Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.6
CVSSv3

CVE-2020-8616

Published: 19/05/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 8.6 | Impact Score: 4 | Exploitability Score: 3.9
VMScore: 448
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Isc

Vulnerability Summary

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. (CVE-2020-8617) A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an malicious user to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

isc bind

isc bind 9.12.4

isc bind 9.11.7

isc bind 9.11.3

isc bind 9.11.6

isc bind 9.10.5

isc bind 9.11.5

isc bind 9.9.3

isc bind 9.10.7

isc bind 9.11.8

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: bind9: CVE-2020-8616 CVE-2020-8617
Debian Bug report logs - #961939 bind9: CVE-2020-8616 CVE-2020-8617 Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 31 May 2020 19:27:02 UTC Severity: grave Tags: security, upstream Found in versions bind9 ...
Debian Security Advisories: DSA-4689-1 bind9 -- security update
Several vulnerabilities were discovered in BIND, a DNS server implementation CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals An att ...
Ubuntu Security Notice: bind9 vulnerabilities
Several security issues were fixed in Bind ...
Ubuntu Security Notice: bind9 vulnerabilities
Several security issues were fixed in Bind ...
Amazon Linux AMI: ALAS-2020-1369
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral This has at least two potential effects: The performa ...
Amazon Linux 2: ALAS2-2020-1426
An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: OpenShift Container Platform 4.3.25 security update
Synopsis Moderate: OpenShift Container Platform 4325 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4325 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this up ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: OpenShift Container Platform 4.3.25 openshift-enterprise-hyperkube-container security update
Synopsis Moderate: OpenShift Container Platform 4325 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has ra ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solutio ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP Solutio ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: OpenShift Container Platform 4.4.8 openshift-enterprise-hyperkube-container security update
Synopsis Moderate: OpenShift Container Platform 448 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rat ...
Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update
Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Red Hat: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update
Synopsis Moderate: OpenShift Container Platform 4236 ose-machine-config-operator-container security update Type/Severity Security Advisory: Moderate Topic An update for ose-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated th ...
Red Hat: Important: bind security update
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Arch Linux Issues:
An issue has been found in bind before 9163, which does not sufficiently limit the number of fetches which may be performed while processing a referral response A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted refe ...

Mailing Lists

Full Disclosure: Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

CWE-400http://www.nxnsattack.comhttps://kb.isc.org/docs/cve-2020-8616http://www.openwall.com/lists/oss-security/2020/05/19/4https://www.debian.org/security/2020/dsa-4689https://security.netapp.com/advisory/ntap-20200522-0002/https://usn.ubuntu.com/4365-2/https://www.synology.com/security/advisory/Synology_SA_20_12https://usn.ubuntu.com/4365-1/https://lists.debian.org/debian-lts-announce/2020/05/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939https://usn.ubuntu.com/4365-1/https://www.debian.org/security/2020/dsa-4689https://alas.aws.amazon.com/AL2/ALAS-2020-1426.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook