Vulnerability Discovered in BIND Could Allow Denial of Service

ITS Advisory Number: 
2019-069
Date(s) Issued: 
Thursday, June 20, 2019
Subject: 
Vulnerability Discovered in BIND Could Allow Denial of Service
Overview: 

A recently disclosed vulnerability in Berkeley Internet Name Domain (BIND) makes it possible for an attacker to cause a Denial of Service (DoS). BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c.

 

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

 

Systems Affected: 
  • BIND 9.11.0 -> 9.11.7
  • BIND 9.12.0 -> 9.12.4-P1
  • BIND 9.14.0 -> 9.14.2
  • BIND all releases 9.13 development branch
  • BIND all releases 9.15.0 development branch
  • BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1
RISK
GOVERNMENT
Large and medium government entities: 
Medium
Small government entities: 
Medium
BUSINESS
Large and medium business entities: 
Medium
Small business entities: 
Medium
Home Users: 
N/A
Description: 

A recently disclosed vulnerability in Berkeley Internet Name Domain (BIND) makes it possible for an attacker cause a Denial of Service (DoS). BIND is open source software that implements the Domain Name System (DNS) protocols for the Internet. An attacker who can cause a resolver to perform queries which will be answered by a server which responds with deliberately malformed answers can cause named to exit, denying service to clients.

 

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. (CVE-2019-6471)

Actions: 
  • After appropriate testing, immediately apply patches or upgrades related to your current version of BIND