× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2019

Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5743 (2019.06.17)

Notice IBM is now listing V7R4 PTFs.
https://www-01.ibm.com/support/docview.wss?uid=ibm10883384&myns=ibmi&mynp=OCSSC52E&mynp=OCSSC5L9&mynp=OCSSTS2D&mynp=OCSS9QQS&mync=E&cm_sp=ibmi-_-OCSSC52E-OCSSC5L9-OCSSTS2D-OCSS9QQS-_-E
Security Bulletin
Summary
ISC BIND is vulnerable to this security vulnerability. IBM i has addressed this vulnerability.
Vulnerability Details
CVEID: CVE-2018-5743<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743>
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw when setting the TCP client quota using the tcp-clients option. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the exhaustion of file descriptors.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160127 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Releases 7.1, 7.2, 7.3, and 7.4 of IBM i are affected.

Remediation/Fixes
The issue can be fixed by applying a PTF to IBM i.
Releases 7.1, 7.2, 7.3, and 7.4 of IBM i are supported and will be fixed.
The IBM i PTF numbers are:
Release 7.1 – SI69882
Release 7.2 – SI69883
Release 7.3 – SI69885
Release 7.4 – SI69886
https://www-945.ibm.com/support/fixcentral/



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.