CVSS: 7.5EPSS: 97%CPEs: 31EXPL: 2CVE-2020-8617 – A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
https://notcve.org/view.php?id=CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. Al usar un mensaje especialmente diseñado, un atacante puede causar que un servidor BIND alcance un estado inconsistente si el atacante conoce (o adivina con éxito) el nombre de una clave TSIG utilizada por el servidor. • https://www.exploit-db.com/exploits/48521 https://github.com/knqyf263/CVE-2020-8617 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html http://www.openwall.com/lists/oss-security/2020/05/19/4 https://kb.isc.org/docs/cve-2020-8617 https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html https:/ • CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 1%CPEs: 20EXPL: 1CVE-2020-8616 – BIND does not sufficiently limit the number of fetches performed when processing referrals
https://notcve.org/view.php?id=CVE-2020-8616
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. Un actor malicioso que explota intencionalmente esta falta de limitación efectiva en el número de recuperaciones realizadas cuando se procesan referencias puede, mediante el uso de referencias especialmente diseñadas, causar que un servidor recurrente emita una gran cantidad de recuperaciones en un intento de procesar la referencia. Esto tiene al menos dos efectos potenciales: el rendimiento del servidor recurrente puede estar potencialmente afectado por el trabajo adicional requerido para realizar estas recuperaciones, y el atacante puede explotar este comportamiento para utilizar el servidor recurrente como un reflector en un ataque de reflexión con un alto factor de amplificación A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.nxnsattack.com http://www.openwall.com/lists/oss-security/2020/05/19/4 https://kb.isc.org/docs/cve-2020-8616 https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ https://lists.fedoraproject.org/archi • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5741 – Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation
https://notcve.org/view.php?id=CVE-2018-5741
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.securityfocus.com/bid/105379 http://www.securitytracker.com/id/1041674 https://access.redhat.com/errata/RHSA-2019:2057 https://kb.isc.org/docs/cve-2018-5741 https://security.gentoo.org/glsa/201903-13 https://security.netapp.com/advisory/ntap-20190830-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&doc • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 87%CPEs: 45EXPL: 0CVE-2016-9131 – bind: assertion failure while processing response to an ANY query
https://notcve.org/view.php?id=CVE-2016-9131
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada a una query RTYPE ANY. A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2017-0062.html http://www.debian.org/security/2017/dsa-3758 http://www.securityfocus.com/bid/95386 http://www.securitytracker.com/id/1037582 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https://kb.isc.org/article/AA-01439/74/CVE-2016-9131 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https: • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 75%CPEs: 318EXPL: 0CVE-2016-9444 – bind: assertion failure while handling an unusually-formed DS record response
https://notcve.org/view.php?id=CVE-2016-9444
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. named en ISC BIND 9.x en versiones anteriores a 9.9.9-P5, 9.10.x en versiones anteriores a 9.10.4-P5 y 9.11.x en versiones anteriores a 9.11.0-P2 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de recursos DS manipulado en una respuesta. A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. • http://rhn.redhat.com/errata/RHSA-2017-0062.html http://www.debian.org/security/2017/dsa-3758 http://www.securityfocus.com/bid/95393 http://www.securitytracker.com/id/1037582 https://access.redhat.com/errata/RHSA-2017:1583 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687 https://kb.isc.org/article/AA-01441/74/CVE-2016-9444 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180926-0005 https: • CWE-20: Improper Input Validation •