Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-8617
HistoryMay 19, 2020 - 12:00 a.m.

CVE-2020-8617

2020-05-1900:00:00
ubuntu.com
ubuntu.com
55
bind
server vulnerability
cve-2020-8617
inconsistent state
tsig key
assertion check
harmful results
unix

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.972

Percentile

99.9%

Using a specially-crafted message, an attacker may potentially cause a BIND
server to reach an inconsistent state if the attacker knows (or
successfully guesses) the name of a TSIG key used by the server. Since
BIND, by default, configures a local session key even on servers whose
configuration does not otherwise make use of it, almost all current BIND
servers are vulnerable. In releases of BIND dating from March 2018 and
after, an assertion check in tsig.c detects this inconsistent state and
deliberately exits. Prior to the introduction of the check the server would
continue operating in an inconsistent state, with potentially harmful
results.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchbind9< 1:9.11.3+dfsg-1ubuntu1.12UNKNOWN
ubuntu19.10noarchbind9< 1:9.11.5.P4+dfsg-5.1ubuntu2.2UNKNOWN
ubuntu20.04noarchbind9< 1:9.16.1-0ubuntu2.1UNKNOWN
ubuntu14.04noarchbind9< 1:9.9.5.dfsg-3ubuntu0.19+esm2UNKNOWN
ubuntu16.04noarchbind9< 1:9.10.3.dfsg.P4-8ubuntu1.16UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.972

Percentile

99.9%