ISC BIND CVE-2019-6467 Remote Denial of Service Vulnerability

ISC BIND is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause a denial-of-service condition.

ISC BIND versions prior to 9.12.4-P1, bind 9.14.1 are vulnerable.

Information

Bugtraq ID: 108071
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2019-6467

Remote: Yes
Local: No
Published: Apr 24 2019 12:00AM
Updated: Apr 24 2019 12:00AM
Credit: knqyf263
Vulnerable: ISC Bind 9.14
ISC Bind 9.13.6
ISC Bind 9.13.3
ISC Bind 9.13.2
ISC Bind 9.13
ISC Bind 9.12.3
ISC Bind 9.12.2
ISC Bind 9.12.1
ISC Bind 9.12
ISC Bind 9.12.3-P4
ISC Bind 9.12.3-P2
ISC Bind 9.12.3-P1
ISC Bind 9.12.2-P2
ISC Bind 9.12.2-P1
ISC Bind 9.12.1-P2
ISC Bind 9.12.1-P1
ISC Bind 9.12.0rc2
ISC Bind 9.12.0rc1
ISC Bind 9.12.0a1

Not Vulnerable: ISC Bind 9.14.1
ISC Bind 9.12.4 P1

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

• ISC BIND Homepage (ISC)
  
• Bug 1702545 (CVE-2019-6467) - CVE-2019-6467 bind: flaw in nxredirect can cause (Red Hat Bugzilla)
  
• CVE-2019-6467 (Red Hat)
  
• CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit ()
  
• knqyf263/CVE-2019-6467 (Github)
  

Source: www.securityfocus.com