Sign-up

ID

VAR-202005-1028


CVE

CVE-2020-8616


TITLE

XACK DNS Service operation interruption in (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-000036

DESCRIPTION

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks. ISC (Internet Systems Consortium) Provides BIND There are multiple vulnerabilities in. * DNS Insufficient control of name resolution behavior - CVE-2020-8616 * tsig.c Assertion error occurs - CVE-2020-8617The expected impact depends on each vulnerability, but it may be affected as follows. 8.0) - aarch64, ppc64le, s390x, x86_64 3. 7.4) - noarch, x86_64 3. 6) - i386, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.25, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1808130 - CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2020:2344-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2344 Issue date: 2020-06-01 CVE Names: CVE-2020-8616 CVE-2020-8617 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals 1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: bind-9.11.4-16.P2.el7_8.6.src.rpm noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm x86_64: bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bind-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: bind-9.11.4-16.P2.el7_8.6.src.rpm noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm x86_64: bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bind-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: bind-9.11.4-16.P2.el7_8.6.src.rpm noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm ppc64: bind-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.ppc.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-libs-9.11.4-16.P2.el7_8.6.ppc.rpm bind-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-utils-9.11.4-16.P2.el7_8.6.ppc64.rpm ppc64le: bind-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-utils-9.11.4-16.P2.el7_8.6.ppc64le.rpm s390x: bind-9.11.4-16.P2.el7_8.6.s390x.rpm bind-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.s390.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.s390x.rpm bind-libs-9.11.4-16.P2.el7_8.6.s390.rpm bind-libs-9.11.4-16.P2.el7_8.6.s390x.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.s390.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.s390x.rpm bind-utils-9.11.4-16.P2.el7_8.6.s390x.rpm x86_64: bind-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.ppc64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64.rpm ppc64le: bind-debuginfo-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-sdb-9.11.4-16.P2.el7_8.6.ppc64le.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.ppc64le.rpm s390x: bind-debuginfo-9.11.4-16.P2.el7_8.6.s390.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.s390x.rpm bind-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.s390x.rpm bind-sdb-9.11.4-16.P2.el7_8.6.s390x.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.s390x.rpm x86_64: bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: bind-9.11.4-16.P2.el7_8.6.src.rpm noarch: bind-license-9.11.4-16.P2.el7_8.6.noarch.rpm x86_64: bind-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.i686.rpm bind-libs-lite-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-libs-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-utils-9.11.4-16.P2.el7_8.6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bind-debuginfo-9.11.4-16.P2.el7_8.6.i686.rpm bind-debuginfo-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-export-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-lite-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.i686.rpm bind-pkcs11-devel-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-9.11.4-16.P2.el7_8.6.x86_64.rpm bind-sdb-chroot-9.11.4-16.P2.el7_8.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/cve/CVE-2020-8617 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXtTLT9zjgjWX9erEAQgZIhAApcPTwXOJR5ZcZSycdasXkiT5KuLsEXGl ZzYZC1xN62FE00ctUoNtGIP9xwVTUp8C7K8vDvpi38Fu/br0oWKfdudldn/iYIlW lVRNyD71aHS0CcE29+eFF8TofsNRZ2hYbTcYJIX1AbsqEb5IqAwhOxEoKdraTzG8 zx5MQc/61aRr/kjAdaamy8dLdKCXwPZ43471xsABXqGXtuBbOJCbPpbKV6iUhNFD RQc2m0D8W7/mbduKnBbMI/FmSMY2j9jfJmVHVHlfczvIiXey/ntzso+Fe292OFoR 3dhI8wjHgxA1XuQXGt+xxxqwFfGF8QBdqqzBFzZdyf7hxHtv/RxoTNj3JXrFZtex tx9JBsk8sBmJl2pb17ak6LplCQhTP0E4GplWb62P9mr4EwZyfN/Qq09WyiN7B6te 8frV/h8n1rQu2etLQSJjXwA6/05h1ScRdl0dcxi+8PqCI7ik0QBKw6zbRzKr/XEd YJgGVBHVYbrCtAxqZ8Mtl1WoN9SuwAb06hHH8lVotpU0JrB+RZtfQbxmKycX8MHd q+4FtmEKSiiblhvQ4qQaOpXzkONvSlOpsQx+y5795IM4eXVA2dIv+/E6F0dNApJC nW887uzHRKTymT6/2p5sDVTm8ioN2LGGX9KoiHrhIsmLWwI4UzVrUQJZFGsOMYSj N3gJ4Ik0DPQ=qhuZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 3.15

