certfr_avis - CERTFR-2019-AVI-187

CERTFR-2019-AVI-187

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ISC	BIND	BIND versions 9.9.0 à 9.10.8-P1 et versions 9.11.0 à 9.11.6
ISC	BIND	BIND toutes versions 9.13
ISC	BIND	BIND versions 9.12.0 à 9.12.4 et 9.14.0
ISC	BIND	BIND Supported Preview Edition versions 9.10.5-S1 à 9.11.5-S5

References

Title

Publication Time

Tags

Bulletin de sécurité ISC BIND cve-2019-6467 du 24 avril 2019	None	vendor-advisory
Bulletin de sécurité ISC BIND cve-2019-6468 du 24 avril 2019	None	vendor-advisory
Bulletin de sécurité ISC BIND cve-2018-5743 du 24 avril 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIND versions 9.9.0 \u00e0 9.10.8-P1 et versions 9.11.0 \u00e0 9.11.6",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND toutes versions 9.13",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND versions 9.12.0 \u00e0 9.12.4 et 9.14.0",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    },
    {
      "description": "BIND Supported Preview Edition versions 9.10.5-S1 \u00e0 9.11.5-S5",
      "product": {
        "name": "BIND",
        "vendor": {
          "name": "ISC",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-5743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
    },
    {
      "name": "CVE-2019-6467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6467"
    },
    {
      "name": "CVE-2019-6468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6468"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-187",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-04-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2019-6467 du 24 avril 2019",
      "url": "https://kb.isc.org/docs/cve-2019-6467"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2019-6468 du 24 avril 2019",
      "url": "https://kb.isc.org/docs/cve-2019-6468"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2018-5743 du 24 avril 2019",
      "url": "https://kb.isc.org/docs/cve-2018-5743"
    }
  ]
}

CVE-2018-5743 (GCVE-0-2018-5743)

Vulnerability from cvelistv5 – Published: 2019-10-09 14:17 – Updated: 2024-09-17 02:26

Summary

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2018-5743	x_refsource_CONFIRM
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K74009656?utm_…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Credits

ISC would like to thank AT&T for helping us to discover this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:40:51.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2018-5743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank AT\u0026T for helping us to discover this issue."
        }
      ],
      "datePublic": "2019-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files.  In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:06:10",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2018-5743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to a version of BIND containing a fix for the ineffective limits.\n\n+    BIND 9.11.6-P1\n+    BIND 9.12.4-P1\n+    BIND 9.14.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n +   BIND 9.11.5-S6\n +   BIND 9.11.6-S1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "Limiting simultaneous TCP clients was ineffective",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-04-24T23:00:00.000Z",
          "ID": "CVE-2018-5743",
          "STATE": "PUBLIC",
          "TITLE": "Limiting simultaneous TCP clients was ineffective"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank AT\u0026T for helping us to discover this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files.  In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2018-5743",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2018-5743"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
            },
            {
              "name": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to a version of BIND containing a fix for the ineffective limits.\n\n+    BIND 9.11.6-P1\n+    BIND 9.12.4-P1\n+    BIND 9.14.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n +   BIND 9.11.5-S6\n +   BIND 9.11.6-S1"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2018-5743",
    "datePublished": "2019-10-09T14:17:14.293079Z",
    "dateReserved": "2018-01-17T00:00:00",
    "dateUpdated": "2024-09-17T02:26:38.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6468 (GCVE-0-2019-6468)

Vulnerability from cvelistv5 – Published: 2019-10-09 14:17 – Updated: 2024-09-16 18:44

Summary

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2019-6468	x_refsource_CONFIRM
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND 9 Supported Preview Edition	Affected: BIND 9 9.10.5-S1 -> 9.11.5-S5

Credits

ISC would like to thank Quad9 for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:20.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2019-6468"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9 Supported Preview Edition",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9 9.10.5-S1 -\u003e 9.11.5-S5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Quad9 for reporting this issue."
        }
      ],
      "datePublic": "2019-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -\u003e 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:06:12",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2019-6468"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n+    BIND 9.11.5-S6\n+    BIND 9.11.6-S1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used",
      "workarounds": [
        {
          "lang": "en",
          "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-04-24T23:00:00.000Z",
          "ID": "CVE-2019-6468",
          "STATE": "PUBLIC",
          "TITLE": "BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9 Supported Preview Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "9.10.5-S1 -\u003e 9.11.5-S5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Quad9 for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -\u003e 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2019-6468",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2019-6468"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n+    BIND 9.11.5-S6\n+    BIND 9.11.6-S1"
          }
        ],
        "source": {
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2019-6468",
    "datePublished": "2019-10-09T14:17:14.488494Z",
    "dateReserved": "2019-01-16T00:00:00",
    "dateUpdated": "2024-09-16T18:44:17.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6467 (GCVE-0-2019-6467)

Vulnerability from cvelistv5 – Published: 2019-10-09 14:17 – Updated: 2024-09-17 00:11

Summary

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2019-6467	x_refsource_CONFIRM
	https://www.synology.com/security/advisory/Synolo…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

Credits

ISC would like to thank Quad9 for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2019-6467"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Quad9 for reporting this issue."
        }
      ],
      "datePublic": "2019-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:06:11",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2019-6467"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n+   BIND 9.12.4-P1\n+   BIND 9.14.1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c",
      "workarounds": [
        {
          "lang": "en",
          "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-04-24T23:00:00.000Z",
          "ID": "CVE-2019-6467",
          "STATE": "PUBLIC",
          "TITLE": "An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Quad9 for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2019-6467",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2019-6467"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n+   BIND 9.12.4-P1\n+   BIND 9.14.1"
          }
        ],
        "source": {
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2019-6467",
    "datePublished": "2019-10-09T14:17:14.449734Z",
    "dateReserved": "2019-01-16T00:00:00",
    "dateUpdated": "2024-09-17T00:11:15.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2019-AVI-187

Solution

CVE-2018-5743 (GCVE-0-2018-5743)

CVE-2019-6468 (GCVE-0-2019-6468)

CVE-2019-6467 (GCVE-0-2019-6467)

Tags

Sightings

Nomenclature