{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T06:09:58.813","vulnerabilities":[{"cve":{"id":"CVE-2018-5738","sourceIdentifier":"security-officer@isc.org","published":"2019-01-16T20:29:00.907","lastModified":"2024-11-21T04:09:17.273","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the \"allow-recursion\" setting, it SHOULD default to one of the following: none, if \"recursion no;\" is set in named.conf; a value inherited from the \"allow-query-cache\" or \"allow-query\" settings IF \"recursion yes;\" (the default for that setting) AND match lists are explicitly set for \"allow-query-cache\" or \"allow-query\" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of \"allow-recursion {localhost; localnets;};\" if \"recursion yes;\" is in effect and no values are explicitly set for \"allow-query-cache\" or \"allow-query\". However, because of the regression introduced by change #4777, it is possible when \"recursion yes;\" is in effect and no match list values are provided for \"allow-query-cache\" or \"allow-query\" for the setting of \"allow-recursion\" to inherit a setting of all hosts from the \"allow-query\" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition."},{"lang":"es","value":"El cambio #4777 (presentado en octubre de 2017) introdujo un problema no imaginado en las versiones lanzadas tras esa fecha, que afecta a los clientes que pueden realizar consultas recursivas a un servidor de nombre de BIND. El comportamiento planeado (y documentado) es que, si un operador no ha especificado un valor para la opción \"allow-recursion\", DEBERÍA ser por defecto uno de los siguientes: si \"recursion no;\" está configurado como named.conf; un valor heredado de las opciones \"allow-query-cache\" o \"allow-query\" SI \"recursion yes;\" (la opción por defecto) Y las listas de coincidencias está configuradas de forma explícita para \"allow-query-cache\" o \"allow-query\" (véase el manual de referencia administrativa de BIND9, sección 6.2, para más detalles); o la opción por defecto planeada de \"allow-recursion {localhost; localnets;};\" si \"recursion yes;\" está en uso y no hay valores configurados de forma explícita para \"allow-query-cache\" o \"allow-query\". Sin embargo, debido a la regresión introducida por el cambio #4777, es posible que, cuando \"recursion yes;\" está en uso y no se proporcionan valores de lista de coincidencias para \"allow-query-cache\" o \"allow-query\" para la configuración de \"allow-recursion\", se herede una configuración de todos los hosts de la opción por defecto \"allow-query\". Esto permite de forma incorrecta la recursión a todos los clientes. Afecta a BIND en versiones 9.9.12, 9.10.7, 9.11.3, desde la versión 9.12.0 hasta la 9.12.1-P2, la versión de desarrollo 9.13.0, además de las versiones 9.9.12-S1, 9.10.7-S1, 9.11.3-S1 y 9.11.3-S2 de BIND 9 Supported Preview Edition."}],"metrics":{"cvssMetricV30":[{"source":"security-officer@isc.org","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*","matchCriteriaId":"CEBAAC23-A533-4688-9BF4-1819C600D6FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*","matchCriteriaId":"71776282-A512-4AF8-A3ED-D9CB0A768410"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*","matchCriteriaId":"01452454-B7CC-4909-8B2B-B4DF06F8CB4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*","matchCriteriaId":"F5410A39-A1B8-42BB-9C1B-EC50B1677144"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*","matchCriteriaId":"46216E94-DC78-4338-BAFA-C88FA202948C"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*","matchCriteriaId":"07F165FC-15DF-44F1-B578-A592045BEDEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*","matchCriteriaId":"E8D007DF-0C42-444F-9D43-C52024A0C600"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","matchCriteriaId":"5DCE4BD2-2256-473F-B17F-192CAC145DF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*","matchCriteriaId":"F72B798C-6FF1-41D2-83BC-BBA8F0C71DDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*","matchCriteriaId":"1653E806-4F31-4ACA-B51F-5F0067D99208"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*","matchCriteriaId":"8E5AB236-CBDE-48F3-B6E1-5C6B08996ED7"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*","matchCriteriaId":"F57F84D2-76D0-42B9-BA61-96204F527B7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*","matchCriteriaId":"FF6D296A-A353-4D4D-BAD7-38E02A7AF298"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","matchCriteriaId":"440CFE40-C9B7-4E6E-800D-DD595F8FC38E"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*","matchCriteriaId":"F1E36C76-E5E0-42B9-ABF4-F71CE831A62B"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*","matchCriteriaId":"5AE4CCD7-7825-4422-A972-E19984076091"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*","matchCriteriaId":"D425D9A9-872D-444D-B5DA-74CB5F775FC6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1041115","source":"security-officer@isc.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.isc.org/docs/aa-01616","source":"security-officer@isc.org","tags":["Mitigation","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201903-13","source":"security-officer@isc.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190830-0002/","source":"security-officer@isc.org"},{"url":"https://usn.ubuntu.com/3683-1/","source":"security-officer@isc.org","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1041115","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.isc.org/docs/aa-01616","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201903-13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20190830-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3683-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}