Severity Rating: High 
Software Affected 
•BIND 9.16.x versions from 9.16.0 to 9.16.2
•BIND 9.14.x versions from 9.14.0 to 9.14.11
•BIND 9.11.x versions from 9.11.0 to 9.11.18
•BIND Supported Preview Edition from 9.9.3-S1 to 9.11.18-S1
•BIND 9 versions prior to 9.10.x, 9.12.x, 9.13.x and 9.15.x
(non-supported), and development branch versions 9.17.x
•NLnet Labs Unbound up to 1.10.0
NIC.CZ Knot Resolver before 5.1.1
•PowerDNSRecursor from 4.1.0 through 4.3.0 

Other products implementing the vulnerable DNS protocol may also be
affected.

Overview 
A vulnerability has been reported in the DNS protocol, which could be
exploited by a remote attacker to amplify network traffic (1620x) by
sending DNS queries to a vulnerable resolver, which queries an
authoritative server controller by the attacker (NXNSAttack). 

Description
This vulnerability abuses DNS delegation mechanism to force DNS resolvers
to generate more DNS queries to authoritative servers controlled by
attacker. This attack, known as NoneXistentNameServers Attack (NXNSAttack),
can result in an amplification factor of over 1620. The attack also
saturates the ¿NS¿ resolver caches. 

The attacker sends such a request multiple times over a long period of
time, which generates huge quantity of requests between the DNS servers,
which are subsequently overwhelmed and unable to respond to the legitimate
requests of actual legitimate users.

Solution 
•Apply appropriate patches/updates as recommended by respective vendors.

Vendor Information
PowerDNS
20-01.html
ISC BIND
NLnet Labs 
Knot Resolver
Microsoft 
9

References

kind-of-random-subdomain-attack/
20-01.html

CVE Name
CVE-2020-8616
CVE-2020-10995
CVE-2020-12662
CVE-2020-12663
CVE-2020-12667

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

View all posts [..]

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top