Security Alert (A19-10-06): Multiple Vulnerabilities in ISC BIND


 

Published on: 18 October 2019

Share on Facebook    Share on X   

Description:

Multiple vulnerabilities were found in ISC BIND software.  A remote attacker may bypass the validity checks to replace data in the mirror zone or send specially crafted queries to cause BIND to exit.

 

Affected Systems:

  • BIND 9.14.0 to 9.14.6
  • BIND 9.15.0 to 9.15.4

 

Impact:

Successful exploitation could lead to spoofing, security restriction bypass or denial of service on an affected system.

 

Recommendation:

Internet Systems Consortium (ISC) has released the following patches to solve the problems:

  • BIND 9.14.7
  • BIND 9.15.5
    https://www.isc.org/download/

Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://kb.isc.org/docs/cve-2019-6475
https://kb.isc.org/docs/cve-2019-6476
https://www.hkcert.org/my_url/en/alert/19101801
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6476

 



Tag: BIND , ISC
Tags