Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2020-03322

Опубликовано: 09 окт. 2019
Источник: fstec
CVSS3: 7.5
CVSS2: 7.8
EPSS Средний

Описание

Уязвимость функции nxdomain-redirect DNS-сервера BIND связана с использованием функции assert() или похожего оператора. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Вендор

Internet Systems Consortium

Наименование ПО

BIND

Версия ПО

от 9.12.0 до 9.12.4 включительно (BIND)
от 9.13.0 до 9.13.7 включительно (BIND)
9.14.0 (BIND)

Тип ПО

Сетевое программное средство

Операционные системы и аппаратные платформы

-

Уровень опасности уязвимости

Высокий уровень опасности (базовая оценка CVSS 2.0 составляет 7,8)
Высокий уровень опасности (базовая оценка CVSS 3.0 составляет 7,5)

Возможные меры по устранению уязвимости

Использование рекомендаций:
https://ftp.isc.org/isc/bind9/9.14.1/RELEASE-NOTES-bind-9.14.1.html

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 95%
0.17224
Средний

7.5 High

CVSS3

7.8 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2019-6467

CVSS3: 7.5
ubuntu
больше 6 лет назад

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

redhat логотип

CVE-2019-6467

CVSS3: 5.9
redhat
почти 7 лет назад

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

nvd логотип

CVE-2019-6467

CVSS3: 7.5
nvd
больше 6 лет назад

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

debian логотип

CVE-2019-6467

CVSS3: 7.5
debian
больше 6 лет назад

A programming error in the nxdomain-redirect feature can cause an asse ...

github логотип

GHSA-92q8-7pjj-mpmp

github
больше 3 лет назад

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

EPSS

Процентиль: 95%
0.17224
Средний

7.5 High

CVSS3

7.8 High

CVSS2