Details of VAR-202005-1028

ID

VAR-202005-1028

CVE

CVE-2020-8616

TITLE

XACK DNS Service operation interruption in (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-000036

DESCRIPTION

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks. ========================================================================= Ubuntu Security Notice USN-4365-2 May 20, 2020 bind9 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: bind9 1:9.9.5.dfsg-3ubuntu0.19+esm2 Ubuntu 12.04 ESM: bind9 1:9.8.1.dfsg.P1-4ubuntu0.30 In general, a standard system update will make all the necessary changes. 6.6) - x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.25, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1808130 - CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive 5. 8) - aarch64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2020:3272-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3272 Issue date: 2020-08-03 CVE Names: CVE-2020-8616 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.7): Source: bind-9.11.4-9.P2.el7_7.2.src.rpm noarch: bind-license-9.11.4-9.P2.el7_7.2.noarch.rpm x86_64: bind-debuginfo-9.11.4-9.P2.el7_7.2.i686.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.i686.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-libs-9.11.4-9.P2.el7_7.2.i686.rpm bind-libs-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.i686.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-utils-9.11.4-9.P2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7): x86_64: bind-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-chroot-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.i686.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.i686.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-utils-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-sdb-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-sdb-chroot-9.11.4-9.P2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.7): Source: bind-9.11.4-9.P2.el7_7.2.src.rpm noarch: bind-license-9.11.4-9.P2.el7_7.2.noarch.rpm ppc64: bind-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-chroot-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.ppc.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.ppc.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-libs-9.11.4-9.P2.el7_7.2.ppc.rpm bind-libs-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.ppc.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-pkcs11-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.ppc.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-pkcs11-utils-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-utils-9.11.4-9.P2.el7_7.2.ppc64.rpm ppc64le: bind-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-chroot-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-libs-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-pkcs11-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-pkcs11-utils-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-utils-9.11.4-9.P2.el7_7.2.ppc64le.rpm s390x: bind-9.11.4-9.P2.el7_7.2.s390x.rpm bind-chroot-9.11.4-9.P2.el7_7.2.s390x.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.s390.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.s390x.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.s390.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.s390x.rpm bind-libs-9.11.4-9.P2.el7_7.2.s390.rpm bind-libs-9.11.4-9.P2.el7_7.2.s390x.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.s390.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.s390x.rpm bind-pkcs11-9.11.4-9.P2.el7_7.2.s390x.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.s390.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.s390x.rpm bind-pkcs11-utils-9.11.4-9.P2.el7_7.2.s390x.rpm bind-utils-9.11.4-9.P2.el7_7.2.s390x.rpm x86_64: bind-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-chroot-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.i686.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.i686.rpm bind-export-libs-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-libs-9.11.4-9.P2.el7_7.2.i686.rpm bind-libs-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.i686.rpm bind-libs-lite-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.i686.rpm bind-pkcs11-libs-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-utils-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-utils-9.11.4-9.P2.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.7): ppc64: bind-debuginfo-9.11.4-9.P2.el7_7.2.ppc.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-devel-9.11.4-9.P2.el7_7.2.ppc.rpm bind-devel-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.ppc.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.ppc.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.ppc.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-sdb-9.11.4-9.P2.el7_7.2.ppc64.rpm bind-sdb-chroot-9.11.4-9.P2.el7_7.2.ppc64.rpm ppc64le: bind-debuginfo-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-devel-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-sdb-9.11.4-9.P2.el7_7.2.ppc64le.rpm bind-sdb-chroot-9.11.4-9.P2.el7_7.2.ppc64le.rpm s390x: bind-debuginfo-9.11.4-9.P2.el7_7.2.s390.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.s390x.rpm bind-devel-9.11.4-9.P2.el7_7.2.s390.rpm bind-devel-9.11.4-9.P2.el7_7.2.s390x.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.s390.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.s390x.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.s390.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.s390x.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.s390.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.s390x.rpm bind-sdb-9.11.4-9.P2.el7_7.2.s390x.rpm bind-sdb-chroot-9.11.4-9.P2.el7_7.2.s390x.rpm x86_64: bind-debuginfo-9.11.4-9.P2.el7_7.2.i686.rpm bind-debuginfo-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-export-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-lite-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.i686.rpm bind-pkcs11-devel-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-sdb-9.11.4-9.P2.el7_7.2.x86_64.rpm bind-sdb-chroot-9.11.4-9.P2.el7_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXyf1/tzjgjWX9erEAQiPlQ/9FMdv2krq2igtpHr6zpZ3cyaBIiDolzSQ r0kBMmZQeXz51ftkJvuGqReXh2vnsq/j2uPGyRk5kLFD7PzBp49Y1w1VQdkTp0Re GbBqXzA9vmFGqYLU5/xNPzWTXNkgNdFDEQHVj0rSrPbsyvbn98nN/cz8GIMQxSqm ZTRkAGnIqWi4XMphKsVZLsuLeXCeMTKuCaL8YpNaby+4pSkd+PzNA/N7dPS3PecS L5FekmUU34uVE5XpjLC7tXUw2PwK73DyZSsvgV7b12e5Un+hn8RLdSYpvjV+8bTS 11np9KuYd66g6D19poaS+osWlmIHPXtktgweKF4Xbr1EFIFTZqHuMuqBkcG0Z588 RODn0vl6+3ctdV9JyEWpRvom/FUZYE7L5VmkYi69kLmF3Eoy/tHbTmINGiNLVyAZ awexgHloZ2wtKmxD3WvpiWYfgR440jCUZS5UKmuwzPsmULkrcQP4mM1WsDykTrNM lbCn90POH3Oh9w/u+SoLR6SoaDUm8FJ2RPSLtw4fouMs2MPag1Z0RO4tS1At99JH AU+Kyxv9InX1HKYep5lSqww4hId+QfQlQojdoZ0+qtnlhq0CST4Q14PRMApu5kYe JANU4NCnP53RPWHkiWaZ7Gt7ML0FdJxqn3MCyXHdqrAyz2w0folFo1Q+0dDoFeQL gA9/pkIhsss=Axfm -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.34

