CVE-2019-6475
Vulnerability from cvelistv5
Published
2019-10-17 19:17
Modified
2024-09-16 17:54
Severity
Summary
A flaw in mirror zone validity checking can allow zone data to be spoofed
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2019-6475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.14.0 up to 9.14.6"
},
{
"status": "affected",
"version": "9.15.0 up to 9.15.4"
}
]
}
],
"datePublic": "2019-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker\u0027s choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An on-path attacker who manages to successfully exploit this vulnerability can replace the mirrored zone (usually the root) with data of their own choosing, effectively bypassing DNSSEC protection.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T20:06:57",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2019-6475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n + BIND 9.14.7\n + BIND 9.15.5"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "A flaw in mirror zone validity checking can allow zone data to be spoofed",
"workarounds": [
{
"lang": "en",
"value": "The vulnerability can be avoided by not using mirror zones."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-10-16T17:36:45.000Z",
"ID": "CVE-2019-6475",
"STATE": "PUBLIC",
"TITLE": "A flaw in mirror zone validity checking can allow zone data to be spoofed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_value": "9.14.0 up to 9.14.6"
},
{
"version_value": "9.15.0 up to 9.15.4"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker\u0027s choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An on-path attacker who manages to successfully exploit this vulnerability can replace the mirrored zone (usually the root) with data of their own choosing, effectively bypassing DNSSEC protection."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6475",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6475"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191024-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"name": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n + BIND 9.14.7\n + BIND 9.15.5"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "The vulnerability can be avoided by not using mirror zones."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2019-6475",
"datePublished": "2019-10-17T19:17:36.355066Z",
"dateReserved": "2019-01-16T00:00:00",
"dateUpdated": "2024-09-16T17:54:52.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-6475\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2019-10-17T20:15:12.770\",\"lastModified\":\"2023-11-07T03:13:10.450\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker\u0027s choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.\"},{\"lang\":\"es\",\"value\":\"Las zonas espejo son una funcionalidad de BIND que permite a los servidores recursivos almacenar en memoria cach\u00e9 los datos de zona proporcionados por otros servidores. Una zona espejo es similar a una zona de tipo secundaria, excepto que sus datos est\u00e1n sujetos a la comprobaci\u00f3n DNSSEC antes de ser usados en las respuestas, como si han sido buscados por medio de la recursi\u00f3n tradicional, y cuando los datos de la zona espejo no pueden ser comprobados, BIND regresa para usar la recursividad tradicional en lugar de la zona espejo. Sin embargo, un error en las comprobaciones de validez de los datos de las zonas entrantes puede permitir a un atacante en ruta reemplazar los datos de zona que fueron comprobados con un ancla de confianza configurada con datos falsificados de elecci\u00f3n del atacante. La funcionalidad de zona espejo es usada con mayor frecuencia para servir una copia local de la zona root. Si un atacante fue capaz de insertarse en la ruta de red entre un servidor recursivo y un servidor de nombre root utilizando una zona espejo, esta vulnerabilidad podr\u00eda ser usada para causar que el servidor recursivo acepte una copia de los datos falsificados de la zona root. Esto afecta a las versiones BIND 9.14.0 hasta 9.14.6 y 9.15.0 hasta 9.15.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.14.0\",\"versionEndIncluding\":\"9.14.6\",\"matchCriteriaId\":\"139ED9D5-ED04-479F-B9E2-2E5BB257C5CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.15.0\",\"versionEndIncluding\":\"9.15.4\",\"matchCriteriaId\":\"F910D6A0-1E35-443D-A57F-C4A8951B69F3\"}]}]}],\"references\":[{\"url\":\"https://kb.isc.org/docs/cve-2019-6475\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20191024-0004/\",\"source\":\"security-officer@isc.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"security-officer@isc.org\"}]}}"
}
}
Loading...