PT-2019-5506 · Isc+1 · Bind+1

Published

2019-04-24

Updated

2019-12-18

CVE-2019-6468

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions BIND Supported Preview Edition versions 9.10.5-S1 through 9.11.5-S5

Description The issue is related to the nxdomain-redirect feature in the BIND DNS server, specifically when EDNS Client Subnet (ECS) features are supported. It can lead to an assertion failure, causing the service to exit. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For BIND Supported Preview Edition versions 9.10.5-S1 through 9.11.5-S5, consider disabling the nxdomain-redirect feature to prevent the assertion failure until a patch is available. Restrict access to the ECS support feature in the affected versions to minimize the risk of exploitation.

Fix

DoS

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2020-03323

CVE-2019-6468

Affected Products

Bind

Bind Server

PT-2019-5506 · Isc+1 · Bind+1

CVE-2019-6468

Weakness Enumeration

Related Identifiers

Affected Products

References · 11