search

ventz / docker-bind

Docker Hub ventz/bind - Secure ISC BIND (Authoritative, Recursive, Slave, RPZ) - Docker image always latest built!
https://hub.docker.com/r/ventz/bind/
34 stars 37 forks source link

CVE-2019-6477 #30

Closed ventz closed 4 years ago

ventz commented 4 years ago

CVE-2019-6477: TCP-pipelined queries can bypass tcp-clients limit

Severity: Medium
Exploitable: Remotely
CVSS Score: 6.5
Versions affected: BIND 9.11.6-P1 -> 9.11.12, 9.12.4-P1 -> 9.12.4-P2, 9.14.1 -> 9.14.7, and versions 9.11.5-S6 -> 9.11.12-S1 of BIND 9 Supported Preview Edition. Versions 9.15.0 -> 9.15.5 of the BIND 9.15 development branch are also affected. Versions prior to BIND 9.11.0 have not been evaluated for vulnerability to CVE-2019-6477.

Work around:

# Disable server TCP pipelining:
keep-response-order { any; };

Solution upstream:

BIND 9.11.13
BIND 9.14.8
BIND 9.15.6
ventz commented 4 years ago

All set - version was already upgraded in latest docker.