CVE-2019-6470 : What You Need to Know
Discover the impact of CVE-2019-6470, a bug in ISC BIND library affecting dhcpd in DHCPv6 mode, leading to crashes with mismatched BIND libraries. Learn about the vulnerability and mitigation steps.
A bug in the ISC BIND library affected the dhcpd functionality in DHCPv6 mode, leading to crashes when used with mismatched BIND libraries.
Understanding CVE-2019-6470
This CVE involves a use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries, causing frequent crashes.
What is CVE-2019-6470?
- A bug in the ISC BIND library impacted dhcpd in DHCPv6 mode, potentially leading to crashes.
- Third-party modifications to dhcpd source or BIND libraries could increase the crash probability.
The Impact of CVE-2019-6470
- CVSS Base Score: 6.5 (Medium Severity)
- Attack Vector: Adjacent Network
- Availability Impact: High
- No Confidentiality or Integrity Impact
- No Privileges Required
- Scope: Unchanged
- User Interaction: None
Technical Details of CVE-2019-6470
Vulnerability Description
- Use-after-free error in DHCPv6 processing with newer BIND libraries
- Crashes may occur due to the bug in the ISC BIND library
Affected Systems and Versions
- Product: dhcpd
- Vendor: Multiple, non-ISC
- Versions: Builds not wholly from ISC source < 4.4.1
Exploitation Mechanism
- Mismatched BIND libraries used with dhcpd in DHCPv6 mode
- Third-party modifications to dhcpd source or BIND libraries
Mitigation and Prevention
Immediate Steps to Take
- Update dhcpd to version 4.4.1 or later
- Ensure BIND versions are compatible with dhcpd
- Monitor vendor advisories for patches
Long-Term Security Practices
- Regularly update software components
- Perform security assessments on third-party software modifications
Patching and Updates
- Apply patches provided by vendors promptly