CVE-2020-8617

A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Al usar un mensaje especialmente diseñado, un atacante puede causar que un servidor BIND alcance un estado inconsistente si el atacante conoce (o adivina con éxito) el nombre de una clave TSIG utilizada por el servidor. Dado que BIND, por defecto, configura una clave de sesión local incluso en servidores cuya configuración no la usa, casi todos los servidores BIND actuales son vulnerables. En los lanzamientos de BIND que datan de marzo de 2018 y posteriores, una comprobación de afirmación en el archivo tsig.c detecta este estado inconsistente y se cierra deliberadamente. Antes de la introducción de la comprobación, el servidor continuaría funcionando en un estado inconsistente, con resultados potencialmente dañinos.

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled.

A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-02-05 CVE Reserved
2020-05-19 CVE Published
2020-05-20 First Exploit
2024-08-28 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-617: Reachable Assertion

CAPEC

References (16)

URL	Tag	Source
http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html	Mailing List
https://security.netapp.com/advisory/ntap-20200522-0002	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/48521	2020-05-20
https://github.com/knqyf263/CVE-2020-8617	2020-05-20

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2020/05/19/4	2023-11-07
https://kb.isc.org/docs/cve-2020-8617	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI	2023-11-07
https://usn.ubuntu.com/4365-1	2023-11-07
https://usn.ubuntu.com/4365-2	2023-11-07
https://www.debian.org/security/2020/dsa-4689	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-8617	2020-08-18
https://bugzilla.redhat.com/show_bug.cgi?id=1836124	2020-08-18

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.0.0 <= 9.11.18 Search vendor "Isc" for product "Bind" and version " >= 9.0.0 <= 9.11.18"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.12.0 <= 9.12.4 Search vendor "Isc" for product "Bind" and version " >= 9.12.0 <= 9.12.4"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.13.0 <= 9.13.7 Search vendor "Isc" for product "Bind" and version " >= 9.13.0 <= 9.13.7"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.14.0 <= 9.14.11 Search vendor "Isc" for product "Bind" and version " >= 9.14.0 <= 9.14.11"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.15.0 <= 9.15.6 Search vendor "Isc" for product "Bind" and version " >= 9.15.0 <= 9.15.6"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.16.0 <= 9.16.2 Search vendor "Isc" for product "Bind" and version " >= 9.16.0 <= 9.16.2"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				>= 9.17.0 <= 9.17.1 Search vendor "Isc" for product "Bind" and version " >= 9.17.0 <= 9.17.1"		-		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.12.4 Search vendor "Isc" for product "Bind" and version "9.12.4"		p1		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.12.4 Search vendor "Isc" for product "Bind" and version "9.12.4"		p2		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.9.3 Search vendor "Isc" for product "Bind" and version "9.9.3"		s1, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.10.5 Search vendor "Isc" for product "Bind" and version "9.10.5"		s1, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.10.7 Search vendor "Isc" for product "Bind" and version "9.10.7"		s1, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.11.3 Search vendor "Isc" for product "Bind" and version "9.11.3"		s1, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5"		s3, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.11.5 Search vendor "Isc" for product "Bind" and version "9.11.5"		s5, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.11.6 Search vendor "Isc" for product "Bind" and version "9.11.6"		s1, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.11.7 Search vendor "Isc" for product "Bind" and version "9.11.7"		s1, supported_preview		Affected
Isc Search vendor "Isc"		Bind Search vendor "Isc" for product "Bind"				9.11.8 Search vendor "Isc" for product "Bind" and version "9.11.8"		s1, supported_preview		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				31 Search vendor "Fedoraproject" for product "Fedora" and version "31"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				32 Search vendor "Fedoraproject" for product "Fedora" and version "32"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.1 Search vendor "Opensuse" for product "Leap" and version "15.1"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				15.2 Search vendor "Opensuse" for product "Leap" and version "15.2"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		esm		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04"		lts		Affected