CVE-2019-6476

Summary

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

Affected Software

VendorProductVersion RangeStatus
ISCBIND 99.14.0 up to 9.14.6affected
ISCBIND 99.15.0 up to 9.15.4affected

Weaknesses

  • An attacker who manages to deliberately trigger this condition on a server which is performing recursion can cause named to exit, denying service to clients.

Workarounds

ervers which have QNAME minimization turned on are potentially vulnerable to this defect if they are running an affected version of BIND. The vulnerability can be avoided by disabling QNAME minimization using "qname-minimization disabled;" in the global options section of named.conf (Note: the default value for the qname-minimization setting in the 9.14 and 9.15 branches is "relaxed". To make use of this workaround it must be explicitly disabled.)

ADP Enrichment

CVE Program Container

Additional References

References