Search
Find a vulnerability
Search criteria
6 vulnerabilities found for solidfire_element_os_management_node by netapp
CVE-2018-5734 (GCVE-0-2018-5734)
Vulnerability from nvd – Published: 2019-01-16 20:00 – Updated: 2024-09-17 02:31
VLAI
Title
A malformed request can trigger an assertion failure in badcache.c
Summary
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.
Severity
7.5 (High)
CWE
- Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view.
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/aa-01562 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2018092… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103189 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1040438 | vdb-entryx_refsource_SECTRACK |
Impacted products
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "103189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103189"
},
{
"name": "1040438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn\u0027t contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "103189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103189"
},
{
"name": "1040438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040438"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release.\n\n No publicly released versions of BIND are affected\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.10.6-S3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A malformed request can trigger an assertion failure in badcache.c",
"workarounds": [
{
"lang": "en",
"value": "Disabling the SERVFAIL cache with \u0027servfail-ttl 0;\u0027 will prevent taking the code path that leads to the assertion failure."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5734",
"STATE": "PUBLIC",
"TITLE": "A malformed request can trigger an assertion failure in badcache.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_value": "9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn\u0027t contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01562",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01562"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "103189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103189"
},
{
"name": "1040438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040438"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release.\n\n No publicly released versions of BIND are affected\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.10.6-S3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Disabling the SERVFAIL cache with \u0027servfail-ttl 0;\u0027 will prevent taking the code path that leads to the assertion failure."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5734",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2018-01-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:46.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9778 (GCVE-0-2016-9778)
Vulnerability from nvd – Published: 2019-01-16 20:00 – Updated: 2024-09-16 20:01
VLAI
Title
An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
Summary
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.
Severity
7.5 (High)
CWE
- Only servers which are performing NXDOMAIN redirection using the "nxdomain-redirect" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients.
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1037582 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201708-01 | vendor-advisoryx_refsource_GENTOO |
| https://security.netapp.com/advisory/ntap-2018092… | x_refsource_CONFIRM |
| https://kb.isc.org/article/AA-01442/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95388 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037582"
},
{
"name": "GLSA-201708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01442/"
},
{
"name": "95388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "BIND 9 9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Only servers which are performing NXDOMAIN redirection using the \"nxdomain-redirect\" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "1037582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037582"
},
{
"name": "GLSA-201708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01442/"
},
{
"name": "95388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95388"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.11.0-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.9.9-S7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c",
"workarounds": [
{
"lang": "en",
"value": "Either provide an ordinary (that is: not redirected) NXDOMAIN for non-existent resource records in zones for which authoritative data is served on the same server or use redirect zones instead of the nxdomain-redirect feature."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-01-11T00:00:00.000Z",
"ID": "CVE-2016-9778",
"STATE": "PUBLIC",
"TITLE": "An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_name": "BIND 9",
"version_value": "9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Only servers which are performing NXDOMAIN redirection using the \"nxdomain-redirect\" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037582",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037582"
},
{
"name": "GLSA-201708-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "https://kb.isc.org/article/AA-01442/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01442/"
},
{
"name": "95388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95388"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.11.0-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.9.9-S7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Either provide an ordinary (that is: not redirected) NXDOMAIN for non-existent resource records in zones for which authoritative data is served on the same server or use redirect zones instead of the nxdomain-redirect feature."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2016-9778",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2016-12-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:01:47.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3693 (GCVE-0-2018-3693)
Vulnerability from nvd – Published: 2018-07-10 21:00 – Updated: 2024-08-05 04:50
VLAI
Summary
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2390 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2395 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2384 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1946 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0174 | vendor-advisoryx_refsource_REDHAT |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://help.ecostruxureit.com/display/public/UAD… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2018082… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://cdrdv2.intel.com/v1/dl/getContent/685359 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel Corporation | Most Modern Operating Systems |
Affected:
All
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "RHSA-2018:2395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name": "RHSA-2019:1946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "RHSA-2020:0174",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Most Modern Operating Systems",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T17:51:16.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "RHSA-2018:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "RHSA-2018:2395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name": "RHSA-2019:1946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "RHSA-2020:0174",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "RHSA-2018:2395",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name": "RHSA-2019:1946",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "RHSA-2020:0174",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180823-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://cdrdv2.intel.com/v1/dl/getContent/685359",
"refsource": "CONFIRM",
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3693",
"datePublished": "2018-07-10T21:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:50:30.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9778 (GCVE-0-2016-9778)
Vulnerability from cvelistv5 – Published: 2019-01-16 20:00 – Updated: 2024-09-16 20:01
VLAI
Title
An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
Summary
An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.
Severity
7.5 (High)
CWE
- Only servers which are performing NXDOMAIN redirection using the "nxdomain-redirect" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients.
