Description:

Multiple vulnerabilities were found in nxdomain-redirect feature and simultaneous TCP connections limit of the ISC BIND software. A remote attacker could send specially crafted queries to trigger an assertion failure or exhaust the pool of file descriptors. 

Affected Systems:

• BIND 9.9.0 to 9.10.8-P1
• BIND 9.9.3-S1 to 9.11.5-S3
• BIND 9.11.5-S5
• BIND 9.11.0 to 9.11.6
• BIND 9.12.0 to 9.12.4
• BIND 9.13.x
• BIND 9.14.0

Impact:

Successful exploitation could lead to a denial of service condition on an affected system.

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems

• BIND 9.11.6-P1
• BIND 9.12.4-P1
• BIND 9.14.1
• BIND 9.11.5-S6
• BIND 9.11.6-S1

http://www.isc.org/downloads/

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://kb.isc.org/docs/cve-2018-5743
https://kb.isc.org/docs/cve-2019-6467
https://kb.isc.org/docs/cve-2019-6468
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6468