CVE Number – CVE-2018-5741
A vulnerability in ISC BIND could allow an authenticated, remote attacker to modify certain information on a targeted system.
The vulnerability is due to incorrect documentation in the Administrator Reference Manual (ARM) describing the behavior of the krb5-subdomain and ms-subdomain update policy rule types. This could mislead users into believing the configuration of these rule types in the update-policy feature is more restrictive than in actuality. An attacker could exploit this vulnerability to modify records in the zone at or below the name specified in the name field on a targeted system. A successful exploit could be used to conduct further attacks.
ISC confirmed the vulnerability; however, software updates are not available.
To exploit this vulnerability, the attacker must have user-level access to the targeted system. This access requirement may reduce the likelihood of a successful exploit.
Administrators are advised to contact the vendor regarding future updates and releases.
Administrators are advised to allow only trusted users to have network access.
Administrators are advised to run both firewall and antivirus applications to minimize the potential of inbound and outbound threats.
Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.
Administrators can help protect affected systems from external attacks by using a solid firewall strategy.
Administrators are advised to monitor affected systems.
ISC released a security advisory at the following link: CVE-2018-5741: Update policies krb5-subdomain and ms-subdomain
At the time this alert was first published, ISC had not released software updates.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.