sources: NVD: CVE-2020-8616 // JVNDB: JVNDB-2020-000036 // VULMON: CVE-2020-8616 // PACKETSTORM: 157784 // PACKETSTORM: 158805 // PACKETSTORM: 157759 // PACKETSTORM: 158130 // PACKETSTORM: 157864 // PACKETSTORM: 158720 // PACKETSTORM: 157890

AFFECTED PRODUCTS

vendor:	isc	model:	bind	scope:	eq	version:	9.10.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.15.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	lte	version:	9.16.2	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.17.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.11.5	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.11.3	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.12.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	lte	version:	9.13.7	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.16.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.12.4	Trust: 1.0
vendor:	isc	model:	bind	scope:	lte	version:	9.15.6	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.11.7	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.11.6	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.14.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.10.7	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.9.3	Trust: 1.0
vendor:	isc	model:	bind	scope:	eq	version:	9.11.8	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.0.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	lte	version:	9.11.18	Trust: 1.0
vendor:	isc	model:	bind	scope:	lte	version:	9.12.4	Trust: 1.0
vendor:	isc	model:	bind	scope:	gte	version:	9.13.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	lte	version:	9.14.11	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	isc	model:	bind	scope:	lte	version:	9.17.1	Trust: 1.0
vendor:	xack	model:	dns	scope:	eq	version:	1.10.0 から 1.10.8	Trust: 0.8
vendor:	xack	model:	dns	scope:	eq	version:	1.11.0 から 1.11.4	Trust: 0.8
vendor:	xack	model:	dns	scope:	eq	version:	1.7.0 から 1.7.18	Trust: 0.8
vendor:	xack	model:	dns	scope:	eq	version:	1.7.0 の全て	Trust: 0.8
vendor:	xack	model:	dns	scope:	eq	version:	1.8.0 から 1.8.23	Trust: 0.8

sources: JVNDB: JVNDB-2020-000036 // NVD: CVE-2020-8616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-8616
value:	HIGH
Trust: 1.0
security-officer@isc.org:	CVE-2020-8616
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2020-000036
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-917
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-8616
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-8616
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2020-000036
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-8616
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.0
version:	3.1
Trust: 2.0
IPA:	JVNDB-2020-000036
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-8616 // JVNDB: JVNDB-2020-000036 // CNNVD: CNNVD-202005-917 // NVD: CVE-2020-8616 // NVD: CVE-2020-8616

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2020-000036 // NVD: CVE-2020-8616

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 157784 // PACKETSTORM: 157759 // CNNVD: CNNVD-202005-917

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202005-917

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-000036

PATCH

title:	CVE-2020-8616 (NXNSAttack) について	url:	https://xack.co.jp/info/?ID=622	Trust: 0.8
title:	ISC BIND Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119356	Trust: 0.6
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203433 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202383 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: bind9 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4365-1	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203272 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203470 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202404 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203471 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203379 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202345 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202338 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: bind9 vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4365-2	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203475 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202344 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: bind security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203378 - Security Advisory	Trust: 0.1
title:	Debian CVElist Bug Report Logs: bind9: CVE-2020-8616 CVE-2020-8617	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=381e66e05d75d93918e55cdaa636e1b0	Trust: 0.1
title:	Debian Security Advisories: DSA-4689-1 bind9 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=808ccb545c64882f6cfa960abf75abfa	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.4.8 openshift-enterprise-hyperkube-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202449 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202595 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1369	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1369	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.3.25 openshift-enterprise-hyperkube-container security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202441 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift Container Platform 4.3.25 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202439 - Security Advisory	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-8616 log	Trust: 0.1
title:	Arch Linux Advisories: [ASA-202005-13] bind: denial of service	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202005-13	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1426	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1426	Trust: 0.1
title:	IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4ca8040b949152189bea3a3126afcd39	Trust: 0.1
title:	Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203194 - Security Advisory	Trust: 0.1
title:	-	url:	https://github.com/pexip/os-bind9-libs	Trust: 0.1

sources: VULMON: CVE-2020-8616 // JVNDB: JVNDB-2020-000036 // CNNVD: CNNVD-202005-917

EXTERNAL IDS

db:	NVD	id:	CVE-2020-8616	Trust: 3.2
db:	OPENWALL	id:	OSS-SECURITY/2020/05/19/4	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-000036	Trust: 1.4
db:	JVN	id:	JVN40208370	Trust: 0.8
db:	PACKETSTORM	id:	157784	Trust: 0.7
db:	PACKETSTORM	id:	157759	Trust: 0.7
db:	PACKETSTORM	id:	157864	Trust: 0.7
db:	PACKETSTORM	id:	158720	Trust: 0.7
db:	PACKETSTORM	id:	157890	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.1932	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3522	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2744	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2593	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0174	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1820	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2267	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1893.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1777	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1886	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1905	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1777.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1893.5	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2649	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1975	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2794	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2108	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2833	Trust: 0.6
db:	PACKETSTORM	id:	158908	Trust: 0.6
db:	PACKETSTORM	id:	158806	Trust: 0.6
db:	PACKETSTORM	id:	157921	Trust: 0.6
db:	PACKETSTORM	id:	158276	Trust: 0.6
db:	PACKETSTORM	id:	158844	Trust: 0.6
db:	PACKETSTORM	id:	158134	Trust: 0.6
db:	NSFOCUS	id:	48083	Trust: 0.6
db:	CNNVD	id:	CNNVD-202005-917	Trust: 0.6
db:	VULMON	id:	CVE-2020-8616	Trust: 0.1
db:	PACKETSTORM	id:	158805	Trust: 0.1
db:	PACKETSTORM	id:	158130	Trust: 0.1

sources: VULMON: CVE-2020-8616 // PACKETSTORM: 157784 // PACKETSTORM: 158805 // PACKETSTORM: 157759 // PACKETSTORM: 158130 // PACKETSTORM: 157864 // PACKETSTORM: 158720 // PACKETSTORM: 157890 // JVNDB: JVNDB-2020-000036 // CNNVD: CNNVD-202005-917 // NVD: CVE-2020-8616

REFERENCES

url:	https://usn.ubuntu.com/4365-1/	Trust: 1.8
url:	http://www.nxnsattack.com	Trust: 1.7
url:	https://kb.isc.org/docs/cve-2020-8616	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2020/05/19/4	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4689	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200522-0002/	Trust: 1.7
url:	https://usn.ubuntu.com/4365-2/	Trust: 1.7
url:	https://www.synology.com/security/advisory/synology_sa_20_12	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8616	Trust: 1.3
url:	https://access.redhat.com/security/cve/cve-2020-8616	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5591	Trust: 0.8
url:	https://jprs.jp/tech/security/2020-05-20-bind9-vuln-processing-referrals.html	Trust: 0.8
url:	https://jvn.jp/jp/jvn40208370/index.html	Trust: 0.8
url:	http://www.nxnsattack.com/	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8617	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-bind-affect-aix-cve-2020-8616-and-cve-2020-8617/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158134/red-hat-security-advisory-2020-2449-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158908/red-hat-security-advisory-2020-3475-01.html	Trust: 0.6
url:	https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000036.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158844/red-hat-security-advisory-2020-3433-01.html	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-01-ddos-cn	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2267/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affected-by-cve-2020-8616-and-cve-2020-8617/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158806/red-hat-security-advisory-2020-3379-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2794/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1893.4/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158720/red-hat-security-advisory-2020-3272-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2744/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2833/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48083	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2108/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2649/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157921/red-hat-security-advisory-2020-2383-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1932/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1777.2/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management/	Trust: 0.6
url:	https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-027.pdf	Trust: 0.6
url:	https://vigilance.fr/vulnerability/isc-bind-two-vulnerabilities-32300	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v10-is-impacted-by-denial-of-service-vulnerabilities-in-crunchy-kernel-cve-2020-8616-cve-2020-8617/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157759/ubuntu-security-notice-usn-4365-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2593/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1893.5/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157864/red-hat-security-advisory-2020-2338-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/157784/ubuntu-security-notice-usn-4365-2.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0174/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1905/	Trust: 0.6
url:	https://packetstormsecurity.com/files/157890/red-hat-security-advisory-2020-2345-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1777/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1820/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1886/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve-2020-8616-and-cve-2020-8617/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3522/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1975/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158276/red-hat-security-advisory-2020-2595-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-ibm-integrated-analytics-system/	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.5
url:	https://bugzilla.redhat.com/):	Trust: 0.5
url:	https://access.redhat.com/security/team/contact/	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-8617	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://usn.ubuntu.com/4365-1	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/400.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3433	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://security.archlinux.org/cve-2020-8616	Trust: 0.1
url:	https://usn.ubuntu.com/4365-2	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3378	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.11.5.p4+dfsg-5.1ubuntu2.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-8ubuntu1.16	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.12	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.3/updating/updating-cluster	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2439	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1750	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1750	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2338	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3272	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:2345	Trust: 0.1

CREDITS

Red Hat

Trust: 1.1

sources: PACKETSTORM: 158805 // PACKETSTORM: 158130 // PACKETSTORM: 157864 // PACKETSTORM: 158720 // PACKETSTORM: 157890 // CNNVD: CNNVD-202005-917

SOURCES

db:	VULMON	id:	CVE-2020-8616
db:	PACKETSTORM	id:	157784
db:	PACKETSTORM	id:	158805
db:	PACKETSTORM	id:	157759
db:	PACKETSTORM	id:	158130
db:	PACKETSTORM	id:	157864
db:	PACKETSTORM	id:	158720
db:	PACKETSTORM	id:	157890
db:	JVNDB	id:	JVNDB-2020-000036
db:	CNNVD	id:	CNNVD-202005-917
db:	NVD	id:	CVE-2020-8616

LAST UPDATE DATE

2025-06-24T20:09:52.823000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-8616	date:	2020-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2020-000036	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202005-917	date:	2021-01-15T00:00:00
db:	NVD	id:	CVE-2020-8616	date:	2024-11-21T05:39:07.857

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-8616	date:	2020-05-19T00:00:00
db:	PACKETSTORM	id:	157784	date:	2020-05-20T20:08:05
db:	PACKETSTORM	id:	158805	date:	2020-08-10T14:26:57
db:	PACKETSTORM	id:	157759	date:	2020-05-19T14:42:09
db:	PACKETSTORM	id:	158130	date:	2020-06-17T21:44:50
db:	PACKETSTORM	id:	157864	date:	2020-05-28T19:35:27
db:	PACKETSTORM	id:	158720	date:	2020-08-03T17:14:20
db:	PACKETSTORM	id:	157890	date:	2020-06-01T16:51:25
db:	JVNDB	id:	JVNDB-2020-000036	date:	2020-06-05T00:00:00
db:	CNNVD	id:	CNNVD-202005-917	date:	2020-05-19T00:00:00
db:	NVD	id:	CVE-2020-8616	date:	2020-05-19T14:15:11.877