CVE-2019-6468

Summary

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

Affected Software

VendorProductVersion RangeStatus
ISCBIND 9 Supported Preview EditionBIND 9 9.10.5-S1 -> 9.11.5-S5affected

Weaknesses

  • If nxdomain-redirect is enabled (via configuration) in a vulnerable BIND release, a malicious party can cause BIND to exit by deliberately triggering the bug.

Workarounds

Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration.

ADP Enrichment

CVE Program Container

Additional References

References