csaf_certbund - wid-sec-w-2025-1195

wid-sec-w-2025-1195

Vulnerability from csaf_certbund

Published

2019-04-24 22:00

Modified

2025-05-29 22:00

Summary

Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1195 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-1195.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1195 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1195"
      },
      {
        "category": "external",
        "summary": "Eintrag in der OSS Mailing Liste vom 2019-04-24",
        "url": "https://seclists.org/oss-sec/2019/q2/62"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3956-1 vom 2019-04-25",
        "url": "https://usn.ubuntu.com/3956-1/"
      },
      {
        "category": "external",
        "summary": "Infoblox Advisory #10127 vom 2019-04-24",
        "url": "https://support.infoblox.com/app/answers/detail/a_id/10127"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4440 vom 2019-05-10",
        "url": "http://www.debian.org/security/2019/dsa-4440"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3956-2 vom 2019-05-09",
        "url": "https://usn.ubuntu.com/3956-2/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1145 vom 2019-05-14",
        "url": "https://access.redhat.com/errata/RHSA-2019:1145"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1294 vom 2019-05-30",
        "url": "https://access.redhat.com/errata/RHSA-2019:1294"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-1294 vom 2019-05-30",
        "url": "http://linux.oracle.com/errata/ELSA-2019-1294.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1407-1 vom 2019-06-04",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191407-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:14074-1 vom 2019-06-07",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914074-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1449-1 vom 2019-06-07",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191449-1.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2019:1294 vom 2019-06-10",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1294-Important-CentOS-7-bind-Security-Update-tp4645561.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:1406-2 vom 2019-06-11",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191406-2.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:1492 vom 2019-06-17",
        "url": "https://access.redhat.com/errata/RHSA-2019:1492"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2019-1492 vom 2019-06-18",
        "url": "http://linux.oracle.com/errata/ELSA-2019-1492.html"
      },
      {
        "category": "external",
        "summary": "ORACLE OVMSA-2019-0027 vom 2019-06-18",
        "url": "https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000946.html"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2019:1492 vom 2019-06-18",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2019-1492-Important-CentOS-6-bind-Security-Update-tp4645571.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K74009656 vom 2019-07-03",
        "url": "http://www.auscert.org.au/bulletins/ESB-2019.2413/"
      },
      {
        "category": "external",
        "summary": "Oracle VM Server f\u00fcr x86 Bulletin - Juli 2019",
        "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2019-5600406.html"
      },
      {
        "category": "external",
        "summary": "Infoblox Advisory 0127 vom 2019-08-06",
        "url": "https://support.infoblox.com/app/answers/detail/a_id/10127"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2698 vom 2019-09-10",
        "url": "https://access.redhat.com/errata/RHSA-2019:2698"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2019:2502-1 vom 2019-10-01",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20192502-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2019:2977 vom 2019-10-08",
        "url": "https://access.redhat.com/errata/RHSA-2019:2977"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin",
        "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-9117 vom 2022-02-03",
        "url": "https://linux.oracle.com/errata/ELSA-2022-9117.html"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2025-213 vom 2025-05-30",
        "url": "https://www.dell.com/support/kbdoc/de-de/000326299/dsa-2025-213-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-multiple-third-party-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "Internet Systems Consortium BIND: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2025-05-29T22:00:00.000+00:00",
      "generator": {
        "date": "2025-05-30T10:55:10.847+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1195",
      "initial_release_date": "2019-04-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-04-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-04-25T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2019-05-05T22:00:00.000+00:00",
          "number": "3",
          "summary": "Referenz(en) aufgenommen: FEDORA-2019-0370AD8310, FEDORA-2019-F791948895"
        },
        {
          "date": "2019-05-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian und Ubuntu aufgenommen"
        },
        {
          "date": "2019-05-13T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-05-30T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2019-06-03T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-06-06T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-06-10T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE und CentOS aufgenommen"
