CVE-2019-6468 - OpenCVE

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Isc	Bind

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind:9.10.5:s1:::supported_preview:::*
	cpe:2.3:a:isc:bind:9.11.5:s5:::supported_preview:::*

References

Link	Resource
https://kb.isc.org/docs/cve-2019-6468	Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_20

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: isc

Published: 2019-04-24T00:00:00

Updated: 2019-12-18T17:06:12

Reserved: 2019-01-16T00:00:00

Link: CVE-2019-6468

JSON object: View

NVD Information

Status : Modified

Published: 2019-10-09T16:15:16.687

Modified: 2019-12-18T18:15:21.740

Link: CVE-2019-6468

JSON object: View

Redhat Information

No data.

CWE

CWE-617

{"containers": {"cna": {"affected": [{"product": "BIND 9 Supported Preview Edition", "vendor": "ISC", "versions": [{"status": "affected", "version": "BIND 9 9.10.5-S1 -> 9.11.5-S5"}]}], "credits": [{"lang": "en", "value": "ISC would like to thank Quad9 for reporting this issue."}], "datePublic": "2019-04-24T00:00:00", "descriptions": [{"lang": "en", "value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-18T17:06:12", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/docs/cve-2019-6468"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n+ BIND 9.11.5-S6\n+ BIND 9.11.6-S1\n\n\n\n"}], "source": {"discovery": "USER"}, "title": "BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used", "workarounds": [{"lang": "en", "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration."}], "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-officer@isc.org", "DATE_PUBLIC": "2019-04-24T23:00:00.000Z", "ID": "CVE-2019-6468", "STATE": "PUBLIC", "TITLE": "BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIND 9 Supported Preview Edition", "version": {"version_data": [{"version_name": "BIND 9", "version_value": "9.10.5-S1 -> 9.11.5-S5"}]}}]}, "vendor_name": "ISC"}]}}, "credit": [{"lang": "eng", "value": "ISC would like to thank Quad9 for reporting this issue."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug."}]}]}, "references": {"reference_data": [{"name": "https://kb.isc.org/docs/cve-2019-6468", "refsource": "CONFIRM", "url": "https://kb.isc.org/docs/cve-2019-6468"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_20", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"}]}, "solution": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n+ BIND 9.11.5-S6\n+ BIND 9.11.6-S1\n\n\n\n"}], "source": {"discovery": "USER"}, "work_around": [{"lang": "en", "value": "Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration."}]}}}, "cveMetadata": {"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2019-6468", "datePublished": "2019-04-24T00:00:00", "dateReserved": "2019-01-16T00:00:00", "dateUpdated": "2019-12-18T17:06:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:supported_preview:*:*:*", "matchCriteriaId": "CAD41122-C5D8-4256-8CB7-FF88DCD96A13", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*", "matchCriteriaId": "91533F9F-C0E5-4E84-8A4C-F744F956BF97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected."}, {"lang": "es", "value": "En BIND Supported Preview Edition, puede presentarse un error en la funcionalidad nxdomain-redirect en las versiones que admiten las funcionalidades EDNS Client Subnet (ECS). En aquellas versiones que tienen soporte ECS, es probable que habilitar nxdomain-redirect conlleve a la salida de BIND debido a un error de aserci\u00f3n. Versiones afectadas: BIND Supported Preview Edition 9.10.5-S1 hasta 9.11.5-S5. Las versiones de ONLY BIND Supported Preview Edition est\u00e1n afectadas."}], "id": "CVE-2019-6468", "lastModified": "2019-12-18T18:15:21.740", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-officer@isc.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-09T16:15:16.687", "references": [{"source": "security-officer@isc.org", "tags": ["Third Party Advisory"], "url": "https://kb.isc.org/docs/cve-2019-6468"}, {"source": "security-officer@isc.org", "url": "https://www.synology.com/security/advisory/Synology_SA_19_20"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}