Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
ISC BIND DoS Vulnerability - CVE-2019-6477 (Windows)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
ISC BIND is prone to a denial of service vulnerability as TCP-pipelined queries can bypass tcp-clients limit.
Insight
Insight
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a large number of DNS requests over a single connection. Each outstanding query will be handled internally as an independent client request, thus bypassing the new TCP clients limit.
Affected Software
Affected Software
BIND 9.11.6-P1 - 9.11.12, 9.12.4-P1 - 9.12.4-P2, 9.14.1 - 9.14.7 and 9.11.5-S6 - 9.11.12-S1. Also affects all releases in the 9.15 development branch.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 9.11.13, 9.14.8, 9.15.6, 9.11.13-S1 or later.