SB2018112919 - Security restrictions bypass in bind (Alpine package)
Published: November 29, 2018
Security Bulletin ID
SB2018112919
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security restrictions bypass (CVE-ID: CVE-2018-5741)
The vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The vulnerability exists due to an error in the documentation of the 'update-policy' feature for the 'krb5-subdomain' and 'ms-subdomain' update policies. A remote attacker can bypass security restrictions to modify records in the zone at or below the name specified in the name field.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=f760ea50ec9278664e1aa8c0a5fb9f216770113b
- https://git.alpinelinux.org/aports/commit/?id=6f40ae0c65be42bfa15f7d4c08b7ebd55a3ea4b2
- https://git.alpinelinux.org/aports/commit/?id=e3ed6b4e31abe80f4d89cec79e47d60a9102142e
- https://git.alpinelinux.org/aports/commit/?id=e57a8cc709262d3323914e40a9f4b342529b0bcd