VAR-202005-1028
Vulnerability from variot - Updated: 2025-12-21 23:12A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks. ISC (Internet Systems Consortium) Provides BIND There are multiple vulnerabilities in. * DNS Insufficient control of name resolution behavior - CVE-2020-8616 * tsig.c Assertion error occurs - CVE-2020-8617The expected impact depends on each vulnerability, but it may be affected as follows.
CVE-2019-6477
It was discovered that TCP-pipelined queries can bypass tcp-client
limits resulting in denial of service.
For the oldstable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u6.
For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u1.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39 tMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF lOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR inKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s kUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp HokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV ssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF Rx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/ FK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o ye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp WIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs= =SqNI -----END PGP SIGNATURE----- . 8.0) - aarch64, ppc64le, s390x, x86_64
-
7.2) - x86_64
-
Bugs fixed (https://bugzilla.redhat.com/):
1808130 - CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: bind security update Advisory ID: RHSA-2020:2383-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:2383 Issue date: 2020-06-03 CVE Names: CVE-2020-8616 CVE-2020-8617 ==================================================================== 1. Summary:
An update for bind is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
-
bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
-
bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals 1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: bind-9.8.2-0.68.rc1.el6_10.7.src.rpm
i386: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpm
x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: bind-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm
x86_64: bind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: bind-9.8.2-0.68.rc1.el6_10.7.src.rpm
x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: bind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: bind-9.8.2-0.68.rc1.el6_10.7.src.rpm
i386: bind-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpm
ppc64: bind-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.ppc.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm
s390x: bind-9.8.2-0.68.rc1.el6_10.7.s390x.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.s390x.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390x.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.s390.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.s390x.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.s390x.rpm
x86_64: bind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm
ppc64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.ppc.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm
s390x: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390x.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.s390.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.s390x.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.s390x.rpm
x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: bind-9.8.2-0.68.rc1.el6_10.7.src.rpm
i386: bind-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpm
x86_64: bind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm
x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/cve/CVE-2020-8617 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXteuh9zjgjWX9erEAQjhxQ/+PL7bo3TtFwbNYEFL0/ZVk20YNr/LG932 XcJv6cp9+fWD0tT+INaTqchX3kq7AxTCY53WOwFDyOrBkfWyVwOCgrbxTmqkpE++ 3/MLrGjBlIuKJqmxiFD0HhTQPj1Clmvw37s+U5GfUgTlSOghPzWVsXtdftZR6enA eMNXF0KFd0BXYbTG4dyAUCwtQuXOtn3xbPFN7JQr6jKDmgjYB7lmLLU1KNk4eLko eCQuAKRWIrRDa5jT41vKnAnB+DnIdmdEY1P49R5iNvPhZqjjGYdUDdRI8sL8Y8OH dTNPz1cfQ9JA5dJd7gr840TjXphKnrbP+eC7aFZlkuol4Q7QMZtiXopmtwaUc2/l hpYyMc3mcftZkzbO5/XRUV2aCNYUaQ1rWosaZQfN9njzZmu/jGUmI2DryCwxL9v1 VGzjGRc/FIXKIjk4/kPwn9gPLCNqFdedA1NKVzXQpbfty5X8smREYDzJSuVLEhc7 LEw+Hr4biPA4PRGnRu7Kvss0jsl1uY2s8O02nHlsbmiWQ3d0xCLITAW0+pCM8sv9 TEx9y2CHkSfH1z6OaRvKZzhLYkPXPqdaMQLRVj30/kO+aGDGjRDw46BuvK5pDIKu Q3+smtIShSGf5A1JmGHVaVohzDruMGcdRv6n2QjjQkvxp6TcB90psfuElsxCgylh 2ChAmz6lNU8=PFAN -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.3) - noarch, x86_64
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution:
For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.25, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.10.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.15.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.2"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.5"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.3"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.13.7"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.4"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.15.6"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.7"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.6"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.14.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.10.7"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.9.3"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.8"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.0.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.18"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.4"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.13.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.14.11"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.1"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.10.0 \u304b\u3089 1.10.8"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.11.0 \u304b\u3089 1.11.4"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.7.0 \u304b\u3089 1.7.18"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.7.0 \u306e\u5168\u3066"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.8.0 \u304b\u3089 1.8.23"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "9.11.0 \u304b\u3089 9.11.18"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "9.12.0 \u304b\u3089 9.12.4-p2"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "9.14.0 \u304b\u3089 9.14.11"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "9.16.0 \u304b\u3089 9.16.2"
