Public Date:
1702545: CVE-2019-6467 bind: flaw in nxredirect can cause assertion failure
A flaw was found in the way "nxdomain-redirect" feature was implemented in bind. An attacker could use this flaw on a server with a vulnerable configuration to cause bind to exit, denying service to other clients.

Find out more about CVE-2019-6467 from the MITRE CVE dictionary dictionary and NIST NVD.


The most common bind configuration which is affected by this flaw is, if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 5.9
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 bind Not affected
Red Hat Enterprise Linux 7 bind Not affected
Red Hat Enterprise Linux 6 bind Not affected
Red Hat Enterprise Linux 5 bind97 Not affected
Red Hat Enterprise Linux 5 bind Not affected


Red Hat would like to thank ISC for reporting this issue.


Exploitation of this defect can be effectively prevented by disabling the nxdomain-redirect feature in the nameserver's configuration.

External References

Last Modified