NA

CVE-2020-8616

Published: 19/05/2020 Updated: 04/06/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2019-6477 It exists that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. CVE-2020-8616 It exists that BIND does not sufficiently limit the number of fetches performed when processing referrals. An attacker can take advantage of this flaw to cause a denial of service (performance degradation) or use the recursing server in a reflection attack with a high amplification factor. CVE-2020-8617 It exists that a logic error in the code which checks TSIG validity can be used to trigger an assertion failure, resulting in denial of service. For the oldstable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u6. For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u1. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: security-tracker.debian.org/tracker/bind9

Vulnerability Trend

Affected Products

Vendor Product Versions
IscBind9.0.0, 9.0.1, 9.1, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.2.5, 9.2.6, 9.2.7, 9.2.8, 9.2.9, 9.3, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 9.3.6, 9.4, 9.4.0, 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1, 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.1, 9.4.2, 9.4.3, 9.4.3b1, 9.4.3b2, 9.4.3b3, 9.4.4, 9.5, 9.5.0, 9.5.0-p1, 9.5.0-p2, 9.5.0-p2-w1, 9.5.0-p2-w2, 9.5.0a1, 9.5.0a2, 9.5.0a3, 9.5.0a4, 9.5.0a5, 9.5.0a6, 9.5.0a7, 9.5.0b1, 9.5.0b2, 9.5.0b3, 9.5.1, 9.5.1b1, 9.5.1b2, 9.5.1b3, 9.5.2, 9.5.2-p1, 9.5.2-p2, 9.5.2-p3, 9.5.2-p4, 9.5.2b1, 9.5.3, 9.5.3b1, 9.6, 9.6-esv, 9.6-esv-r1, 9.6-esv-r2, 9.6-esv-r3, 9.6-esv-r4, 9.6-esv-r4-p1, 9.6-esv-r5, 9.6-esv-r5b1, 9.6-esv-r6, 9.6-esv-r7, 9.6-esv-r9, 9.6.0, 9.6.0a1, 9.6.0b1, 9.6.1, 9.6.1b1, 9.6.2, 9.6.2-p1, 9.6.2-p2, 9.6.2-p3, 9.6.2b1, 9.6.3, 9.6.3b1, 9.7.0, 9.7.0a1, 9.7.0a2, 9.7.0a3, 9.7.0b1, 9.7.0b2, 9.7.0b3, 9.7.1, 9.7.1b1, 9.7.2, 9.7.3, 9.7.4, 9.7.4b1, 9.7.5, 9.7.6, 9.7.7, 9.8.0, 9.8.1, 9.8.2, 9.8.3, 9.8.4, 9.8.5, 9.8.6, 9.8.7, 9.8.8, 9.8.9, 9.9.0, 9.9.1, 9.9.2, 9.9.3, 9.9.4, 9.9.4-65, 9.9.4-72, 9.9.5, 9.9.6, 9.9.7, 9.9.8, 9.9.9, 9.9.10, 9.9.11, 9.9.12, 9.9.13, 9.10.0, 9.10.1, 9.10.2, 9.10.3, 9.10.4, 9.10.5, 9.10.6, 9.10.7, 9.10.8, 9.11.0, 9.11.1, 9.11.2, 9.11.3, 9.11.4, 9.11.5, 9.11.6, 9.11.7, 9.11.8, 9.11.9, 9.11.10, 9.11.11, 9.11.12, 9.12.0, 9.12.1, 9.12.2, 9.12.3, 9.12.4, 9.13.0, 9.13.1, 9.13.2, 9.13.3, 9.13.4, 9.13.5, 9.13.6, 9.13.7, 9.14.0, 9.14.1, 9.14.2, 9.14.3, 9.14.4, 9.14.5, 9.14.6, 9.14.7, 9.14.8, 9.15.0, 9.15.1, 9.15.2, 9.15.3, 9.15.4, 9.15.5, 9.15.6
DebianDebian Linux9.0, 10

Vendor Advisories

Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: bind security update Type/Severity Security Advisory: Important Topic An update for bind is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Several security issues were fixed in Bind ...
Debian Bug report logs - #961939 bind9: CVE-2020-8616 CVE-2020-8617 Package: src:bind9; Maintainer for src:bind9 is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 31 May 2020 19:27:02 UTC Severity: grave Tags: security, upstream Found in versions bind9 ...
Several security issues were fixed in Bind ...
Synopsis Moderate: OpenShift Container Platform 4325 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4325 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this up ...
Synopsis Moderate: OpenShift Container Platform 4325 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has ra ...
Synopsis Moderate: OpenShift Container Platform 448 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rat ...
Synopsis Moderate: OpenShift Container Platform 4236 ose-machine-config-operator-container security update Type/Severity Security Advisory: Moderate Topic An update for ose-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated th ...
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral This has at least two potential effects: The performa ...
Several vulnerabilities were discovered in BIND, a DNS server implementation CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals An att ...
Arch Linux Security Advisory ASA-202005-13 ========================================== Severity: High Date : 2020-05-20 CVE-ID : CVE-2020-8616 CVE-2020-8617 Package : bind Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-1165 Summary ======= The package bind before version 9163-1 is vulnerable to denial ...
An issue has been found in bind before 9163, which does not sufficiently limit the number of fetches which may be performed while processing a referral response A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted refe ...
An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service ...

Mailing Lists

On May 19, 2020, Internet Systems Consortium have disclosed two vulnerabilities in our BIND 9 software: CVE-2020-8616: BIND does not sufficiently limit the number of fetches performed when processing referrals kbiscorg/docs/cve-2020-8616 CVE-2020-8617: A logic error in code which checks TSIG validity can be used to trigge ...