Vulnerabilities > CVE-2019-6469 - Reachable Assertion vulnerability in ISC Bind 9.10.5/9.11.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.
Common Weakness Enumeration (CWE)
Nessus
NASL family DNS NASL id BIND9_9117.NASL description The version of ISC BIND Supported Preview Edition running on the remote host is version 9.10.5-S1 through 9.11.6-S1. It is, therefore, affected by an error related to handling RRSIG data that allows an attacker to crash the application if the EDNS Client Subnet (ECS) feature is enabled. last seen 2020-06-01 modified 2020-06-02 plugin id 125738 published 2019-06-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125738 title ISC BIND 9.10.5-S1 <= 9.11.6-S1 EDNS Client Subnet RRSIG Denial of Service code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(125738); script_version("1.4"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2019-6469"); script_bugtraq_id(108517); script_name(english:"ISC BIND 9.10.5-S1 <= 9.11.6-S1 EDNS Client Subnet RRSIG Denial of Service"); script_summary(english:"Checks the version of ISC BIND."); script_set_attribute(attribute:"synopsis", value: "The remote name server is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The version of ISC BIND Supported Preview Edition running on the remote host is version 9.10.5-S1 through 9.11.6-S1. It is, therefore, affected by an error related to handling RRSIG data that allows an attacker to crash the application if the EDNS Client Subnet (ECS) feature is enabled."); # https://kb.isc.org/docs/cve-2019-6469 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75568163"); script_set_attribute(attribute:"solution", value: "Upgrade to ISC BIND version 9.11.7-S1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6469"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/06"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"DNS"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("bind_version.nasl"); script_require_keys("bind/version", "Settings/ParanoidReport"); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); vcf::bind::initialize(); app_info = vcf::get_app_info(app:'BIND', port:53, kb_ver:'bind/version', service:TRUE, proto:'UDP'); if (report_paranoia < 2) audit(AUDIT_PARANOID); constraints = [ { 'min_version' : '9.10.5-S1', 'max_version' : '9.11.6-S1' , 'fixed_display' : '9.11.7-S1'} ]; constraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version); vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0199_BINDUTILS.NASL description An update of the bindutils package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 132987 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132987 title Photon OS 2.0: Bindutils PHSA-2020-2.0-0199 code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2020-2.0-0199. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(132987); script_version("1.3"); script_cvs_date("Date: 2020/01/18"); script_cve_id( "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471", "CVE-2019-6475", "CVE-2019-6476" ); script_bugtraq_id( 108070, 108071, 108517, 108854 ); script_name(english:"Photon OS 2.0: Bindutils PHSA-2020-2.0-0199"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the bindutils package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-199.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-6475"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bindutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_exists(rpm:"bindutils-9.15", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"bindutils-9.15.5-1.ph2")) flag++; if (rpm_exists(rpm:"bindutils-9.15", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", cpu:"src", reference:"bindutils-9.15.5-1.ph2.src")) flag++; if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"bindutils-debuginfo-9.15.5-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bindutils"); }