Bug 1133187 - (CVE-2019-6468) VUL-0: CVE-2019-6468: bind: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used.
(CVE-2019-6468)
VUL-0: CVE-2019-6468: bind: BIND Supported Preview Edition can exit with an a...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Navin Kukreja
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-24 05:18 UTC by Marcus Meissner
Modified: 2019-04-25 09:45 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2019-04-25 05:54:50 UTC
https://kb.isc.org/docs/cve-2019-6468


CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used

    Updated on 24 Apr 2019
    2 minutes to read
    Contributors
    [Michael McNally ]

    Print
    Share
    Dark

CVE: CVE-2019-6468

Document version: 2.0

Posting date: 24 April 2019

Program impacted: BIND

Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

Severity: Medium

Exploitable: Remotely

Description:

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure.

Impact:

If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.

CVSS Score: 5.9

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Workarounds:

Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration.

Active exploits:

None known.

Solution:

Upgrade to the patched release most closely related to your current version of BIND:

BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.

    BIND 9.11.5-S6
    BIND 9.11.6-S1

Document revision history:

1.0 Early Notification, 15 April 2019
1.1 Added reference to BIND 9.11.6-S1 in Solution section
2.0 Public Disclosure, 24 April 2019
Comment 2 Marcus Meissner 2019-04-25 05:55:19 UTC
we are not affected as we are not shipping this versions