CVE-2019-6465

Name of the Vulnerable Software and Affected Versions BIND 9.9.0 through 9.10.8-P1 BIND 9.11.0 through 9.11.5-P2 BIND 9.12.0 through 9.12.3-P2 BIND 9.9.3-S1 through 9.11.5-S3 of BIND 9 Supported Preview Edition BIND 9.13.0 through 9.13.6

Description The issue is related to a problem with controls for zone transfers not being properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable. This allows an attacker to bypass the allow-transfer access control list (ACL) and receive a zone transfer of a DLZ, potentially gaining access to confidential data.

Recommendations For BIND 9.9.0 through 9.10.8-P1, update to a version outside of this range to resolve the issue. For BIND 9.11.0 through 9.11.5-P2, update to a version outside of this range to resolve the issue. For BIND 9.12.0 through 9.12.3-P2, update to a version outside of this range to resolve the issue. For BIND 9.9.3-S1 through 9.11.5-S3 of BIND 9 Supported Preview Edition, update to a version outside of this range to resolve the issue. For BIND 9.13.0 through 9.13.6, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to writable Dynamically Loadable Zones (DLZs) to minimize the risk of exploitation.