CVE-2020-8617

Description from NVD

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Information Acquisition Date:2021-04-27T10:43Z
CVSS 2.0: 5.0 MEDIUM CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD References

 https://kb.isc.org/docs/cve-2020-8617
     source:CONFIRM
     tags:Patch    Vendor Advisory    
 [oss-security] 20200519 Two vulnerabilities disclosed in BIND (CVE-2020-8616 and CVE-2020-8617)
     source:MLIST
     tags:Mailing List    Patch    Third Party Advisory    
 DSA-4689
     source:DEBIAN
     tags:Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20200522-0002/
     source:CONFIRM
     tags:Third Party Advisory    
 http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html
     source:MISC
     tags:
 USN-4365-2
     source:UBUNTU
     tags:
 USN-4365-1
     source:UBUNTU
     tags:
 [debian-lts-announce] 20200530 [SECURITY] [DLA 2227-1] bind9 security update
     source:MLIST
     tags:
 FEDORA-2020-2d89cbcfd9
     source:FEDORA
     tags:
 FEDORA-2020-f9dcd4e9d5
     source:FEDORA
     tags:
 openSUSE-SU-2020:1699
     source:SUSE
     tags:
 openSUSE-SU-2020:1701
     source:SUSE
     tags:

This vulnerability may involve a PoC.

Description from Forti

ISC BIND TSIG Assertion Failure DoS

This indicates an attack attempt to exploit a Denial Of Service Vulnerability in ISC BIND.The vulnerability is due to a fault in the DNS protocol when handling a crafted packet. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system.

Information Acquisition Date:2020/06/01

Affected Products

ISC BIND 9.0.0 - 9.11.18
ISC BIND 9.12.0 - 9.12.4-P2
ISC BIND 9.14.0 - 9.14.11
ISC BIND 9.16.0 - 9.16.2
ISC BIND 9.17.0 - 9.17.1 of the 9.17 experimental development branch
All releases in the obsolete 9.13 and 9.15 development branches.
All releases of BIND Supported Preview Edition from 9.9.3-S1 to 9.11.18-S1

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
https://kb.isc.org/docs/cve-2020-8617

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: BIND(4 tweets) Linux(2 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://lists.astaro.com/ASGV9-IPS-rules.html21
https://www.jpcert.or.jp/at/2020/at200023.html13
https://kb.isc.org/docs/cve-2020-861710
http://twinybots.ch10
https://jprs.jp/tech/security/2020-05-20-bind9-vuln-tsig.html6
https://www.ipa.go.jp/security/ciadr/vul/alert20200520.html6
https://knqyf263.hatenablog.com/entry/2020/05/21/0036456
https://ift.tt/2zc9SlO5
https://access.redhat.com/security/cve/CVE-2020-86174
https://github.com/knqyf263/CVE-2020-86173
https://twitter.com/OrangeMorishita/status/12627196694897254433
https://security.sios.com/vulnerability/bind-security-vulne...3
https://ipssignatures.appspot.com/?cve=CVE-2020-86173

Information from Twitter

User URL Info Source Date
threatintelctr https://nvd.nist.gov/vuln/detail/CVE-2020-8617 Source threatintelctr   1568301258179739648 2022/09/10
WolfgangSesin http://www.sesin.at Source WolfgangSesin    1568306102579650560 2022/09/10
WolfgangSesin https://www.sesin.at/2022/09/09/cve-2020-8617-bind-debian_l... Source WolfgangSesin    1568306102579650560 2022/09/10
www_sesin_at http://www.sesin.at Source www_sesin_at     1568306105138151425 2022/09/10
www_sesin_at https://www.sesin.at/2022/09/09/cve-2020-8617-bind-debian_l... Source www_sesin_at     1568306105138151425 2022/09/10
LinInfoSec https://kb.isc.org/docs/cve-2020-8617 Source LinInfoSec       1568313755376697347 2022/09/10

List of frequently cited URLs

URLNum of Times Referred to
lists.astaro.com21
www.jpcert.or.jp13
kb.isc.org10
twinybots.ch10
jprs.jp6
www.ipa.go.jp6
knqyf263.hatenablog.com6
ift.tt5
access.redhat.com4
github.com3
twitter.com3
security.sios.com3
ipssignatures.appspot.com3

Information from Twitter

User URL Info Source
threatintelctr nvd.nist.gov Show Tweet
WolfgangSesin sesin.at Show Tweet
WolfgangSesin sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
www_sesin_at sesin.at Show Tweet
LinInfoSec kb.isc.org Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2022/09/10 Score : 4
Added Har-sia Database : 2020/05/19
Last Modified : 2022/09/10
Highest Scored Date : 2020/05/21
Highest Score : 62