{"containers": {"cna": {"affected": [{"product": "BIND 9", "vendor": "ISC", "versions": [{"status": "affected", "version": "BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."}]}], "credits": [{"lang": "en", "value": "ISC would like to thank Quad9 for reporting this issue."}], "datePublic": "2019-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-18T17:06:11", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/cve-2019-6467"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n+ BIND 9.12.4-P1\n+ BIND 9.14.1\n\n\n\n\n"}], "source": {"discovery": "USER"}, "title": "An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c", "workarounds": [{"lang": "en", "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration."}], "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2019-04-24T23:00:00.000Z", "ID": "CVE-2019-6467", "STATE": "PUBLIC", "TITLE": "An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIND 9", "version": {"version_data": [{"version_name": "BIND 9", "version_value": "BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."}]}}]}, "vendor_name": "ISC"}]}}, "credit": [{"lang": "eng", "value": "ISC would like to thank Quad9 for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "An attacker who can deliberately trigger the condition on a server with a vulnerable configuration can cause BIND to exit, denying service to other clients."}]}]}, "references": {"reference_data": [{"name": "https://kb.isc.org/docs/cve-2019-6467", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/cve-2019-6467"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_20", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"}]}, "solution": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n+ BIND 9.12.4-P1\n+ BIND 9.14.1\n\n\n\n\n"}], "source": {"discovery": "USER"}, "work_around": [{"lang": "en", "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration."}]}}}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2019-6467", "datePublished": "2019-04-24T00:00:00", "dateReserved": "2019-01-16T00:00:00", "dateUpdated": "2019-12-18T17:06:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C499955-0D38-4828-B94F-9BFE2719246B", "versionEndIncluding": "9.12.4", "versionStartIncluding": "9.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA8EE96D-C27B-4995-BFB2-B4AC55ACAE8A", "versionEndIncluding": "9.13.7", "versionStartIncluding": "9.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "377B83CA-65BF-447F-91B4-E03CB893A879", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch."}, {"lang": "es", "value": "Un error de programaci\u00f3n en la funcionalidad nxdomain-redirect puede causar un error de aserci\u00f3n en el archivo query.c, si el espacio de nombres alternativo utilizado por nxdomain-redirect es un descendiente de una zona que es servida localmente. El escenario m\u00e1s probable en el que esto podr\u00eda presentarse es si el servidor, adem\u00e1s de realizar el redireccionamiento de NXDOMAIN para clientes recursivos, tambi\u00e9n est\u00e1 sirviendo una copia local de la zona root o utilizando la duplicaci\u00f3n para proveer la zona root, aunque tambi\u00e9n son posibles otras configuraciones. Versiones afectadas: BIND 9.12.0 hasta 9.12.4, y 9.14.0. Tambi\u00e9n afecta a todas las versiones en la rama de desarrollo 9.13."}], "id": "CVE-2019-6467", "lastModified": "2019-12-18T18:15:21.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-officer@isc.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-09T16:15:16.593", "references": [{"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://kb.isc.org/docs/cve-2019-6467"}, {"source": "security-officer@isc.org", "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}