Severity Rating: HIGH
Software Affected
•ISC BIND versions 9.0.0 to 9.11.18
•ISC BIND versions 9.12.0 to 9.12.4-P2
•ISC BIND versions9.13.x
•ISC BIND versions9.14.0 to 9.14.11
•ISC BIND versions9.15.x
•ISC BIND versions9.16.0 to 9.16.2
•ISC BIND versions 9.17.0 to 9.17.1
•ISC BIND versions 9.9.3-S1 to 9.11.18-S1
Overview
Multiple vulnerabilities have been reported in ISC BIND which could allow a
remote attacker to cause denial of service conditions on a targeted system.
Description
1. Denial of Service Vulnerability ( CVE-2020-8617 )
This vulnerability exists in BIND due to a logic error in tsig.c. A remote
attacker could exploit this vulnerability by sending a specially crafted
message to the affected server.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.
2. Denial of Service (Performance degradation)Vulnerability ( CVE-2020-8616
)
This vulnerability exists in BIND due to insufficient limiting of the
number of fetches performed when processing referrals. A remote attacker
could exploit this vulnerability by using specially crafted referrals.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service (performance degradation) conditions on the
targeted system. The attacker may also exploit this vulnerability to use
the recursing server as a reflector in a reflection attack with a high
amplification factor.
Solution
Update to the latest versions as available at the following URL:
Vendor Information
ISC
References
Debian
IBM X-Force Exchange
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.
![Fwd: [CIAD-2020-0030] Multiple Vulnerabilities in SAP products](http://3.bp.blogspot.com/-ZRo8fwgs65M/UZC2jMJpcLI/AAAAAAAAC5Y/EfoFQsr1wzU/s1600/BS+No+Image.gif )