Main Vulnerability Database Exploits ID:2780 - Exploit for Reachable Assertion in ISC BIND - CVE-2020-8617

ID:2780 - Exploit for Reachable Assertion in ISC BIND - CVE-2020-8617

Published: May 26, 2020

Vulnerability identifier: #VU28123

Vulnerability risk: Medium

CVE-ID: CVE-2020-8617

CWE-ID: CWE-617

Exploitation vector: Remote access

Vulnerable software:
ISC BIND

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/dos/dns/bind_tsig_badtime

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when checking validity of messages containing TSIG resource records within tsig.c. A remote attacker can send a specially crafted message and cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.

Remediation

Install updates from vendor's website.

ID:2780 - Exploit for Reachable Assertion in ISC BIND - CVE-2020-8617

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human