ISC BIND Race Condition Vulnerability (CVE-2019-6471)
Medium Nessus Plugin ID 126339
SynopsisThe remote name server is affected by a race condition vulnerability.
DescriptionAccording to its self-reported version, the instance of ISC BIND 9 running on the remote name server is between 9.11.0 and 9.11.7, 9.11.3-S1 and 9.11.7-S1, 9.12.0 and 9.12.4-P1, 9.13.x, 9.14.0 and 9.14.3, or 9.15 It is, therefore, affected by a race condition vulnerability, which may cause BIND to exit with an assertion failure when discarding malformed packets.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to ISC BIND version 9.11.8 / 9.11.8-S1 / 9.12.4-P2 / 9.14.3 / 9.15.1 or later.