![]() ![]() The bug doesn’t allow remote code execution or any privileged access to the BIND server, but could be used to knock the target server offline. The DoS vulnerability (CVE-2020-8620) affects BIND 9.16.1 through 9.17.1 and it’s easily exploitable without any authentication. The vulnerability, along with several other less-serious ones, have been fixed in updated versions of BIND. To be notified of vulnerabilities when they are published in the future, please consider subscribing.Several recent versions of the BIND name server are vulnerable to a remotely exploitable buffer overflow flaw that can cause the server to crash repeatedly, resulting in a denial of service. We announce significant BIND 9 vulnerabilities on the bind-users list, in accordance with our published Software Defect and Security Vulnerability Disclosure Policy. FAQ and Supplemental Information for CVE-2020-8617.A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c.BIND does not sufficiently limit the number of fetches performed when processing referrals. ![]() CVE 2020-8617 affects both recursive resolvers and authoritative servers and is an assertion failure.įor more details, please consult the official vulnerability announcements linked above and below. Most currently supported versions of BIND 9 from ISC are vulnerable to these two issues.ĬVE 2020-8616 affects recursive resolvers only, and is a vulnerability to an amplification attack. Both are High Severity vulnerabilities that we recommend operators patch as soon as possible. The two vulnerabilities are CVE 2020-8616 and CVE 2020-8617.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |