Vulnerabilities > CVE-2019-6471 - Reachable Assertion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2550-1.NASL description This update for bind fixes the following issues : Security issue fixed : CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed: bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129673 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129673 title SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:2550-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2265.NASL description This update for bind fixes the following issues : Security issue fixed : - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed : - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129668 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129668 title openSUSE Security Update : bind (openSUSE-2019-2265) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-2263.NASL description This update for bind fixes the following issues : Security issue fixed : - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed : - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 129666 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129666 title openSUSE Security Update : bind (openSUSE-2019-2263) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL10092301.NASL description A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. (CVE-2019-6471) Impact A remote attacker, who could cause the BIND resolver to perform queries on a server, which responds deliberately with malformed answers, can cause named to exit and result in a denial-of-service (DoS) condition. last seen 2020-03-17 modified 2019-08-12 plugin id 127495 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127495 title F5 Networks BIG-IP : BIND vulnerability (K10092301) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4026-1.NASL description It was discovered that Bind incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126097 published 2019-06-21 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126097 title Ubuntu 18.04 LTS / 18.10 / 19.04 : bind9 vulnerability (USN-4026-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2019-171-01.NASL description New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a denial-of-service security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 126092 published 2019-06-21 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126092 title Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2019-171-01) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1714.NASL description An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 126611 published 2019-07-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126611 title RHEL 8 : bind (RHSA-2019:1714) NASL family DNS NASL id BIND9_CVE-2019-6471.NASL description According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is between 9.11.0 and 9.11.7, 9.11.3-S1 and 9.11.7-S1, 9.12.0 and 9.12.4-P1, 9.13.x, 9.14.0 and 9.14.3, or 9.15 It is, therefore, affected by a race condition vulnerability, which may cause BIND to exit with an assertion failure when discarding malformed packets. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 126339 published 2019-06-28 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126339 title ISC BIND Race Condition Vulnerability (CVE-2019-6471) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2502-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 129526 published 2019-10-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129526 title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1) NASL family Fedora Local Security Checks NASL id FEDORA_2019-F72801C260.NASL description - New [minor BIND release](https://downloads.isc.org/isc/bind9/9.11.8/RELE ASE-NOTES-bind-9.11.8.html), fixing also security bug. - dnsperf update with TCP support Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126840 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126840 title Fedora 30 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-f72801c260) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2096.NASL description According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.(CVE-2019-6471) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-11-12 plugin id 130805 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130805 title EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-2096) NASL family Fedora Local Security Checks NASL id FEDORA_2019-D04F66E595.NASL description - Update to [BIND 9.11.10](https://downloads.isc.org/isc/bind9/9.11.10/REL EASE-NOTES-bind-9.11.10.html) - Updates [dnsperf](https://github.com/DNS-OARC/dnsperf/blob/v2.3. 2/CHANGES) ---- - New [minor BIND release](https://downloads.isc.org/isc/bind9/9.11.8/RELE ASE-NOTES-bind-9.11.8.html), fixing also security bug. - dnsperf update with TCP support ---- Fixes occasional releases of obtained IP address. Detects jumps in time backward and refreshes address lease if time went back. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128793 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128793 title Fedora 29 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-d04f66e595) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2020-2_0-0199_BINDUTILS.NASL description An update of the bindutils package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 132987 published 2020-01-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132987 title Photon OS 2.0: Bindutils PHSA-2020-2.0-0199 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1714.NASL description From Red Hat Security Advisory 2019:1714 : An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127597 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127597 title Oracle Linux 8 : bind (ELSA-2019-1714) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1047.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A race condition leading to denial of service was found in the way bind handled certain malformed packets. A remote attacker who could cause the bind resolver to perform queries on a server, which responds deliberately with malformed answers, could cause named to exit.(CVE-2019-6471) - A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.(CVE-2018-5744) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132801 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132801 title EulerOS Virtualization for ARM 64 3.0.5.0 : bind (EulerOS-SA-2020-1047)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|