Page Content
The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
Affected products and versions:
BIND: 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2
DNCP : 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6, 4.4.0
CERT Bulgaria recommends users and administrators to review ISC Knowledge Base Articles AA-01562 and AA-01565 and apply the necessary updates or workarounds.
Workaround: Disabling the SERVFAIL cache with 'servfail-ttl 0;' will prevent taking the code path that leads to the assertion failure
Upgrade to BIND 9 version 9.10.6-S3
Workaround: none
Upgrade to most closely related to your current version of DHCP.
DHCP 4.1-ESV-R15-P1
DHCP 4.3.6-P1
DHCP 4.4.1
https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
https://kb.isc.org/article/AA-01565/75/CVE-2018-5732