Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-8616
HistoryMay 19, 2020 - 12:00 a.m.

CVE-2020-8616

2020-05-1900:00:00
ubuntu.com
ubuntu.com
31
vulnerability
server
performance
exploitation
reflection attack
amplification
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.016

Percentile

87.9%

A malicious actor who intentionally exploits this lack of effective
limitation on the number of fetches performed when processing referrals
can, through the use of specially crafted referrals, cause a recursing
server to issue a very large number of fetches in an attempt to process the
referral. This has at least two potential effects: The performance of the
recursing server can potentially be degraded by the additional work
required to perform these fetches, and The attacker can exploit this
behavior to use the recursing server as a reflector in a reflection attack
with a high amplification factor.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchbind9< 1:9.11.3+dfsg-1ubuntu1.12UNKNOWN
ubuntu19.10noarchbind9< 1:9.11.5.P4+dfsg-5.1ubuntu2.2UNKNOWN
ubuntu20.04noarchbind9< 1:9.16.1-0ubuntu2.1UNKNOWN
ubuntu14.04noarchbind9< 1:9.9.5.dfsg-3ubuntu0.19+esm2UNKNOWN
ubuntu16.04noarchbind9< 1:9.10.3.dfsg.P4-8ubuntu1.16UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS

0.016

Percentile

87.9%