ISC Releases BIND Security Updates – 25th Apr 2019 (CVE-2019-6467,CVE-2019-6468 & CVE-2018-5743)

Preface: Operating system · Linux, NetBSD, FreeBSD, OpenBSD, macOS, Windows · Type · DNS server · License · Mozilla Public License (ISC license before 9.11). Website, www.isc.org/downloads/bind. BIND is the most widely used Domain Name System (DNS).

Alert: A design limitation of BIND let remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. Official details shown as below:

CVE-2019-6467: https://kb.isc.org/docs/cve-2019-6467
CVE-2019-6468: https://kb.isc.org/docs/cve-2019-6468
CVE-2018-5743: https://kb.isc.org/docs/cve-2018-5743

Technical highlight: CVE-2018-5743 flaw impact the limiting simultaneous TCP clients is ineffective. It potentially lead to exhaustion of all available free file descriptors on that system. That is, when you open a file, the operating system creates an entry to represent that file and store the information about that opened file. So if there are 50 files opened in your OS then there will be 50 entries in OS (somewhere in kernel). So it may potential trigger additional unknown vulnerability.

One thought on “ISC Releases BIND Security Updates – 25th Apr 2019 (CVE-2019-6467,CVE-2019-6468 & CVE-2018-5743)”

  1. Good blog! I truly love how it is easy on my eyes and the data are well written. I’m wondering how I might be notified whenever a new post has been made. I have subscribed to your feed which must do the trick! Have a great day!

Comments are closed.