CVE-2019-6469

BIND Supported Preview Edition can exit with an assertion failure if ECS is in use

Description

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

Remediation

Solution:

Upgrade to the patched release most closely related to your current version of BIND: BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. >= BIND 9.11.7-S1

Workaround:

Only servers which have enabled the EDNS Client Subnet (ECS) feature can be affected by this defect; it can be prevented by disabling ECS options in the server's configuration.

References

Link	Tags
https://kb.isc.org/docs/cve-2019-6469	third party advisory
https://support.f5.com/csp/article/K39751401?utm_source=f5support&%3Butm_medium=RSS

Frequently Asked Questions

What is the severity of CVE-2019-6469?: CVE-2019-6469 has been scored as a high severity vulnerability.
How to fix CVE-2019-6469?: To fix CVE-2019-6469: Upgrade to the patched release most closely related to your current version of BIND: BIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers. >= BIND 9.11.7-S1
Is CVE-2019-6469 being actively exploited in the wild?: It is possible that CVE-2019-6469 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-6469?: CVE-2019-6469 affects ISC BIND 9 Supported Preview Edition.

Description

Remediation

Category

CWE-617 – Reachable Assertion

References

Frequently Asked Questions