CVE-2018-1099

NameCVE-2018-1099
DescriptionDNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
etcd (PTS)buster, sid3.2.18+dfsg-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
etcdsource(unstable)(unfixed)low

Notes

https://github.com/coreos/etcd/issues/9353
https://bugzilla.redhat.com/show_bug.cgi?id=1552717

Search for package or bug name: Reporting problems