CVE-2020-8623 – A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
https://notcve.org/view.php?id=CVE-2020-8623
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker En BIND versiones 9.10.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, también afecta a versiones 9.10.5-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante que puede llegar a un sistema vulnerable con un paquete de consulta especialmente diseñado puede desencadenar un bloqueo. Para ser vulnerable, el sistema debe: * estar ejecutando BIND que fue creado con "--enable-native-pkcs11" * estar firmando una o más zonas con una clave RSA * ser capaz de recibir consultas de un posible atacante A flaw was found in bind. An assertion failure can occur when a specially crafted query for a zone signed with an RSA key. BIND must be compiled with "--enable-native-pkcs11" for the system to be affected. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://kb.isc.org/docs/cve-2020-8623 https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP https://security. • CWE-400: Uncontrolled Resource Consumption CWE-617: Reachable Assertion •
CVE-2020-8622 – A truncated TSIG response can lead to an assertion failure
https://notcve.org/view.php?id=CVE-2020-8622
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit. En BIND versiones 9.0.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, también afecta a versiones 9.9.3-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante sobre la ruta de la red para una petición firmada por TSIG, u operando el servidor que recibe la petición firmada por TSIG, podría enviar una respuesta truncada a esa petición, desencadenando un fallo de aserción y causando que el servidor salga. Alternativamente, un atacante fuera de la ruta tendría que adivinar correctamente cuándo fue enviada una petición firmada por TSIG, junto con otras características del paquete y mensaje, y falsificar una respuesta truncada para desencadenar un fallo de aserción, causando la salida del servidor. A flaw was found in bind. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://kb.isc.org/docs/cve-2020-8622 https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP https://security. • CWE-400: Uncontrolled Resource Consumption CWE-617: Reachable Assertion •
CVE-2020-8621 – Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
https://notcve.org/view.php?id=CVE-2020-8621
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. En BIND versiones 9.14.0 -) 9.16.5, 9.17.0 -) 9.17.3, si un servidor está configurado con minimización de QNAME y "forward first", entonces un atacante que pueda enviarle consultas puede ser capaz de desencadenar la condición que causará que el servidor se bloquee. Los servidores con "forward only" no están afectados. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://kb.isc.org/docs/cve-2020-8621 https://security.gentoo.org/glsa/202008-19 https://security.netapp.com/advisory/ntap-20200827-0003 https://usn.ubuntu.com/4468-1 https://www.synology.com/security/advisory/Synology_SA_20_19 • CWE-617: Reachable Assertion •
CVE-2017-12074
https://notcve.org/view.php?id=CVE-2017-12074
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. Una vulnerabilidad de salto de directorio en SYNO.DNSServer.Zone.MasterZoneConf en Synology DNS Server en versiones anteriores a la 2.2.1-3042 permite que atacantes remotos escriban archivos arbitrarios mediante el parámetro domain_name. • https://www.synology.com/en-global/support/security/Synology_SA_17_46_DNS_Server • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •