GSD-2019-6476
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-6476",
"description": "A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.",
"id": "GSD-2019-6476",
"references": [
"https://www.suse.com/security/cve/CVE-2019-6476.html",
"https://security.archlinux.org/CVE-2019-6476"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-6476"
],
"details": "A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.",
"id": "GSD-2019-6476",
"modified": "2023-12-13T01:23:48.994138Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-10-16T17:36:53.000Z",
"ID": "CVE-2019-6476",
"STATE": "PUBLIC",
"TITLE": "An error in QNAME minimization code can cause BIND to exit with an assertion failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_value": "9.14.0 up to 9.14.6"
},
{
"version_value": "9.15.0 up to 9.15.4"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker who manages to deliberately trigger this condition on a server which is performing recursion can cause named to exit, denying service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6476",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6476"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191024-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"name": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n + BIND 9.14.7\n + BIND 9.15.5\n"
}
],
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "ervers which have QNAME minimization turned on are potentially vulnerable to this defect if they are running an affected version of BIND. The vulnerability can be avoided by disabling QNAME minimization using \"qname-minimization disabled;\" in the global options section of named.conf (Note: the default value for the qname-minimization setting in the 9.14 and 9.15 branches is \"relaxed\". To make use of this workaround it must be explicitly disabled.)"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.14.6",
"versionStartIncluding": "9.14.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.15.4",
"versionStartIncluding": "9.15.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"ID": "CVE-2019-6476"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6476",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://kb.isc.org/docs/cve-2019-6476"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191024-0004/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"name": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-24T06:15Z",
"publishedDate": "2019-10-17T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…