Allele Security Alert
ASA-2019-00232
Identifier(s)
ASA-2019-00232, CVE-2019-6467
Title
An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
Vendor(s)
Internet Systems Consortium (ISC)
Product(s)
BIND
Affected version(s)
BIND 9.12.0 to 9.12.4
BIND 9.14.0
All releases in the 9.13 development branch
Fixed version(s)
BIND 9.12.4-P1
BIND 9.14.1
Proof of concept
Unknown
Description
A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally.
The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible.
Technical details
Unknown
Credits
Unknown
Reference(s)
CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
https://kb.isc.org/docs/cve-2019-6467
CVE-2019-6467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6467
CVE-2019-6467
https://nvd.nist.gov/vuln/detail/CVE-2019-6467
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 27, 2019