Impact: Moderate Public Date: 2019-04-24 Bugzilla: 1702545: CVE-2019-6467 bind: flaw in nxredirect can cause assertion failure A flaw was found in the way "nxdomain-redirect" feature was implemented in bind. An attacker could use this flaw on a server with a vulnerable configuration to cause bind to exit, denying service to other clients.
Find out more about CVE-2019-6467 from the MITRE CVE dictionary dictionary and NIST NVD.
The most common bind configuration which is affected by this flaw is, if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.9 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | None |
| Availability Impact | High |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | bind | Not affected |
| Red Hat Enterprise Linux 6 | bind | Not affected |
| Red Hat Enterprise Linux 5 | bind97 | Not affected |
| Red Hat Enterprise Linux 5 | bind | Not affected |
Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration.
Vulmon