Bug 1721780 (CVE-2019-6471)
Summary: | CVE-2019-6471 bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | unspecified | CC: | anon.amish, mruprich, msehnout, pemensik, pzhukov, security-response-team, thozza, vonsch, zdohnal | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | bind 9.11.8, bind 9.12.4-P2, bind 9.14.3, bind 9.15.1 | Doc Type: | If docs needed, set a value | ||||||
Doc Text: |
A race condition leading to denial of service was found in the way bind handled certain malformed packets. A remote attacker who could cause the bind resolver to perform queries on a server, which responds deliberately with malformed answers, could cause named to exit.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2019-07-12 13:07:52 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1721785, 1721786, 1721787, 1722335 | ||||||||
Bug Blocks: | 1721782 | ||||||||
Attachments: |
|
Description
Huzaifa S. Sidhpurwala
2019-06-19 04:14:45 UTC
Acknowledgments: Name: ISC Created attachment 1582061 [details]
bind patch for 9.11.8
Created attachment 1582062 [details]
bind-9.12.4-p2 patch
Statement: This bind flaw can be exploited by a remote attacker (AV:N). However the attack works only if the attacker could cause the bind server to perform queries on another DNS server and the other DNS server deliberately responds with malformed answers (AC:H). No other special privileges are required by the attacker (PR:L). No user interaction is required from the server side (UI:N). The attacker can cause denial of service (A:H) by causing the named process to exit with an assertion flaw. There is no affect on the Confidentiality or Integrity of the system (C:N/I:N). External References: https://kb.isc.org/docs/cve-2019-6471 Created bind tracking bugs for this issue: Affects: fedora-all [bug 1722335] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:1714 https://access.redhat.com/errata/RHSA-2019:1714 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-6471 Release notes mentioning CVE-2019-6471 fix: Stable release branches: 9.11.10: https://downloads.isc.org/isc/bind9/9.11.10/RELEASE-NOTES-bind-9.11.10.html 9.14.5: https://downloads.isc.org/isc/bind9/9.14.5/RELEASE-NOTES-bind-9.14.5.html Experimental development branch 9.15.3: https://downloads.isc.org/isc/bind9/9.15.3/RELEASE-NOTES-bind-9.15.3.html |