Bugzilla – Bug 1133187
VUL-0: CVE-2019-6468: bind: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used.
Last modified: 2019-04-25 09:45:44 UTC
CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used
Updated on 24 Apr 2019
2 minutes to read
[Michael McNally ]
Document version: 2.0
Posting date: 24 April 2019
Program impacted: BIND
Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.
In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure.
If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.
CVSS Score: 5.9
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
For more information on the Common Vulnerability Scoring System and to obtain your specific environmental score please visit: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.
Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration.
Upgrade to the patched release most closely related to your current version of BIND:
BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.
Document revision history:
1.0 Early Notification, 15 April 2019
1.1 Added reference to BIND 9.11.6-S1 in Solution section
2.0 Public Disclosure, 24 April 2019
we are not affected as we are not shipping this versions