sources: NVD: CVE-2020-8616 // JVNDB: JVNDB-2020-000036 // JVNDB: JVNDB-2020-004591 // VULMON: CVE-2020-8616 // PACKETSTORM: 157966 // PACKETSTORM: 158844 // PACKETSTORM: 158899 // PACKETSTORM: 158276 // PACKETSTORM: 157921 // PACKETSTORM: 158900 // PACKETSTORM: 158130 // PACKETSTORM: 157889

AFFECTED PRODUCTS

vendor:iscmodel:bindscope:eqversion:9.10.5

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.15.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.16.2

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.17.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.11.5

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.11.3

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.12.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.13.7

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.16.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.12.4

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.15.6

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.11.7

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.11.6

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.14.0

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.10.7

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.9.3

Trust: 1.0

vendor:iscmodel:bindscope:eqversion:9.11.8

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.0.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.11.18

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.12.4

Trust: 1.0

vendor:iscmodel:bindscope:gteversion:9.13.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.14.11

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:iscmodel:bindscope:lteversion:9.17.1

Trust: 1.0

vendor:xackmodel:dnsscope:eqversion:1.10.0 から 1.10.8

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.11.0 から 1.11.4

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.7.0 から 1.7.18

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.7.0 の全て

Trust: 0.8

vendor:xackmodel:dnsscope:eqversion:1.8.0 から 1.8.23

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.11.0 から 9.11.18

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.12.0 から 9.12.4-p2

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.14.0 から 9.14.11

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:9.16.0 から 9.16.2

Trust: 0.8

vendor:iscmodel:bindscope:eqversion:supported preview edition 9.9.3-s1 から 9.11.18-s1

Trust: 0.8

sources: JVNDB: JVNDB-2020-000036 // JVNDB: JVNDB-2020-004591 // NVD: CVE-2020-8616

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2020-004591
value: HIGH

Trust: 1.6

nvd@nist.gov: CVE-2020-8616
value: HIGH

Trust: 1.0

security-officer@isc.org: CVE-2020-8616
value: HIGH

Trust: 1.0

IPA: JVNDB-2020-000036
value: HIGH

Trust: 0.8

VULMON: CVE-2020-8616
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-8616
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2020-000036
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-8616
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 2.0

IPA: JVNDB-2020-000036
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-004591
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA score: JVNDB-2020-004591
baseSeverity: HIGH
baseScore: 7.5
vectorString: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-8616 // JVNDB: JVNDB-2020-000036 // JVNDB: JVNDB-2020-004591 // JVNDB: JVNDB-2020-004591 // NVD: CVE-2020-8616 // NVD: CVE-2020-8616

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-000036 // NVD: CVE-2020-8616

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-000036

PATCH
title:CVE-2020-8616 (NXNSAttack) についてurl:https://xack.co.jp/info/?ID=622
Trust: 0.8
title:CVE-2020-8616: BIND does not sufficiently limit the number of fetches performed when processing referralsurl:https://kb.isc.org/docs/cve-2020-8616
Trust: 0.8
title:CVE-2020-8617: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.curl:https://kb.isc.org/docs/cve-2020-8617
Trust: 0.8
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203433 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202383 - Security Advisory
Trust: 0.1
title:Ubuntu Security Notice: bind9 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4365-1
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203272 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203470 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202404 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203471 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203379 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202345 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202338 - Security Advisory
Trust: 0.1
title:Ubuntu Security Notice: bind9 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4365-2
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203475 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202344 - Security Advisory
Trust: 0.1
title:Red Hat: Important: bind security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203378 - Security Advisory
Trust: 0.1
title:Debian CVElist Bug Report Logs: bind9: CVE-2020-8616 CVE-2020-8617url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=381e66e05d75d93918e55cdaa636e1b0
Trust: 0.1
title:Debian Security Advisories: DSA-4689-1 bind9 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=808ccb545c64882f6cfa960abf75abfa
Trust: 0.1
title:Red Hat: Moderate: OpenShift Container Platform 4.4.8 openshift-enterprise-hyperkube-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202449 - Security Advisory
Trust: 0.1
title:Red Hat: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202595 - Security Advisory
Trust: 0.1
title:Amazon Linux AMI: ALAS-2020-1369url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1369
Trust: 0.1
title:Red Hat: Moderate: OpenShift Container Platform 4.3.25 openshift-enterprise-hyperkube-container security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202441 - Security Advisory
Trust: 0.1
title:Red Hat: Moderate: OpenShift Container Platform 4.3.25 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202439 - Security Advisory
Trust: 0.1
title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-8616 log
Trust: 0.1
title:Arch Linux Advisories: [ASA-202005-13] bind: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-13
Trust: 0.1
title:Amazon Linux 2: ALAS2-2020-1426url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1426
Trust: 0.1
title:IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39
Trust: 0.1
title:Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203194 - Security Advisory
Trust: 0.1
title: - url:https://github.com/pexip/os-bind9-libs 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-8616 // 
            
            
            
            JVNDB: JVNDB-2020-000036 // 
            
            
            
            JVNDB: JVNDB-2020-004591

EXTERNAL IDS
db:NVDid:CVE-2020-8616
Trust: 3.5
db:OPENWALLid:OSS-SECURITY/2020/05/19/4
Trust: 1.1
db:JVNid:JVN40208370
Trust: 0.8
db:JVNDBid:JVNDB-2020-000036
Trust: 0.8
db:JVNid:JVNVU92065932
Trust: 0.8
db:JVNDBid:JVNDB-2020-004591
Trust: 0.8
db:VULMONid:CVE-2020-8616
Trust: 0.1
db:PACKETSTORMid:157966
Trust: 0.1
db:PACKETSTORMid:158844
Trust: 0.1
db:PACKETSTORMid:158899
Trust: 0.1
db:PACKETSTORMid:158276
Trust: 0.1
db:PACKETSTORMid:157921
Trust: 0.1
db:PACKETSTORMid:158900
Trust: 0.1
db:PACKETSTORMid:158130
Trust: 0.1
db:PACKETSTORMid:157889
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-8616 // 
            
            
            
            JVNDB: JVNDB-2020-000036 // 
            
            
            
            JVNDB: JVNDB-2020-004591 // 
            
            
            
            PACKETSTORM: 157966 // 
            
            
            
            PACKETSTORM: 158844 // 
            
            
            
            PACKETSTORM: 158899 // 
            
            
            
            PACKETSTORM: 158276 // 
            
            
            
            PACKETSTORM: 157921 // 
            
            
            
            PACKETSTORM: 158900 // 
            
            
            
            PACKETSTORM: 158130 // 
            
            
            
            PACKETSTORM: 157889 // 
            
            
            
            NVD: CVE-2020-8616

REFERENCES
url:https://jprs.jp/tech/security/2020-05-20-bind9-vuln-processing-referrals.html
Trust: 1.6
url:http://www.nxnsattack.com/
Trust: 1.6
url:https://usn.ubuntu.com/4365-1/
Trust: 1.2
url:http://www.nxnsattack.com
Trust: 1.1
url:https://kb.isc.org/docs/cve-2020-8616
Trust: 1.1
url:http://www.openwall.com/lists/oss-security/2020/05/19/4
Trust: 1.1
url:https://www.debian.org/security/2020/dsa-4689
Trust: 1.1
url:https://security.netapp.com/advisory/ntap-20200522-0002/
Trust: 1.1
url:https://usn.ubuntu.com/4365-2/
Trust: 1.1
url:https://www.synology.com/security/advisory/synology_sa_20_12
Trust: 1.1
url:https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html
Trust: 1.1
url:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html
Trust: 1.1
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/
Trust: 1.0
url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5591
Trust: 0.8
url:https://jvn.jp/jp/jvn40208370/index.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8616
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8617
Trust: 0.8
url:http://jvn.jp/cert/jvnvu92065932
Trust: 0.8
url:https://jprs.jp/tech/security/2020-05-20-bind9-vuln-tsig.html
Trust: 0.8
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-8616
Trust: 0.8
url:https://access.redhat.com/security/cve/cve-2020-8617
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-8617
Trust: 0.8
url:https://bugzilla.redhat.com/):
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-8616
Trust: 0.8
url:https://access.redhat.com/security/team/contact/
Trust: 0.8
url:https://access.redhat.com/security/team/key/
Trust: 0.6
url:https://access.redhat.com/articles/11258
Trust: 0.6
url:https://access.redhat.com/security/updates/classification/#important
Trust: 0.6
url:https://access.redhat.com/errata/rhsa-2020:3433
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#moderate
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-1750
Trust: 0.2
url:https://access.redhat.com/security/cve/cve-2020-1750
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/400.html
Trust: 0.1
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/
Trust: 0.1
url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://security.archlinux.org/cve-2020-8616
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2404
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:3471
Trust: 0.1
url:https://docs.openshift.com/container-platform/4.2/updating/updating-cluster
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2595
Trust: 0.1
url:https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2383
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:3470
Trust: 0.1
url:https://docs.openshift.com/container-platform/4.3/updating/updating-cluster
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2439
Trust: 0.1
url:https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel
Trust: 0.1
url:https://access.redhat.com/errata/rhsa-2020:2344
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-8616 // 
            
