Severity Rating: Medium
Software Affected
· ISC BIND versions 9.11.14 to 9.11.19
· ISC BIND versions 9.14.9 to 9.14.12
· ISC BIND versions 9.16.0 to 9.16.3
· ISC BIND versions 9.11.14-S1 to 9.11.19-S1
Overview
Multiple vulnerabilities have been reported in ISC BIND which could allow a
remote attacker to cause denial of service conditions on a targeted system.
Description
1. Denial of Service Vulnerability ( CVE-2020-8618 )
This vulnerability exists in BIND due to an error in rdataset.c. A remote
attacker could exploit this vulnerability by sending zone data of a
specially constructed zone to the affected server via zone transfer.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.
2. Denial of Service Vulnerability ( CVE-2020-8619 )
This vulnerability exists in BIND due to an error in rbtdb.c. A remote
attacker could exploit this vulnerability by changing zone content to
introduce a specially crafted record.
Successful exploitation of this vulnerability could allow the attacker to
cause denial of service conditions on the targeted system.
Solution
Update to the latest versions as available at the following URL:
Vendor Information
ISC
References
Debian Security Tracker
CVE Name
CVE-2020-8618
CVE-2020-8619
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.