cnvd - cnvd-2019-16412

cnvd-2019-16412

Vulnerability from cnvd

Title: Ubuntu拒绝服务漏洞

Description:

Ubuntu是英国科能（Canonical）公司和Ubuntu公司的一套以桌面应用为主的GNU/Linux操作系统。

Ubuntu 18.10版本和18.04 LTS版本中存在安全漏洞。远程攻击者可利用该漏洞造成DHCP崩溃，导致拒绝服务。

Severity: 中

Patch Name: Ubuntu拒绝服务漏洞的补丁

Patch Description:

Ubuntu是英国科能（Canonical）公司和Ubuntu公司的一套以桌面应用为主的GNU/Linux操作系统。

Ubuntu 18.10版本和18.04 LTS版本中存在安全漏洞。远程攻击者可利用该漏洞造成DHCP崩溃，导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://gitlab.isc.org/wpk/bind9/commit/65a483106e45704e19781bfe4f4634db4f77562e

Reference: https://gitlab.isc.org/wpk/bind9/commit/65a483106e45704e19781bfe4f4634db4f77562e

Impacted products

Name
['Canonical Ltd. Ubuntu 18.10', 'Canonical Ltd. Ubuntu 18.04 LTS']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6470"
    }
  },
  "description": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u516c\u53f8\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nUbuntu 18.10\u7248\u672c\u548c18.04 LTS\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210DHCP\u5d29\u6e83\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://gitlab.isc.org/wpk/bind9/commit/65a483106e45704e19781bfe4f4634db4f77562e",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-16412",
  "openTime": "2019-06-04",
  "patchDescription": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u516c\u53f8\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nUbuntu 18.10\u7248\u672c\u548c18.04 LTS\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210DHCP\u5d29\u6e83\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ubuntu\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Canonical Ltd. Ubuntu 18.10",
      "Canonical Ltd. Ubuntu 18.04 LTS"
    ]
  },
  "referenceLink": "https://gitlab.isc.org/wpk/bind9/commit/65a483106e45704e19781bfe4f4634db4f77562e",
  "serverity": "\u4e2d",
  "submitTime": "2019-05-14",
  "title": "Ubuntu\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2019-6470 (GCVE-0-2019-6470)

Vulnerability from cvelistv5

Published

2019-11-01 22:15

Modified

2024-09-17 01:25

Severity ?

6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes

Summary

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2019:2060	x_refsource_CONFIRM
	https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html	x_refsource_CONFIRM
	https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html	x_refsource_CONFIRM
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:3525	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Multiple, non-ISC	dhcpd	Version: builds not wholly from ISC source < 4.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:23:21.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2060"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122"
          },
          {
            "name": "RHSA-2019:3525",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3525"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dhcpd",
          "vendor": "Multiple, non-ISC",
          "versions": [
            {
              "status": "affected",
              "version": "builds not wholly from ISC source \u003c 4.4.1"
            }
          ]
        }
      ],
      "datePublic": "2019-05-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-06T00:08:09",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2060"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122"
        },
        {
          "name": "RHSA-2019:3525",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3525"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries",
      "x_generator": {
        "engine": "Vulnogram 0.0.8"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2019-05-11T12:00:00.000Z",
          "ID": "CVE-2019-6470",
          "STATE": "PUBLIC",
          "TITLE": "dhcpd: use-after-free error leads crash in IPv6 mode when using mismatched BIND libraries"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dhcpd",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "builds not wholly from ISC source",
                            "version_value": "\u003c 4.4.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Multiple, non-ISC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.8"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A use-after-free error in DHCPv6 processing when interfacing with newer BIND libraries leads to frequent crashes"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://access.redhat.com/errata/RHSA-2019:2060",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/errata/RHSA-2019:2060"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html",
              "refsource": "CONFIRM",
              "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00049.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html",
              "refsource": "CONFIRM",
              "url": "https://lists.opensuse.org/opensuse-security-announce/2019-10/msg00048.html"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122",
              "refsource": "CONFIRM",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896122"
            },
            {
              "name": "RHSA-2019:3525",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3525"
            }
          ]
        },
        "source": {
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2019-6470",
    "datePublished": "2019-11-01T22:15:33.599863Z",
    "dateReserved": "2019-01-16T00:00:00",
    "dateUpdated": "2024-09-17T01:25:37.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted