An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c

CVE-2019-6467

5.9MEDIUM

Key Information

Vendor: Isc
Status: Bind 9
Vendor: CVE Published:; 24 April 2019

Badges

👾 Exploit Exists🔴 Public PoC

Summary

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

Affected Version(s)

BIND 9 = BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-6467
Created by knqyf263

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Sep 18, 2024
Risk change from: 7.5 to: 5.9 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Apr 24, 2019
Vulnerability Reserved.
Jan 16, 2019

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

ISC would like to thank Quad9 for reporting this issue.