CVE-2019-6469
5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ISC | BIND 9 Supported Preview Edition | BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition. | affected |
Weaknesses
- An attacker who is able to cause a server to perform a query whose answer will be accompanied by malformed RRSIGs can deliberately cause a server to exit if it is using the recursive ECS feature.
Workarounds
Only servers which have enabled the EDNS Client Subnet (ECS) feature can be affected by this defect; it can be prevented by disabling ECS options in the server's configuration.
ADP Enrichment
CVE Program Container
Additional References
- https://kb.isc.org/docs/cve-2019-6469
- https://support.f5.com/csp/article/K39751401?utm_source=f5support&%3Butm_medium=RSS
References
- https://kb.isc.org/docs/cve-2019-6469
- https://support.f5.com/csp/article/K39751401?utm_source=f5support&%3Butm_medium=RSS
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.