Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468)

Related Vulnerabilities: CVE-2018-5743   CVE-2019-6467   CVE-2019-6468  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468)

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Peter Korsgaard &lt;peter () korsgaard com&gt;

Date: Thu, 25 Apr 2019 12:13:37 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
"Michael" == Michael McNally &lt;mcnally () isc org&gt; writes:

Today ISC disclosed two vulnerabilities affecting BIND as well
as a third vulnerability which affects *only* BIND Supported Preview
Edition (a special feature-preview version of BIND provided to
ISC support customers.)

Information about the vulnerabilities can be found in the ISC Knowledge
Base:

   CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
   https://kb.isc.org/docs/cve-2018-5743

   CVE-2019-6467: An error in the nxdomain redirect feature can cause
   BIND to exit with an INSIST assertion failure in query.c
   https://kb.isc.org/docs/cve-2019-6467

   CVE-2019-6468: BIND Supported Preview Edition can exit with an
   assertion failure if nxdomain-redirect is used
   https://kb.isc.org/docs/cve-2019-6468

New releases of BIND have been issued to fix the vulnerabilities above.
They may be downloaded from the ISC website:  https://www.isc.org/downloads

   -  9.11.6-P1
   -  9.12.4-P1
   -  9.14.1

It is a bit unfortunate that these security fixes now use
isc_atomic_xadd() which are not available on all architectures:

.libs/client.o: In function `mark_tcp_active':
client.c:(.text+0xc7c): undefined reference to `isc_atomic_xadd'
client.c:(.text+0xca0): undefined reference to `isc_atomic_xadd'
.libs/client.o: In function `client_accept':
client.c:(.text+0x2210): undefined reference to `isc_atomic_xadd'
client.c:(.text+0x230c): undefined reference to `isc_atomic_xadd'
.libs/client.o: In function `exit_check':
client.c:(.text+0x2958): undefined reference to `isc_atomic_xadd'
.libs/client.o:client.c:(.text+0x5cb4): more undefined references to `isc_atomic_xadd' follow
collect2: error: ld returned 1 exit status

:/

-- 
Bye, Peter Korsgaard

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Michael McNally (Apr 24)

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 25)

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)

Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) Peter Korsgaard (Apr 27)
Re: Multiple BIND vulnerabilities disclosed (CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468) andreas (Apr 27)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started