CVSS: 8.6EPSS: 1%CPEs: 20EXPL: 1CVE-2020-8616 – BIND does not sufficiently limit the number of fetches performed when processing referrals
https://notcve.org/view.php?id=CVE-2020-8616
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. Un actor malicioso que explota intencionalmente esta falta de limitación efectiva en el número de recuperaciones realizadas cuando se procesan referencias puede, mediante el uso de referencias especialmente diseñadas, causar que un servidor recurrente emita una gran cantidad de recuperaciones en un intento de procesar la referencia. Esto tiene al menos dos efectos potenciales: el rendimiento del servidor recurrente puede estar potencialmente afectado por el trabajo adicional requerido para realizar estas recuperaciones, y el atacante puede explotar este comportamiento para utilizar el servidor recurrente como un reflector en un ataque de reflexión con un alto factor de amplificación A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.nxnsattack.com http://www.openwall.com/lists/oss-security/2020/05/19/4 https://kb.isc.org/docs/cve-2020-8616 https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ https://lists.fedoraproject.org/archi • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 0%CPEs: 78EXPL: 0CVE-2018-5743 – Limiting simultaneous TCP clients was ineffective
https://notcve.org/view.php?id=CVE-2018-5743
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. • https://kb.isc.org/docs/cve-2018-5743 https://support.f5.com/csp/article/K74009656?utm_source=f5support&%3Butm_medium=RSS https://www.synology.com/security/advisory/Synology_SA_19_20 https://access.redhat.com/security/cve/CVE-2018-5743 https://bugzilla.redhat.com/show_bug.cgi?id=1702541 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.9EPSS: 0%CPEs: 12EXPL: 0CVE-2018-5745 – An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
https://notcve.org/view.php?id=CVE-2018-5745
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. • https://access.redhat.com/errata/RHSA-2019:3552 https://kb.isc.org/docs/cve-2018-5745 https://access.redhat.com/security/cve/CVE-2018-5745 https://bugzilla.redhat.com/show_bug.cgi?id=1679303 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-617: Reachable Assertion •
CVSS: 5.3EPSS: 0%CPEs: 15EXPL: 0CVE-2019-6465 – Zone transfer controls for writable DLZ zones were not effective
https://notcve.org/view.php?id=CVE-2019-6465
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465. Los controles para las transferencias de zona pueden no ser aplicados correctamente en Dynamically Loadable Zones (DLZs) si las zonas son grabables. Versiones afectadas: BIND 9.9.0 hasta 9.10.8-P1, 9.11.0 hasta 9.11.5-P2, 9.12.0 hasta 9.12.3-P2, y versiones 9.9.3-S1 hasta 9.11.5-S3 de BIND 9 Supported Preview Edition. • https://access.redhat.com/errata/RHSA-2019:3552 https://kb.isc.org/docs/cve-2019-6465 https://access.redhat.com/security/cve/CVE-2019-6465 https://bugzilla.redhat.com/show_bug.cgi?id=1679304 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5741 – Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation
https://notcve.org/view.php?id=CVE-2018-5741
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html http://www.securityfocus.com/bid/105379 http://www.securitytracker.com/id/1041674 https://access.redhat.com/errata/RHSA-2019:2057 https://kb.isc.org/docs/cve-2018-5741 https://security.gentoo.org/glsa/201903-13 https://security.netapp.com/advisory/ntap-20190830-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&doc • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •