Multiple vulnerabilities in ISC Bind



Published: 2020-05-20
Risk High
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2020-8617
CVE-2020-8616
CWE-ID CWE-617
CWE-399
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
ISC BIND
Server applications / DNS servers

Vendor ISC

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Reachable Assertion

EUVDB-ID: #VU28123

Risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2020-8617

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when checking validity of messages containing TSIG resource records within tsig.c. A remote attacker can send a specially crafted message and cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ISC BIND: 9.0.0 - 9.17.1

External links

http://kb.isc.org/docs/cve-2020-8617
http://www.openwall.com/lists/oss-security/2020/05/19/4


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

2) Resource management error

EUVDB-ID: #VU28121

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8616

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the applicatoin. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ISC BIND: 9.0.0 - 9.17.1

External links

http://www.nxnsattack.com
http://www.openwall.com/lists/oss-security/2020/05/19/4
http://kb.isc.org/docs/cve-2020-8616


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###