        },
        {
          "date": "2019-06-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-06-17T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
        },
        {
          "date": "2019-06-18T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von ORACLE und CentOS aufgenommen"
        },
        {
          "date": "2019-07-02T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2019-07-16T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2019-08-06T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Infoblox aufgenommen"
        },
        {
          "date": "2019-08-08T22:00:00.000+00:00",
          "number": "16",
          "summary": "Referenz aufgenommen:"
        },
        {
          "date": "2019-09-10T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2019-10-01T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2019-10-07T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-01-12T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2022-02-03T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-05-29T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "22"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Dell Avamar",
            "product": {
              "name": "Dell Avamar",
              "product_id": "T039664",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:avamar:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Dell NetWorker",
            "product": {
              "name": "Dell NetWorker",
              "product_id": "T034583",
              "product_identification_helper": {
                "cpe": "cpe:/a:dell:networker:virtual"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Infoblox NIOS",
            "product": {
              "name": "Infoblox NIOS",
              "product_id": "T014068",
              "product_identification_helper": {
                "cpe": "cpe:/o:infoblox:nios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Infoblox"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.11.6-P1",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.11.6-P1",
                  "product_id": "T014054"
                }
              },
              {
                "category": "product_version",
                "name": "9.11.6-P1",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.11.6-P1",
                  "product_id": "T014054-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.11.6-p1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.12.4-P1",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.12.4-P1",
                  "product_id": "T014055"
                }
              },
              {
                "category": "product_version",
                "name": "9.12.4-P1",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.12.4-P1",
                  "product_id": "T014055-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.12.4-p1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.14.1",
                "product": {
                  "name": "Internet Systems Consortium BIND \u003c9.14.1",
                  "product_id": "T014056"
                }
              },
              {
                "category": "product_version",
                "name": "9.14.1",
                "product": {
                  "name": "Internet Systems Consortium BIND 9.14.1",
                  "product_id": "T014056-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:isc:bind:9.14.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIND"
          }
        ],
        "category": "vendor",
        "name": "Internet Systems Consortium"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.4R1",
                "product": {
                  "name": "Juniper Junos Space \u003c19.4R1",
                  "product_id": "T015663"
                }
              },
              {
                "category": "product_version",
                "name": "19.4R1",
                "product": {
                  "name": "Juniper Junos Space 19.4R1",
                  "product_id": "T015663-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:juniper:junos_space:19.4r1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Junos Space"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle VM",
            "product": {
              "name": "Oracle VM",
              "product_id": "T011119",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:vm:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-5743",
      "product_status": {
        "known_affected": [
          "T011119",
          "67646",
          "T034583",
          "T004914",
          "T014056",
          "T015663",
          "T014068",
          "T014054",
          "T039664",
          "T014055",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2019-04-24T22:00:00.000+00:00",
      "title": "CVE-2018-5743"
    },
    {
      "cve": "CVE-2019-6467",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T034583",
          "1727",
          "T004914",
          "T014056",
          "T014054",
          "T039664",
          "T014055"
        ]
      },
      "release_date": "2019-04-24T22:00:00.000+00:00",
      "title": "CVE-2019-6467"
    },
    {
      "cve": "CVE-2019-6468",
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T034583",
          "1727",
          "T004914",
          "T014056",
          "T014054",
          "T039664",
          "T014055"
        ]
      },
      "release_date": "2019-04-24T22:00:00.000+00:00",
      "title": "CVE-2019-6468"
    }
  ]
}

