alt1	9.10.8.P1-alt4	ALT-PU-2019-2541-1	236400	Fixed
bind	c10f1	9.11.6.P1-alt1	9.16.48-alt0.c10f2.1	ALT-PU-2019-1739-1	228141	Fixed
bind	c9f2	9.11.6.P1-alt1	9.11.37-alt1	ALT-PU-2019-1739-1	228141	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://kb.isc.org/docs/cve-2018-5743	Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_20
https://support.f5.com/csp/article/K74009656?utm_source=f5support&amp%3Butm_medium=RSS

Affected configurations:
1. Configuration 1
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 2
  cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 3
  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
  Start including
  13.1.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 4
  cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 5
  cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Start including
  13.1.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 6
  cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.1
  
  Configuration 7
  cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 8
  cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 9
  cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 10
  cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Start including
  13.0.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 11
  cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Start including
  13.1.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 12
  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
  Start including
  13.1.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5
  
  Configuration 13
  cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
  Start including
  9.9.0
  End including
  9.10.8
  cpe:2.3:a:isc:bind:9.14.0:*:*:*:*:*:*:*
  cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
  Start including
  9.12.0
  End including
  9.12.4
  cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
  Start including
  9.11.0
  End including
  9.11.6
  cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*
  cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
  Start including
  9.13.0
  End including
  9.13.7
  cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*
  cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*
  cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*
  
  Configuration 14
  cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*
  
  Configuration 15
  cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
  Start including
  5.0.0
  End including
  5.4.0
  cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*
  Start including
  6.0.0
  End including
  6.1.0
  
  Configuration 16
  cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*
  
  Configuration 17
  cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Start including
  12.1.0
  End including
  12.1.4
  cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End including
  14.1.0
  cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Start including
  13.1.0
  End including
  13.1.1
  cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Start including
  11.5.2
  End including
  11.6.5

Version: v24.5.1

Vulnerability CVE-2018-5743: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11

Configuration 12

Configuration 13

Configuration 14

Configuration 15

Configuration 16

Configuration 17