},
{
"model": "bind",
"scope": "eq",
"trust": 0.8,
"vendor": "isc",
"version": "supported preview edition 9.9.3-s1 \u304b\u3089 9.11.18-s1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:misc:xack_xack_dns",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "157966"
},
{
"db": "PACKETSTORM",
"id": "158899"
},
{
"db": "PACKETSTORM",
"id": "158276"
},
{
"db": "PACKETSTORM",
"id": "157921"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
}
],
"trust": 1.2
},
"cve": "CVE-2020-8616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000036",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8616",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000036",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004591",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-004591",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-004591",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2020-8616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000036",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-917",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-8616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. \u30fb Abuse the full resolver as a stepping stone for reflection attacks. ISC (Internet Systems Consortium) Provides BIND There are multiple vulnerabilities in. * DNS Insufficient control of name resolution behavior - CVE-2020-8616 * tsig.c Assertion error occurs - CVE-2020-8617The expected impact depends on each vulnerability, but it may be affected as follows. \n\nCVE-2019-6477\n\n It was discovered that TCP-pipelined queries can bypass tcp-client\n limits resulting in denial of service. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1:9.10.3.dfsg.P4-12.3+deb9u6. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:9.11.5.P4+dfsg-5.1+deb10u1. \n\nWe recommend that you upgrade your bind9 packages. \n\nFor the detailed security status of bind9 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39\ntMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF\nlOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR\ninKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s\nkUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp\nHokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV\nssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF\nRx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/\nFK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o\nye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp\nWIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs=\n=SqNI\n-----END PGP SIGNATURE-----\n. 8.0) - aarch64, ppc64le, s390x, x86_64\n\n3. 7.2) - x86_64\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1808130 - CVE-2020-1750 machine-config-operator-container: mmap stressor makes the cluster unresponsive\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: bind security update\nAdvisory ID: RHSA-2020:2383-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2383\nIssue date: 2020-06-03\nCVE Names: CVE-2020-8616 CVE-2020-8617\n====================================================================\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* bind: BIND does not sufficiently limit the number of fetches performed\nwhen processing referrals (CVE-2020-8616)\n\n* bind: A logic error in code which checks TSIG validity can be used to\ntrigger an assertion failure in tsig.c (CVE-2020-8617)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals\n1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nbind-9.8.2-0.68.rc1.el6_10.7.src.rpm\n\ni386:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nbind-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm\n\nx86_64:\nbind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nbind-9.8.2-0.68.rc1.el6_10.7.src.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nbind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nbind-9.8.2-0.68.rc1.el6_10.7.src.rpm\n\ni386:\nbind-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpm\n\nppc64:\nbind-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.ppc.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\n\ns390x:\nbind-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.s390.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\n\nx86_64:\nbind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm\n\nppc64:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.ppc.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.ppc64.rpm\n\ns390x:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.s390.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.s390x.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nbind-9.8.2-0.68.rc1.el6_10.7.src.rpm\n\ni386:\nbind-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.i686.rpm\n\nx86_64:\nbind-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-chroot-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-libs-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-utils-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.i686.rpm\n\nx86_64:\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-debuginfo-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.i686.rpm\nbind-devel-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\nbind-sdb-9.8.2-0.68.rc1.el6_10.7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8616\nhttps://access.redhat.com/security/cve/CVE-2020-8617\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXteuh9zjgjWX9erEAQjhxQ/+PL7bo3TtFwbNYEFL0/ZVk20YNr/LG932\nXcJv6cp9+fWD0tT+INaTqchX3kq7AxTCY53WOwFDyOrBkfWyVwOCgrbxTmqkpE++\n3/MLrGjBlIuKJqmxiFD0HhTQPj1Clmvw37s+U5GfUgTlSOghPzWVsXtdftZR6enA\neMNXF0KFd0BXYbTG4dyAUCwtQuXOtn3xbPFN7JQr6jKDmgjYB7lmLLU1KNk4eLko\neCQuAKRWIrRDa5jT41vKnAnB+DnIdmdEY1P49R5iNvPhZqjjGYdUDdRI8sL8Y8OH\ndTNPz1cfQ9JA5dJd7gr840TjXphKnrbP+eC7aFZlkuol4Q7QMZtiXopmtwaUc2/l\nhpYyMc3mcftZkzbO5/XRUV2aCNYUaQ1rWosaZQfN9njzZmu/jGUmI2DryCwxL9v1\nVGzjGRc/FIXKIjk4/kPwn9gPLCNqFdedA1NKVzXQpbfty5X8smREYDzJSuVLEhc7\nLEw+Hr4biPA4PRGnRu7Kvss0jsl1uY2s8O02nHlsbmiWQ3d0xCLITAW0+pCM8sv9\nTEx9y2CHkSfH1z6OaRvKZzhLYkPXPqdaMQLRVj30/kO+aGDGjRDw46BuvK5pDIKu\nQ3+smtIShSGf5A1JmGHVaVohzDruMGcdRv6n2QjjQkvxp6TcB90psfuElsxCgylh\n2ChAmz6lNU8=PFAN\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.3) - noarch, x86_64\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. Solution:\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.25, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information\n\n5",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "PACKETSTORM",