CVE-2018-5743 (GCVE-0-2018-5743)

Vulnerability from cvelistv5

Published

2019-10-09 14:17

Modified

2024-09-17 02:26

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.

Summary

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

References

►

URL

Tags

	https://kb.isc.org/docs/cve-2018-5743	x_refsource_CONFIRM
	https://www.synology.com/security/advisory/Synology_SA_19_20	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K74009656?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Version: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:40:51.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2018-5743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank AT\u0026T for helping us to discover this issue."
        }
      ],
      "datePublic": "2019-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files.  In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:06:10",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2018-5743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to a version of BIND containing a fix for the ineffective limits.\n\n+    BIND 9.11.6-P1\n+    BIND 9.12.4-P1\n+    BIND 9.14.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n +   BIND 9.11.5-S6\n +   BIND 9.11.6-S1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "Limiting simultaneous TCP clients was ineffective",
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-04-24T23:00:00.000Z",
          "ID": "CVE-2018-5743",
          "STATE": "PUBLIC",
          "TITLE": "Limiting simultaneous TCP clients was ineffective"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank AT\u0026T for helping us to discover this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -\u003e 9.10.8-P1, 9.11.0 -\u003e 9.11.6, 9.12.0 -\u003e 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -\u003e 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -\u003e 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "By exploiting the failure to limit simultaneous TCP connections, an attacker can deliberately exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files.  In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2018-5743",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2018-5743"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
            },
            {
              "name": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K74009656?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to a version of BIND containing a fix for the ineffective limits.\n\n+    BIND 9.11.6-P1\n+    BIND 9.12.4-P1\n+    BIND 9.14.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n +   BIND 9.11.5-S6\n +   BIND 9.11.6-S1"
          }
        ],
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2018-5743",
    "datePublished": "2019-10-09T14:17:14.293079Z",
    "dateReserved": "2018-01-17T00:00:00",
    "dateUpdated": "2024-09-17T02:26:38.493Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6467 (GCVE-0-2019-6467)

Vulnerability from cvelistv5

Published

2019-10-09 14:17

Modified

2024-09-17 00:11

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients.

Summary

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

References

►

URL

Tags

	https://kb.isc.org/docs/cve-2019-6467	x_refsource_CONFIRM
	https://www.synology.com/security/advisory/Synology_SA_19_20	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Version: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2019-6467"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Quad9 for reporting this issue."
        }
      ],
      "datePublic": "2019-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:06:11",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2019-6467"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n+   BIND 9.12.4-P1\n+   BIND 9.14.1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c",
      "workarounds": [
        {
          "lang": "en",
          "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-04-24T23:00:00.000Z",
          "ID": "CVE-2019-6467",
          "STATE": "PUBLIC",
          "TITLE": "An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Quad9 for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-\u003e 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2019-6467",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2019-6467"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n+   BIND 9.12.4-P1\n+   BIND 9.14.1"
          }
        ],
        "source": {
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2019-6467",
    "datePublished": "2019-10-09T14:17:14.449734Z",
    "dateReserved": "2019-01-16T00:00:00",
    "dateUpdated": "2024-09-17T00:11:15.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-6468 (GCVE-0-2019-6468)

Vulnerability from cvelistv5

Published

2019-10-09 14:17

Modified

2024-09-16 18:44

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.

Summary

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

References

►

URL

Tags

	https://kb.isc.org/docs/cve-2019-6468	x_refsource_CONFIRM
	https://www.synology.com/security/advisory/Synology_SA_19_20	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	ISC	BIND 9 Supported Preview Edition	Version: BIND 9 9.10.5-S1 -> 9.11.5-S5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:20.952Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2019-6468"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND 9 Supported Preview Edition",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "BIND 9 9.10.5-S1 -\u003e 9.11.5-S5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Quad9 for reporting this issue."
        }
      ],
      "datePublic": "2019-04-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -\u003e 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-18T17:06:12",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2019-6468"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n+    BIND 9.11.5-S6\n+    BIND 9.11.6-S1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used",
      "workarounds": [
        {
          "lang": "en",
          "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.7"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-04-24T23:00:00.000Z",
          "ID": "CVE-2019-6468",
          "STATE": "PUBLIC",
          "TITLE": "BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND 9 Supported Preview Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "BIND 9",
                            "version_value": "9.10.5-S1 -\u003e 9.11.5-S5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Quad9 for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -\u003e 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.7"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2019-6468",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2019-6468"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_19_20",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n+    BIND 9.11.5-S6\n+    BIND 9.11.6-S1"
          }
        ],
        "source": {
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver\u0027s configuration."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2019-6468",
    "datePublished": "2019-10-09T14:17:14.488494Z",
    "dateReserved": "2019-01-16T00:00:00",
    "dateUpdated": "2024-09-16T18:44:17.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

wid-sec-w-2025-1195

Vulnerability from csaf_certbund

CVE-2018-5743 (GCVE-0-2018-5743)

Vulnerability from cvelistv5

CVE-2019-6467 (GCVE-0-2019-6467)

Vulnerability from cvelistv5

CVE-2019-6468 (GCVE-0-2019-6468)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature