CVE-2019-6477

MEDIUM

Description

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html

https://kb.isc.org/docs/cve-2019-6477

https://lists.fedoraproject.org/archives/list/[email protected]/message/L3DEMNZMKR57VQJCG5ZN55ZGTQRL2TFQ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/XGURMGQHX45KR4QDRCSUQHODUFOGNGAN/

https://support.f5.com/csp/article/K15840535?utm_source=f5support&utm_medium=RSS

https://www.debian.org/security/2020/dsa-4689

https://www.synology.com/security/advisory/Synology_SA_19_39

Details

Source: MITRE

Published: 2019-11-26

Updated: 2020-10-20

Type: CWE-400

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:isc:bind:9.11.5:s6:*:*:supported_preview:*:*:*

cpe:2.3:a:isc:bind:9.11.6:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.11.6:rc1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.11.7 to 9.11.12 (inclusive)

cpe:2.3:a:isc:bind:9.11.12:s1:*:*:supported_preview:*:*:*

cpe:2.3:a:isc:bind:9.12.4:p1:*:*:*:*:*:*

cpe:2.3:a:isc:bind:9.12.4:p2:*:*:*:*:*:*

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.14.1 to 9.14.7 (inclusive)

cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* versions from 9.15.0 to 9.15.5 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Tenable Plugins

View all (20 total)

IDNameProductFamilySeverity
144003NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Multiple Vulnerabilities (NS-SA-2020-0095)NessusNewStart CGSL Local Security Checks
medium
143897NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Multiple Vulnerabilities (NS-SA-2020-0063)NessusNewStart CGSL Local Security Checks
medium
143842SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2020:2914-1)NessusSuSE Local Security Checks
medium
141839openSUSE Security Update : bind (openSUSE-2020-1701)NessusSuSE Local Security Checks
medium
141560openSUSE Security Update : bind (openSUSE-2020-1699)NessusSuSE Local Security Checks
medium
138773NewStart CGSL MAIN 6.01 : bind Multiple Vulnerabilities (NS-SA-2020-0031)NessusNewStart CGSL Local Security Checks
medium
138043Amazon Linux 2 : bind (ALAS-2020-1441)NessusAmazon Linux Local Security Checks
medium
136721Debian DSA-4689-1 : bind9 - security updateNessusDebian Local Security Checks
medium
136043RHEL 8 : bind (RHSA-2020:1845)NessusRed Hat Local Security Checks
medium
135801Scientific Linux Security Update : bind on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
medium
135328CentOS 7 : bind (CESA-2020:1061)NessusCentOS Local Security Checks
medium
135142EulerOS Virtualization for ARM 64 3.0.6.0 : bind (EulerOS-SA-2020-1355)NessusHuawei Local Security Checks
medium
135069RHEL 7 : bind (RHSA-2020:1061)NessusRed Hat Local Security Checks
medium
133975EulerOS 2.0 SP8 : bind (EulerOS-SA-2020-1141)NessusHuawei Local Security Checks
medium
133625F5 Networks BIG-IP : BIND vulnerability (K15840535)NessusF5 Networks Local Security Checks
medium
132030Fedora 30 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-c703d2304a)NessusFedora Local Security Checks
medium
131735ISC BIND 9.11.0 / 9.11.x < 9.11.13 / 9.11.x < 9.11.13-S1 / 9.12.x < 9.12.5-P2 / 9.14.x < 9.14.8 / 9.15 / 9.15.x < 9.15.6 VulnerabilityNessusDNS
medium
131450Fedora 31 : 32:bind / bind-dyndb-ldap / dnsperf (2019-73a8737068)NessusFedora Local Security Checks
medium
131225Ubuntu 18.04 LTS / 19.04 / 19.10 : Bind vulnerability (USN-4197-1)NessusUbuntu Local Security Checks
medium
131178Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2019-324-01)NessusSlackware Local Security Checks
medium