            
            
            JVNDB: JVNDB-2020-000036 // 
            
            
            
            JVNDB: JVNDB-2020-004591 // 
            
            
            
            PACKETSTORM: 157966 // 
            
            
            
            PACKETSTORM: 158844 // 
            
            
            
            PACKETSTORM: 158899 // 
            
            
            
            PACKETSTORM: 158276 // 
            
            
            
            PACKETSTORM: 157921 // 
            
            
            
            PACKETSTORM: 158900 // 
            
            
            
            PACKETSTORM: 158130 // 
            
            
            
            PACKETSTORM: 157889 // 
            
            
            
            NVD: CVE-2020-8616

CREDITS
Red Hat
Trust: 0.8
sources:
            
            
            PACKETSTORM: 157966 // 
            
            
            
            PACKETSTORM: 158844 // 
            
            
            
            PACKETSTORM: 158899 // 
            
            
            
            PACKETSTORM: 158276 // 
            
            
            
            PACKETSTORM: 157921 // 
            
            
            
            PACKETSTORM: 158900 // 
            
            
            
            PACKETSTORM: 158130 // 
            
            
            
            PACKETSTORM: 157889

SOURCES
db:VULMONid:CVE-2020-8616
db:JVNDBid:JVNDB-2020-000036
db:JVNDBid:JVNDB-2020-004591
db:PACKETSTORMid:157966
db:PACKETSTORMid:158844
db:PACKETSTORMid:158899
db:PACKETSTORMid:158276
db:PACKETSTORMid:157921
db:PACKETSTORMid:158900
db:PACKETSTORMid:158130
db:PACKETSTORMid:157889
db:NVDid:CVE-2020-8616

LAST UPDATE DATE
2024-12-21T22:15:42.622000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-8616date:2020-10-20T00:00:00
db:JVNDBid:JVNDB-2020-000036date:2020-06-05T00:00:00
db:JVNDBid:JVNDB-2020-004591date:2020-05-21T00:00:00
db:NVDid:CVE-2020-8616date:2024-11-21T05:39:07.857

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-8616date:2020-05-19T00:00:00
db:JVNDBid:JVNDB-2020-000036date:2020-06-05T00:00:00
db:JVNDBid:JVNDB-2020-004591date:2020-05-21T00:00:00
db:PACKETSTORMid:157966date:2020-06-04T19:22:22
db:PACKETSTORMid:158844date:2020-08-12T15:54:40
db:PACKETSTORMid:158899date:2020-08-18T16:16:40
db:PACKETSTORMid:158276date:2020-07-02T15:41:03
db:PACKETSTORMid:157921date:2020-06-03T15:55:41
db:PACKETSTORMid:158900date:2020-08-18T16:18:47
db:PACKETSTORMid:158130date:2020-06-17T21:44:50
db:PACKETSTORMid:157889date:2020-06-01T16:50:28
db:NVDid:CVE-2020-8616date:2020-05-19T14:15:11.877