8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.972 High
EPSS
Percentile
99.8%
Issue Overview:
An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. (CVE-2020-8617)
A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)
Affected Packages:
bind
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update bind to update your system.
New Packages:
aarch64:
bind-9.11.4-9.P2.amzn2.0.3.aarch64
bind-pkcs11-9.11.4-9.P2.amzn2.0.3.aarch64
bind-pkcs11-utils-9.11.4-9.P2.amzn2.0.3.aarch64
bind-pkcs11-libs-9.11.4-9.P2.amzn2.0.3.aarch64
bind-pkcs11-devel-9.11.4-9.P2.amzn2.0.3.aarch64
bind-sdb-9.11.4-9.P2.amzn2.0.3.aarch64
bind-libs-lite-9.11.4-9.P2.amzn2.0.3.aarch64
bind-libs-9.11.4-9.P2.amzn2.0.3.aarch64
bind-utils-9.11.4-9.P2.amzn2.0.3.aarch64
bind-devel-9.11.4-9.P2.amzn2.0.3.aarch64
bind-lite-devel-9.11.4-9.P2.amzn2.0.3.aarch64
bind-chroot-9.11.4-9.P2.amzn2.0.3.aarch64
bind-sdb-chroot-9.11.4-9.P2.amzn2.0.3.aarch64
bind-export-libs-9.11.4-9.P2.amzn2.0.3.aarch64
bind-export-devel-9.11.4-9.P2.amzn2.0.3.aarch64
bind-debuginfo-9.11.4-9.P2.amzn2.0.3.aarch64
i686:
bind-9.11.4-9.P2.amzn2.0.3.i686
bind-pkcs11-9.11.4-9.P2.amzn2.0.3.i686
bind-pkcs11-utils-9.11.4-9.P2.amzn2.0.3.i686
bind-pkcs11-libs-9.11.4-9.P2.amzn2.0.3.i686
bind-pkcs11-devel-9.11.4-9.P2.amzn2.0.3.i686
bind-sdb-9.11.4-9.P2.amzn2.0.3.i686
bind-libs-lite-9.11.4-9.P2.amzn2.0.3.i686
bind-libs-9.11.4-9.P2.amzn2.0.3.i686
bind-utils-9.11.4-9.P2.amzn2.0.3.i686
bind-devel-9.11.4-9.P2.amzn2.0.3.i686
bind-lite-devel-9.11.4-9.P2.amzn2.0.3.i686
bind-chroot-9.11.4-9.P2.amzn2.0.3.i686
bind-sdb-chroot-9.11.4-9.P2.amzn2.0.3.i686
bind-export-libs-9.11.4-9.P2.amzn2.0.3.i686
bind-export-devel-9.11.4-9.P2.amzn2.0.3.i686
bind-debuginfo-9.11.4-9.P2.amzn2.0.3.i686
noarch:
bind-license-9.11.4-9.P2.amzn2.0.3.noarch
src:
bind-9.11.4-9.P2.amzn2.0.3.src
x86_64:
bind-9.11.4-9.P2.amzn2.0.3.x86_64
bind-pkcs11-9.11.4-9.P2.amzn2.0.3.x86_64
bind-pkcs11-utils-9.11.4-9.P2.amzn2.0.3.x86_64
bind-pkcs11-libs-9.11.4-9.P2.amzn2.0.3.x86_64
bind-pkcs11-devel-9.11.4-9.P2.amzn2.0.3.x86_64
bind-sdb-9.11.4-9.P2.amzn2.0.3.x86_64
bind-libs-lite-9.11.4-9.P2.amzn2.0.3.x86_64
bind-libs-9.11.4-9.P2.amzn2.0.3.x86_64
bind-utils-9.11.4-9.P2.amzn2.0.3.x86_64
bind-devel-9.11.4-9.P2.amzn2.0.3.x86_64
bind-lite-devel-9.11.4-9.P2.amzn2.0.3.x86_64
bind-chroot-9.11.4-9.P2.amzn2.0.3.x86_64
bind-sdb-chroot-9.11.4-9.P2.amzn2.0.3.x86_64
bind-export-libs-9.11.4-9.P2.amzn2.0.3.x86_64
bind-export-devel-9.11.4-9.P2.amzn2.0.3.x86_64
bind-debuginfo-9.11.4-9.P2.amzn2.0.3.x86_64
Red Hat: CVE-2020-8616, CVE-2020-8617
Mitre: CVE-2020-8616, CVE-2020-8617
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.972 High
EPSS
Percentile
99.8%