Published: 09/10/2019 Updated: 18/12/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 447
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

A vulnerability in ISC BIND could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to an error in the nxdomain-redirect feature of the affected software. An attacker could exploit this vulnerability by sending a recursive query request to the targeted system. A successful exploit could cause BIND to exit and halt service to other clients, resulting in a DoS condition. ISC.org has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
IscBind9.12.0, 9.12.1, 9.12.2, 9.12.3, 9.12.4, 9.13.0, 9.13.1, 9.13.2, 9.13.3, 9.13.4, 9.13.5, 9.13.6, 9.13.7, 9.14.0

Vendor Advisories

Impact: Moderate Public Date: 2019-04-24 Bugzilla: 1702545: CVE-2019-6467 bind: flaw in nxredirect can c ...

Mailing Lists

Today ISC disclosed two vulnerabilities affecting BIND as well as a third vulnerability which affects *only* BIND Supported Preview Edition (a special feature-preview version of BIND provided to ISC support customers) Information about the vulnerabilities can be found in the ISC Knowledge Base: CVE-2018-5743: Limiting simultaneous TCP clients ...

Github Repositories

CVE-2019-6467 BIND nxdomain-redirect For educational purposes only Run $ docker run --rm --name cve-2019-6467 -it -p 53:53/udp knqyf263/cve-2019-6467 Exploit Normal query $ dig @127001 nxdomainexamplecom nxdomain can be replaced by anything that means non-existent domain name (eg foobarexamplecom) Reference ftpiscorg/isc/bind/9124-P1/RELEASE-NOTES-bind

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile C C# C++ CSS CoffeeScript Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx Objective-C Objective-C++ Others PHP PLpgSQL Pascal Perl PostScri