ISC BIND managed-keys Trust Anchor Denial of Service Vulnerability

By GIXnews

A vulnerability in the managed-keys feature of ISC BIND could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an assertion failure that could occur in the managed-keys feature of the affected software if trust anchor keys are replaced with keys that use an unsupported algorithm during key rollover. An attacker could exploit this vulnerability to cause the named daemon to crash. A successful exploit could result in a DoS condition.

ISC has confirmed the vulnerability and released software updates.

Security Impact Rating: Medium

CVE: CVE-2018-5745

Source:: Cisco Multivendor Vulnerability Alerts