"id": "168830"
},
{
"db": "PACKETSTORM",
"id": "157966"
},
{
"db": "PACKETSTORM",
"id": "158899"
},
{
"db": "PACKETSTORM",
"id": "158276"
},
{
"db": "PACKETSTORM",
"id": "157921"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8616",
"trust": 4.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/05/19/4",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVN40208370",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92065932",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158276",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157921",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1932",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2744",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2593",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2267",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1893.4",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1777",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1886",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1905",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1777.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1893.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2649",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2794",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2108",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2833",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158908",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158720",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158806",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157784",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157759",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157864",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157890",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158844",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158134",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48083",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-8616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168830",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157966",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158899",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158900",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158131",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "PACKETSTORM",
"id": "168830"
},
{
"db": "PACKETSTORM",
"id": "157966"
},
{
"db": "PACKETSTORM",
"id": "158899"
},
{
"db": "PACKETSTORM",
"id": "158276"
},
{
"db": "PACKETSTORM",
"id": "157921"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"id": "VAR-202005-1028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2025-12-21T23:12:00.402000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-8616 (NXNSAttack) \u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "https://xack.co.jp/info/?ID=622"
},
{
"title": "CVE-2020-8616: BIND does not sufficiently limit the number of fetches performed when processing referrals",
"trust": 0.8,
"url": "https://kb.isc.org/docs/cve-2020-8616"
},
{
"title": "CVE-2020-8617: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c",
"trust": 0.8,
"url": "https://kb.isc.org/docs/cve-2020-8617"
},
{
"title": "ISC BIND Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119356"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203433 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202383 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: bind9 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4365-1"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203272 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203470 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202404 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203471 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203379 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202345 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202338 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: bind9 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4365-2"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203475 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202344 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203378 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2020-8616 CVE-2020-8617",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=381e66e05d75d93918e55cdaa636e1b0"
},
{
"title": "Debian Security Advisories: DSA-4689-1 bind9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=808ccb545c64882f6cfa960abf75abfa"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.8 openshift-enterprise-hyperkube-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202449 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202595 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1369",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1369"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.3.25 openshift-enterprise-hyperkube-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202441 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.3.25 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202439 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8616 log"
},
{
"title": "Arch Linux Advisories: [ASA-202005-13] bind: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-13"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1426",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1426"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ca8040b949152189bea3a3126afcd39"
},
{
"title": "Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203194 - Security Advisory"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pexip/os-bind9-libs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"trust": 1.7,
