n the wake of June 2018 Patch Tuesday, alerts and patches were issued for another speculative execution vulnerability affecting Intel, a git issue with Apple and a flaw in the BIND open-source DNS software.
Intel's security note focuses on CVE-2018-3665 and effects all Core-based microprocessors. The problem is with the Lazy FP state restore which can be exploited when a user switches between applications resulting in information disclosure.
“System software may opt to utilize Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value,” Intel reported on its security page.
To mitigate the issue Intel recommends that system software developers utilise Eager FP state restore in lieu of Lazy FP state restore.
The Internet Systems Consortium (ISC) put out an alert on CVE-2018-5738, rated as a medium threat, for BIND servers, versions 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition. There are no active exploits of this issue and the problem will be patched in a future BIND update.
The problem was inserted into BIND in October 2017 with change #4777 which permits recursive service to unauthorised clients. ISC said could result in:
- Additional queries from unauthorised clients may increase the load on a server, possibly degrading service to authorised clients.
- Allowing queries from unauthorised clients can potentially allow a server to be co-opted for use in DNS reflection attacks.
- An attacker may be able to deduce which queries a server has previously serviced by examining the results of queries answered from the cache, potentially leaking private information about what queries have been performed.
Apple's release covered CVE-2018-11235 and CVE-2018-11233 for macOS High Sierra 10.13.2 or later. The vulnerabilities impact multiple issues in git, one of which can lead to arbitrary code execution. The flaws can be patched by updating git to version 2.15.2.