Table of Contents
The most common bind configuration which is affected by this flaw is, if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||5.9|
|CVSS3 Base Metrics||CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H|
Affected Packages State
|Red Hat Enterprise Linux 8||bind||Not affected|
|Red Hat Enterprise Linux 7||bind||Not affected|
|Red Hat Enterprise Linux 6||bind||Not affected|
|Red Hat Enterprise Linux 5||bind97||Not affected|
|Red Hat Enterprise Linux 5||bind||Not affected|
AcknowledgementsRed Hat would like to thank ISC for reporting this issue.
Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration.