{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "9.11.3-s2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "18.04" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "9.9.12" }, { "introduced": "0" }, { "last_affected": "9.9.12-s1" }, { "introduced": "0" }, { "last_affected": "9.10.7" }, { "introduced": "0" }, { "last_affected": "9.10.7-s1" }, { "introduced": "0" }, { "last_affected": "9.11.3" }, { "introduced": "0" }, { "last_affected": "9.11.3-s1" }, { "introduced": "0" }, { "last_affected": "9.12.0" }, { "introduced": "0" }, { "last_affected": "9.12.0-a1" }, { "introduced": "0" }, { "last_affected": "9.12.0-b1" }, { "introduced": "0" }, { "last_affected": "9.12.0-b2" }, { "introduced": "0" }, { "last_affected": "9.12.0-rc1" }, { "introduced": "0" }, { "last_affected": "9.12.0-rc3" }, { "introduced": "0" }, { "last_affected": "9.12.1" }, { "introduced": "0" }, { "last_affected": "9.12.1-p1" }, { "introduced": "0" }, { "last_affected": "9.12.1-p2" }, { "introduced": "0" }, { "last_affected": "9.13.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "4eb49c48823a2abbe0b3784305906cce5f520a4c" }, { "introduced": "0" }, { "last_affected": "470cee7071b278e016ae94cd403dbc13689d3444" }, { "introduced": "0" }, { "last_affected": "db65d701b999d10e555c13454bceb74df4494975" }, { "introduced": "0" }, { "last_affected": "fe1302d54424009769409e46c0d50c0bcccd1d31" }, { "introduced": "0" }, { "last_affected": "a37581543167cd471036b0d43e767c9ffb825625" }, { "introduced": "0" }, { "last_affected": "617639b7cc40ba9eb6fde2d98099726d50da812e" }, { "introduced": "0" }, { "last_affected": "71a40862c0be867999867cd99e21c2266a5e452b" }, { "introduced": "0" }, { "last_affected": "08a3dedda1254acbbc7ebbfee33915d27efaa902" }, { "introduced": "0" }, { "last_affected": "08a3dedda1254acbbc7ebbfee33915d27efaa902" }, { "introduced": "0" }, { "last_affected": "5b1e929b8b07586a24d32dc0d7590bc25dacf754" }, { "introduced": "0" }, { "last_affected": "f9c3aba9b3070603bd8582399646480ec6bc5912" }, { "introduced": "0" }, { "last_affected": "4bb22b64006b4b0d248b918005359b055a03ac46" }, { "introduced": "0" }, { "last_affected": "b2307b25465c16d37ff6de22438a2d214287417c" }, { "introduced": "0" }, { "last_affected": "ed829a6ba4ff56d4eb82074e0498736fa9d68f8c" }, { "introduced": "0" }, { "last_affected": "14b0e01fee2e288e01eef3dd88f3212030ad3c42" }, { "introduced": "0" }, { "last_affected": "29b3a7d84240a51099490c0f39ae537f4e0d6a7a" } ], "repo": "https://gitlab.isc.org/isc-projects/bind9", "type": "GIT" } ] } ], "details": "Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the \"allow-recursion\" setting, it SHOULD default to one of the following: none, if \"recursion no;\" is set in named.conf; a value inherited from the \"allow-query-cache\" or \"allow-query\" settings IF \"recursion yes;\" (the default for that setting) AND match lists are explicitly set for \"allow-query-cache\" or \"allow-query\" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of \"allow-recursion {localhost; localnets;};\" if \"recursion yes;\" is in effect and no values are explicitly set for \"allow-query-cache\" or \"allow-query\". However, because of the regression introduced by change #4777, it is possible when \"recursion yes;\" is in effect and no match list values are provided for \"allow-query-cache\" or \"allow-query\" for the setting of \"allow-recursion\" to inherit a setting of all hosts from the \"allow-query\" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0-\u003e9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.", "id": "CVE-2018-5738", "modified": "2026-03-15T13:45:06.422050226Z", "published": "2019-01-16T20:29:00.907Z", "references": [ { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20190830-0002/" }, { "type": "ADVISORY", "url": "https://usn.ubuntu.com/3683-1/" }, { "type": "ADVISORY", "url": "http://www.securitytracker.com/id/1041115" }, { "type": "ADVISORY", "url": "https://kb.isc.org/docs/aa-01616" }, { "type": "ADVISORY", "url": "https://security.gentoo.org/glsa/201903-13" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }