Vulnerabilities > CVE-2019-6471 - Reachable Assertion vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
f5
isc
CWE-617
nessus

Summary

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

Vulnerable Configurations

Part Description Count
Application
F5
678
Application
Isc
125

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2550-1.NASL
    descriptionThis update for bind fixes the following issues : Security issue fixed : CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed: bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id129673
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129673
    titleSUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:2550-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2265.NASL
    descriptionThis update for bind fixes the following issues : Security issue fixed : - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed : - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129668
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129668
    titleopenSUSE Security Update : bind (openSUSE-2019-2265)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2263.NASL
    descriptionThis update for bind fixes the following issues : Security issue fixed : - CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) Non-security issue fixed : - bind will no longer rely on /etc/insserv.conf (bsc#1118367, bsc#1118368) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id129666
    published2019-10-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129666
    titleopenSUSE Security Update : bind (openSUSE-2019-2263)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL10092301.NASL
    descriptionA race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1. (CVE-2019-6471) Impact A remote attacker, who could cause the BIND resolver to perform queries on a server, which responds deliberately with malformed answers, can cause named to exit and result in a denial-of-service (DoS) condition.
    last seen2020-03-17
    modified2019-08-12
    plugin id127495
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127495
    titleF5 Networks BIG-IP : BIND vulnerability (K10092301)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4026-1.NASL
    descriptionIt was discovered that Bind incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126097
    published2019-06-21
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126097
    titleUbuntu 18.04 LTS / 18.10 / 19.04 : bind9 vulnerability (USN-4026-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-171-01.NASL
    descriptionNew bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a denial-of-service security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id126092
    published2019-06-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126092
    titleSlackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2019-171-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1714.NASL
    descriptionAn update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126611
    published2019-07-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126611
    titleRHEL 8 : bind (RHSA-2019:1714)
  • NASL familyDNS
    NASL idBIND9_CVE-2019-6471.NASL
    descriptionAccording to its self-reported version, the instance of ISC BIND 9 running on the remote name server is between 9.11.0 and 9.11.7, 9.11.3-S1 and 9.11.7-S1, 9.12.0 and 9.12.4-P1, 9.13.x, 9.14.0 and 9.14.3, or 9.15 It is, therefore, affected by a race condition vulnerability, which may cause BIND to exit with an assertion failure when discarding malformed packets. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id126339
    published2019-06-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126339
    titleISC BIND Race Condition Vulnerability (CVE-2019-6471)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2502-1.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id129526
    published2019-10-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129526
    titleSUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-F72801C260.NASL
    description - New [minor BIND release](https://downloads.isc.org/isc/bind9/9.11.8/RELE ASE-NOTES-bind-9.11.8.html), fixing also security bug. - dnsperf update with TCP support Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126840
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126840
    titleFedora 30 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-f72801c260)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2096.NASL
    descriptionAccording to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.(CVE-2019-6471) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-12
    plugin id130805
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130805
    titleEulerOS 2.0 SP8 : bind (EulerOS-SA-2019-2096)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D04F66E595.NASL
    description - Update to [BIND 9.11.10](https://downloads.isc.org/isc/bind9/9.11.10/REL EASE-NOTES-bind-9.11.10.html) - Updates [dnsperf](https://github.com/DNS-OARC/dnsperf/blob/v2.3. 2/CHANGES) ---- - New [minor BIND release](https://downloads.isc.org/isc/bind9/9.11.8/RELE ASE-NOTES-bind-9.11.8.html), fixing also security bug. - dnsperf update with TCP support ---- Fixes occasional releases of obtained IP address. Detects jumps in time backward and refreshes address lease if time went back. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128793
    published2019-09-16
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128793
    titleFedora 29 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-d04f66e595)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0199_BINDUTILS.NASL
    descriptionAn update of the bindutils package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id132987
    published2020-01-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132987
    titlePhoton OS 2.0: Bindutils PHSA-2020-2.0-0199
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1714.NASL
    descriptionFrom Red Hat Security Advisory 2019:1714 : An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127597
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127597
    titleOracle Linux 8 : bind (ELSA-2019-1714)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1047.NASL
    descriptionAccording to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A race condition leading to denial of service was found in the way bind handled certain malformed packets. A remote attacker who could cause the bind resolver to perform queries on a server, which responds deliberately with malformed answers, could cause named to exit.(CVE-2019-6471) - A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.(CVE-2018-5744) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132801
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132801
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : bind (EulerOS-SA-2020-1047)

Redhat

advisories
bugzilla
id1721780
titleCVE-2019-6471 bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentbind-export-devel is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714001
        • commentbind-export-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20191145006
      • AND
        • commentbind-debugsource is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714003
        • commentbind-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20191145004
      • AND
        • commentpython3-bind is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714005
        • commentpython3-bind is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20191145008
      • AND
        • commentbind-license is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714007
        • commentbind-license is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767022
      • AND
        • commentbind-lite-devel is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714009
        • commentbind-lite-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767016
      • AND
        • commentbind-libs is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714011
        • commentbind-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20170651010
      • AND
        • commentbind-chroot is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714013
        • commentbind-chroot is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20170651008
      • AND
        • commentbind-utils is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714015
        • commentbind-utils is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20170651012
      • AND
        • commentbind-libs-lite is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714017
        • commentbind-libs-lite is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767024
      • AND
        • commentbind-pkcs11-devel is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714019
        • commentbind-pkcs11-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767004
      • AND
        • commentbind-pkcs11-utils is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714021
        • commentbind-pkcs11-utils is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767014
      • AND
        • commentbind is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714023
        • commentbind is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20170651006
      • AND
        • commentbind-devel is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714025
        • commentbind-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20170651004
      • AND
        • commentbind-pkcs11-libs is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714027
        • commentbind-pkcs11-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767006
      • AND
        • commentbind-pkcs11 is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714029
        • commentbind-pkcs11 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767020
      • AND
        • commentbind-sdb-chroot is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714031
        • commentbind-sdb-chroot is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20171767018
      • AND
        • commentbind-sdb is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714033
        • commentbind-sdb is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20170651002
      • AND
        • commentbind-export-libs is earlier than 32:9.11.4-17.P2.el8_0.1
          ovaloval:com.redhat.rhsa:tst:20191714035
        • commentbind-export-libs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20191145002
rhsa
idRHSA-2019:1714
released2019-07-10
severityImportant
titleRHSA-2019:1714: bind security update (Important)
rpms
  • bind-32:9.11.4-17.P2.el8_0.1
  • bind-chroot-32:9.11.4-17.P2.el8_0.1
  • bind-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-debugsource-32:9.11.4-17.P2.el8_0.1
  • bind-devel-32:9.11.4-17.P2.el8_0.1
  • bind-export-devel-32:9.11.4-17.P2.el8_0.1
  • bind-export-libs-32:9.11.4-17.P2.el8_0.1
  • bind-export-libs-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-libs-32:9.11.4-17.P2.el8_0.1
  • bind-libs-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-libs-lite-32:9.11.4-17.P2.el8_0.1
  • bind-libs-lite-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-license-32:9.11.4-17.P2.el8_0.1
  • bind-lite-devel-32:9.11.4-17.P2.el8_0.1
  • bind-pkcs11-32:9.11.4-17.P2.el8_0.1
  • bind-pkcs11-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-pkcs11-devel-32:9.11.4-17.P2.el8_0.1
  • bind-pkcs11-libs-32:9.11.4-17.P2.el8_0.1
  • bind-pkcs11-libs-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-pkcs11-utils-32:9.11.4-17.P2.el8_0.1
  • bind-pkcs11-utils-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-sdb-32:9.11.4-17.P2.el8_0.1
  • bind-sdb-chroot-32:9.11.4-17.P2.el8_0.1
  • bind-sdb-debuginfo-32:9.11.4-17.P2.el8_0.1
  • bind-utils-32:9.11.4-17.P2.el8_0.1
  • bind-utils-debuginfo-32:9.11.4-17.P2.el8_0.1
  • python3-bind-32:9.11.4-17.P2.el8_0.1