KB Article | Forcepoint Support

Problem Description

KBA Severity
CVE-2019-6477 – Medium

CVE Numbers
CVE-2019-6477

KBA Summary
BIND vulnerability.

Affected Products
Forcepoint Sidewinder

KBA Detailed Information
The following description is from the Internet Systems Consortium (ISC).

CVE-2019-6477
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a large number of DNS requests over a single connection. Each outstanding query will be handled internally as an independent client request, thus bypassing the new TCP clients limit.

CVE References

Resolution

Hotfix and Information About Other Fixes

The following patches are available to resolve these vulnerabilities:
 
 Sidewinder 7.0.1.03Sidewinder 8.3.2
CVE-2019-64777.0.1.03E1348.3.2E190


Sidewinder download information

E-patches
User name:     atl-963845ro
User password: 34bT4hF3AFJn
Server name:   csftp.us.stonesoft.com
https://csftp.us.stonesoft.com
https://csftp.us.stonesoft.com/file/access.pl?username=atl-963845ro&password=34bT4hF3AFJn
ftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload
sftp://atl-963845ro:34bT4hF3AFJn@csftp.us.stonesoft.com/upload

Article Feedback



Thank you for the feedback and comments.