KB Article | Forcepoint Support

Notes & Warnings

Important Sidewinder Firewall will reach end of life on March 15, 2023. For more details, see the Product Support Lifecycle. For additional information on migration path to Forcepoint Next Generation Firewall, contact your local Forcepoint sales representative.

Problem Description

KBA Severity
CVE-2019-6477 – Medium

CVE Numbers

KBA Summary
BIND vulnerability.

Affected Products
Forcepoint Sidewinder

KBA Detailed Information
The following description is from the Internet Systems Consortium (ISC).

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a large number of DNS requests over a single connection. Each outstanding query will be handled internally as an independent client request, thus bypassing the new TCP clients limit.

CVE References


Hotfix and Information About Other Fixes

The following patches are available to resolve these vulnerabilities:
 Sidewinder 8.3.2
CVE-2019-64777.0.1.03E1348.3.2E190* or 8.3.2P12
*indicates patch is obsoleted by a newer patch

Sidewinder download information
User name:     atl-963845ro
User password: 34bT4hF3AFJn
Server name:   csftp.us.stonesoft.com

Keywords: sidewinder; bind vulnerability; cve-2019-6477; patch

Article Feedback

Thank you for the feedback and comments.