Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-302
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.x ant\u00e9rieures \u00e0 9.11.19",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x et 9.14.x ant\u00e9rieures \u00e0 9.14.12",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.16.x ant\u00e9rieures \u00e0 9.16.3",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
}
],
"initial_release_date": "2020-05-19T00:00:00",
"last_revision_date": "2020-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-302",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Bind. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2020-8617 du 19 mai 2020",
"url": "https://kb.isc.org/docs/cve-2020-8617"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2020-8616 du 19 mai 2020",
"url": "https://kb.isc.org/docs/cve-2020-8616"
}
]
}
CVE-2020-8617 (GCVE-0-2020-8617)
Vulnerability from cvelistv5
Published
2020-05-19 14:05
Modified
2024-09-16 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An error in BIND code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in denial of service to clients. BIND 9.0.0 -> 9.11.18, 9.12.0 -> 9.12.4-P2, 9.14.0 -> 9.14.11, 9.16.0 -> 9.16.2, and releases 9.17.0 -> 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -> 9.11.18-S1.
Summary
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND9 |
Version: 9.0.0 -> 9.11.18, 9.12.0 -> 9.12.4-P2, 9.14.0 -> 9.14.11, 9.16.0 -> 9.16.2, and releases 9.17.0 -> 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -> 9.11.18-S1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.366Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2020-8617"
},
{
"name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"name": "DSA-4689",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html"
},
{
"name": "USN-4365-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"name": "USN-4365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"name": "FEDORA-2020-2d89cbcfd9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
},
{
"name": "FEDORA-2020-f9dcd4e9d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
},
{
"name": "openSUSE-SU-2020:1699",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1"
}
]
}
],
"datePublic": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An error in BIND code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in denial of service to clients. BIND 9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T11:06:39",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2020-8617"
},
{
"name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"name": "DSA-4689",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html"
},
{
"name": "USN-4365-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"name": "USN-4365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"name": "FEDORA-2020-2d89cbcfd9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
},
{
"name": "FEDORA-2020-f9dcd4e9d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
},
{
"name": "openSUSE-SU-2020:1699",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.19\n BIND 9.14.12\n BIND 9.16.3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.19-S1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c",
"workarounds": [
{
"lang": "en",
"value": "None known."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2020-05-19T08:59:49.000Z",
"ID": "CVE-2020-8617",
"STATE": "PUBLIC",
"TITLE": "A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND9",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An error in BIND code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in denial of service to clients. BIND 9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2020-8617",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2020-8617"
},
{
"name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"name": "DSA-4689",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200522-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"name": "http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html"
},
{
"name": "USN-4365-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"name": "USN-4365-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"name": "FEDORA-2020-2d89cbcfd9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
},
{
"name": "FEDORA-2020-f9dcd4e9d5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
},
{
"name": "openSUSE-SU-2020:1699",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.19\n BIND 9.14.12\n BIND 9.16.3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.19-S1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "None known."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2020-8617",
"datePublished": "2020-05-19T14:05:16.241486Z",
"dateReserved": "2020-02-05T00:00:00",
"dateUpdated": "2024-09-16T20:26:32.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8616 (GCVE-0-2020-8616)
Vulnerability from cvelistv5
Published
2020-05-19 14:05
Modified
2024-09-16 23:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. BIND 9.0.0 -> 9.11.18, 9.12.0 -> 9.12.4-P2, 9.14.0 -> 9.14.11, 9.16.0 -> 9.16.2, and releases 9.17.0 -> 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -> 9.11.18-S1.
Summary
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND9 |
Version: 9.0.0 -> 9.11.18, 9.12.0 -> 9.12.4-P2, 9.14.0 -> 9.14.11, 9.16.0 -> 9.16.2, and releases 9.17.0 -> 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -> 9.11.18-S1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2020-8616"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nxnsattack.com"
},
{
"name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"name": "DSA-4689",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"name": "USN-4365-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
},
{
"name": "USN-4365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"name": "FEDORA-2020-2d89cbcfd9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
},
{
"name": "FEDORA-2020-f9dcd4e9d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
},
{
"name": "openSUSE-SU-2020:1699",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Lior Shafir and Yehuda Afek of Tel Aviv University and Anat Bremler-Barr of Interdisciplinary Center (IDC) Herzliya for discovering and reporting this issue."
}
],
"datePublic": "2020-05-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. BIND 9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T11:06:38",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2020-8616"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nxnsattack.com"
},
{
"name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"name": "DSA-4689",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"name": "USN-4365-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
},
{
"name": "USN-4365-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"name": "FEDORA-2020-2d89cbcfd9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
},
{
"name": "FEDORA-2020-f9dcd4e9d5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
},
{
"name": "openSUSE-SU-2020:1699",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.19\n BIND 9.14.12\n BIND 9.16.3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.19-S1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIND does not sufficiently limit the number of fetches performed when processing referrals",
"workarounds": [
{
"lang": "en",
"value": "None"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "NSNSAttack",
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2020-05-19T08:59:44.000Z",
"ID": "CVE-2020-8616",
"STATE": "PUBLIC",
"TITLE": "BIND does not sufficiently limit the number of fetches performed when processing referrals"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND9",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Lior Shafir and Yehuda Afek of Tel Aviv University and Anat Bremler-Barr of Interdisciplinary Center (IDC) Herzliya for discovering and reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. BIND 9.0.0 -\u003e 9.11.18, 9.12.0 -\u003e 9.12.4-P2, 9.14.0 -\u003e 9.14.11, 9.16.0 -\u003e 9.16.2, and releases 9.17.0 -\u003e 9.17.1 of the 9.17 experimental development branch. All releases in the obsolete 9.13 and 9.15 development branches. All releases of BIND Supported Preview Edition from 9.9.3-S1 -\u003e 9.11.18-S1."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2020-8616",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2020-8616"
},
{
"name": "http://www.nxnsattack.com",
"refsource": "MISC",
"url": "http://www.nxnsattack.com"
},
{
"name": "[oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"name": "DSA-4689",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200522-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"name": "USN-4365-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_12",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
},
{
"name": "USN-4365-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"name": "[debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"name": "FEDORA-2020-2d89cbcfd9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/"
},
{
"name": "FEDORA-2020-f9dcd4e9d5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/"
},
{
"name": "openSUSE-SU-2020:1699",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"name": "openSUSE-SU-2020:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.19\n BIND 9.14.12\n BIND 9.16.3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.19-S1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "None"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2020-8616",
"datePublished": "2020-05-19T14:05:15.798991Z",
"dateReserved": "2020-02-05T00:00:00",
"dateUpdated": "2024-09-16T23:55:28.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…