"url": "http://www.nxnsattack.com"
},
{
"trust": 1.7,
"url": "https://kb.isc.org/docs/cve-2020-8616"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_20_12"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
},
{
"trust": 1.6,
"url": "https://jprs.jp/tech/security/2020-05-20-bind9-vuln-processing-referrals.html"
},
{
"trust": 1.6,
"url": "http://www.nxnsattack.com/"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8616"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8616"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5591"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn40208370/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8616"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-8617"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu92065932"
},
{
"trust": 0.8,
"url": "https://jprs.jp/tech/security/2020-05-20-bind9-vuln-tsig.html"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8617"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8617"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-bind-affect-aix-cve-2020-8616-and-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158134/red-hat-security-advisory-2020-2449-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158908/red-hat-security-advisory-2020-3475-01.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000036.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158844/red-hat-security-advisory-2020-3433-01.html"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-01-ddos-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2267/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affected-by-cve-2020-8616-and-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158806/red-hat-security-advisory-2020-3379-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2794/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1893.4/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158720/red-hat-security-advisory-2020-3272-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2744/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2833/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48083"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2108/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2649/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157921/red-hat-security-advisory-2020-2383-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1932/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1777.2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management/"
},
{
"trust": 0.6,
"url": "https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-027.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/isc-bind-two-vulnerabilities-32300"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v10-is-impacted-by-denial-of-service-vulnerabilities-in-crunchy-kernel-cve-2020-8616-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157759/ubuntu-security-notice-usn-4365-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2593/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1893.5/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157864/red-hat-security-advisory-2020-2338-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157784/ubuntu-security-notice-usn-4365-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0174/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1905/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157890/red-hat-security-advisory-2020-2345-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1777/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1820/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1886/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve-2020-8616-and-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3522/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1975/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158276/red-hat-security-advisory-2020-2595-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-ibm-integrated-analytics-system/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-8616"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/bind9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6477"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3471"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.2/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1750"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.2/release_notes/ocp-4-2-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2383"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3470"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8555"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8555"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "PACKETSTORM",
"id": "168830"
},
{
"db": "PACKETSTORM",
"id": "157966"
},
{
"db": "PACKETSTORM",
"id": "158899"
},
{
"db": "PACKETSTORM",
"id": "158276"
},
{
"db": "PACKETSTORM",
"id": "157921"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "PACKETSTORM",
"id": "168830"
},
{
"db": "PACKETSTORM",
"id": "157966"
},
{
"db": "PACKETSTORM",
"id": "158899"
},
{
"db": "PACKETSTORM",
"id": "158276"
},
{
"db": "PACKETSTORM",
"id": "157921"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"date": "2020-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "168830"
},
{
"date": "2020-06-04T19:22:22",
"db": "PACKETSTORM",
"id": "157966"
},
{
"date": "2020-08-18T16:16:40",
"db": "PACKETSTORM",
"id": "158899"
},
{
"date": "2020-07-02T15:41:03",
"db": "PACKETSTORM",
"id": "158276"
},
{
"date": "2020-06-03T15:55:41",
"db": "PACKETSTORM",
"id": "157921"
},
{
"date": "2020-08-18T16:18:47",
"db": "PACKETSTORM",
"id": "158900"
},
{
"date": "2020-06-17T21:45:27",
"db": "PACKETSTORM",
"id": "158131"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"date": "2020-05-19T14:15:11.877000",
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"date": "2021-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"date": "2020-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004591"
},
{
"date": "2024-11-21T05:39:07.857000",
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XACK DNS Service operation interruption in (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.