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1037582 | vdb-entryx_refsource_SECTRACK |
| https://security.gentoo.org/glsa/201708-01 | vendor-advisoryx_refsource_GENTOO |
| https://security.netapp.com/advisory/ntap-2018092… | x_refsource_CONFIRM |
| https://kb.isc.org/article/AA-01442/ | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95388 | vdb-entryx_refsource_BID |
Impacted products
Date Public
2017-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1037582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037582"
},
{
"name": "GLSA-201708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/article/AA-01442/"
},
{
"name": "95388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95388"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "BIND 9 9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1"
}
]
}
],
"datePublic": "2017-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Only servers which are performing NXDOMAIN redirection using the \"nxdomain-redirect\" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "1037582",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037582"
},
{
"name": "GLSA-201708-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/article/AA-01442/"
},
{
"name": "95388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95388"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.11.0-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.9.9-S7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c",
"workarounds": [
{
"lang": "en",
"value": "Either provide an ordinary (that is: not redirected) NXDOMAIN for non-existent resource records in zones for which authoritative data is served on the same server or use redirect zones instead of the nxdomain-redirect feature."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-01-11T00:00:00.000Z",
"ID": "CVE-2016-9778",
"STATE": "PUBLIC",
"TITLE": "An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_name": "BIND 9",
"version_value": "9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -\u003e 9.9.8-S3, 9.9.9-S1 -\u003e 9.9.9-S6, 9.11.0-9.11.0-P1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Only servers which are performing NXDOMAIN redirection using the \"nxdomain-redirect\" function are potentially vulnerable and then only a subset of those servers. In order to be affected a server must be using nxdomain-redirect AND must be redirecting NXDOMAIN responses for a zone for which the server also provides authoritative service -- therefore a purely recursive server is not at risk, either. Successful exploitation of the vulnerability will cause named to stop execution after encountering a REQUIRE assertion failure in db.c, resulting in denial of service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037582",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037582"
},
{
"name": "GLSA-201708-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "https://kb.isc.org/article/AA-01442/",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01442/"
},
{
"name": "95388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95388"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.11.0-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.9.9-S7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Either provide an ordinary (that is: not redirected) NXDOMAIN for non-existent resource records in zones for which authoritative data is served on the same server or use redirect zones instead of the nxdomain-redirect feature."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2016-9778",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2016-12-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:01:47.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5734 (GCVE-0-2018-5734)
Vulnerability from cvelistv5 – Published: 2019-01-16 20:00 – Updated: 2024-09-17 02:31
VLAI
Title
A malformed request can trigger an assertion failure in badcache.c
Summary
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.
Severity
7.5 (High)
CWE
- Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view.
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/aa-01562 | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2018092… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/103189 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1040438 | vdb-entryx_refsource_SECTRACK |
Impacted products
Date Public
2018-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/aa-01562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "103189",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103189"
},
{
"name": "1040438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2"
}
]
}
],
"datePublic": "2018-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn\u0027t contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-17T10:57:01.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/aa-01562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "103189",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103189"
},
{
"name": "1040438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040438"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release.\n\n No publicly released versions of BIND are affected\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.10.6-S3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A malformed request can trigger an assertion failure in badcache.c",
"workarounds": [
{
"lang": "en",
"value": "Disabling the SERVFAIL cache with \u0027servfail-ttl 0;\u0027 will prevent taking the code path that leads to the assertion failure."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2018-02-28T00:00:00.000Z",
"ID": "CVE-2018-5734",
"STATE": "PUBLIC",
"TITLE": "A malformed request can trigger an assertion failure in badcache.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_value": "9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn\u0027t contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Servers running the affected versions (9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, and 9.10.6-S2) are vulnerable if they allow recursion, unless the SERVFAIL cache is disabled for the receiving view."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/aa-01562",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01562"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "103189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103189"
},
{
"name": "1040438",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040438"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release.\n\n No publicly released versions of BIND are affected\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.10.6-S3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Disabling the SERVFAIL cache with \u0027servfail-ttl 0;\u0027 will prevent taking the code path that leads to the assertion failure."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2018-5734",
"datePublished": "2019-01-16T20:00:00.000Z",
"dateReserved": "2018-01-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:46.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3693 (GCVE-0-2018-3693)
Vulnerability from cvelistv5 – Published: 2018-07-10 21:00 – Updated: 2024-08-05 04:50
VLAI
Summary
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2390 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2395 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:2384 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:1946 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0174 | vendor-advisoryx_refsource_REDHAT |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://help.ecostruxureit.com/display/public/UAD… | x_refsource_CONFIRM |
| https://security.netapp.com/advisory/ntap-2018082… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://cdrdv2.intel.com/v1/dl/getContent/685359 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Intel Corporation | Most Modern Operating Systems |
Affected:
All
|
Date Public
2018-07-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:30.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "RHSA-2018:2395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name": "RHSA-2019:1946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "RHSA-2020:0174",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Most Modern Operating Systems",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2018-07-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T17:51:16.000Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "RHSA-2018:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "RHSA-2018:2395",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name": "RHSA-2019:1946",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "RHSA-2020:0174",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Most Modern Operating Systems",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "RHSA-2018:2395",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2395"
},
{
"name": "RHSA-2018:2384",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2384"
},
{
"name": "RHSA-2019:1946",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1946"
},
{
"name": "RHSA-2020:0174",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0174"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180823-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180823-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://cdrdv2.intel.com/v1/dl/getContent/685359",
"refsource": "CONFIRM",
"url": "https://cdrdv2.intel.com/v1/dl/getContent/685359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-3693",
"datePublished": "2018-07-10T21:00:00.000Z",
"dateReserved": "2017-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:50:30.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}