CVE-2019-6470
dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.
Se había presentado en una de las bibliotecas ISC BIND un error en una función que fue usada por dhcpd cuando operaba en modo DHCPv6. También hubo un error en dhcpd relacionado con el uso de esta función según su documentación, pero el error en la función library impide que esto causara algún daño. Todas las versiones de dhcpd de ISC contienen copias de esta y otras bibliotecas BIND en combinaciones que han sido probadas antes de su lanzamiento y se sabe que no presentan problemas como este. Algunos empaquetadores de terceros del software ISC de terceros han modificado la fuente dhcpd, la fuente BIND o la comparación de versiones de manera que crean el potencial bloqueo. Según los reportes disponibles para ISC, la probabilidad de bloqueo es grande y no ha sido realizado ningún análisis sobre cómo, o inclusive si, la probabilidad puede ser manipulada por parte un atacante. Afecta: Compilaciones de versiones de dhcpd anteriores a la versión 4.4.1 cuando se usan las versiones BIND 9.11.2 o posteriores, o versiones BIND con correcciones de bugs específicas que respaldaron. ISC no tiene acceso a listas completas de versiones para todos los reempaques de dhcpd que son vulnerables. En particular, las compilaciones de otros proveedores también pueden estar afectadas. Es recomendado que los operadores consulten la documentación de su proveedor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-16 CVE Reserved
- 2019-05-13 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:2060 | Third Party Advisory | |
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html | Mailing List | |
https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122 | 2024-09-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2019:3525 | 2019-11-06 | |
https://access.redhat.com/security/cve/CVE-2019-6470 | 2019-11-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1708641 | 2019-11-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.11.2 Search vendor "Isc" for product "Bind" and version " >= 9.11.2" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Dhcpd Search vendor "Isc" for product "Dhcpd" | < 4.4.1 Search vendor "Isc" for product "Dhcpd" and version " < 4.4.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
|