Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

ISC BIND DoS Vulnerability - CVE-2019-6477 (Windows)

Information

Severity

Severity

High

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

3 years ago

Modified

Modified

3 years ago

Summary

ISC BIND is prone to a denial of service vulnerability as TCP-pipelined queries can bypass tcp-clients limit.

Insight

Insight

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a large number of DNS requests over a single connection. Each outstanding query will be handled internally as an independent client request, thus bypassing the new TCP clients limit.

Affected Software

Affected Software

BIND 9.11.6-P1 - 9.11.12, 9.12.4-P1 - 9.12.4-P2, 9.14.1 - 9.14.7 and 9.11.5-S6 - 9.11.12-S1. Also affects all releases in the 9.15 development branch.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 9.11.13, 9.14.8, 9.15.6, 9.11.13-S1 or later.

Common Vulnerabilities and Exposures (CVE)