var-202008-1139
Vulnerability from variot
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202008-19
https://security.gentoo.org/
Severity: Normal Title: BIND: Multiple vulnerabilities Date: August 29, 2020 Bugs: #738250 ID: 202008-19
Synopsis
Multiple vulnerabilities have been found in BIND, the worst of which could result in a Denial of Service condition.
Background
BIND (Berkeley Internet Name Domain) is a Name Server.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.16.6 >= 9.16.6
Description
Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All BIND users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/bind-9.16.6"
References
[ 1 ] CVE-2020-8620 https://nvd.nist.gov/vuln/detail/CVE-2020-8620 [ 2 ] CVE-2020-8621 https://nvd.nist.gov/vuln/detail/CVE-2020-8621 [ 3 ] CVE-2020-8622 https://nvd.nist.gov/vuln/detail/CVE-2020-8622 [ 4 ] CVE-2020-8623 https://nvd.nist.gov/vuln/detail/CVE-2020-8623 [ 5 ] CVE-2020-8624 https://nvd.nist.gov/vuln/detail/CVE-2020-8624
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202008-19
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ========================================================================== Ubuntu Security Notice USN-4468-1 August 21, 2020
bind9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Bind.
Software Description: - bind9: Internet Domain Name Server
Details:
Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8620)
Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8621)
Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. (CVE-2020-8622)
Lyu Chiy discovered that Bind incorrectly handled certain queries. (CVE-2020-8623)
Joop Boonen discovered that Bind incorrectly handled certain subdomain update-policy rules. A remote attacker granted privileges to change certain parts of a zone could use this issue to change other contents of the zone, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-8624)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: bind9 1:9.16.1-0ubuntu2.3
Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.13
Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.17
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4468-1 CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624
Package Information: https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.3 https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.13 https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.17
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202008-1139", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "dns server", "scope": "lt", "trust": 1.0, "vendor": "synology", "version": "2.2.2-5027" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.2" }, { "model": "steelstore cloud integrated storage", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "bind", "scope": "lte", "trust": 1.0, "vendor": "isc", "version": "9.17.3" }, { "model": "bind", "scope": "gte", "trust": 1.0, "vendor": "isc", "version": "9.17.0" }, { "model": "bind", "scope": "gte", "trust": 1.0, "vendor": "isc", "version": "9.14.0" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "20.04" }, { "model": "bind", "scope": "lte", "trust": 1.0, "vendor": "isc", "version": "9.16.5" } ], "sources": [ { "db": "NVD", "id": "CVE-2020-8621" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.16.5", "versionStartIncluding": "9.14.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.17.3", "versionStartIncluding": "9.17.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.2-5027", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-8621" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Gentoo", "sources": [ { "db": "PACKETSTORM", "id": "159004" }, { "db": "CNNVD", "id": "CNNVD-202008-1078" } ], "trust": 0.7 }, "cve": "CVE-2020-8621", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-186746", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2020-8621", "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-8621", "trust": 1.0, "value": "HIGH" }, { "author": "security-officer@isc.org", "id": "CVE-2020-8621", "trust": 1.0, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202008-1078", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-186746", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-8621", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-186746" }, { "db": "VULMON", "id": "CVE-2020-8621" }, { "db": "NVD", "id": "CVE-2020-8621" }, { "db": "NVD", "id": "CVE-2020-8621" }, { "db": "CNNVD", "id": "CNNVD-202008-1078" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In BIND 9.14.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, If a server is configured with both QNAME minimization and \u0027forward first\u0027 then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that \u0027forward only\u0027 are not affected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202008-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: BIND: Multiple vulnerabilities\n Date: August 29, 2020\n Bugs: #738250\n ID: 202008-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in BIND, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nBIND (Berkeley Internet Name Domain) is a Name Server. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/bind \u003c 9.16.6 \u003e= 9.16.6\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in BIND. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll BIND users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/bind-9.16.6\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-8620\n https://nvd.nist.gov/vuln/detail/CVE-2020-8620\n[ 2 ] CVE-2020-8621\n https://nvd.nist.gov/vuln/detail/CVE-2020-8621\n[ 3 ] CVE-2020-8622\n https://nvd.nist.gov/vuln/detail/CVE-2020-8622\n[ 4 ] CVE-2020-8623\n https://nvd.nist.gov/vuln/detail/CVE-2020-8623\n[ 5 ] CVE-2020-8624\n https://nvd.nist.gov/vuln/detail/CVE-2020-8624\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202008-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. ==========================================================================\nUbuntu Security Notice USN-4468-1\nAugust 21, 2020\n\nbind9 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Bind. \n\nSoftware Description:\n- bind9: Internet Domain Name Server\n\nDetails:\n\nEmanuel Almeida discovered that Bind incorrectly handled certain TCP\npayloads. This issue only affected Ubuntu\n20.04 LTS. (CVE-2020-8620)\n\nJoseph Gullo discovered that Bind incorrectly handled QNAME minimization\nwhen used in certain configurations. This\nissue only affected Ubuntu 20.04 LTS. (CVE-2020-8621)\n\nDave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind\nincorrectly handled certain truncated responses to a TSIG-signed request. (CVE-2020-8622)\n\nLyu Chiy discovered that Bind incorrectly handled certain queries. (CVE-2020-8623)\n\nJoop Boonen discovered that Bind incorrectly handled certain subdomain\nupdate-policy rules. A remote attacker granted privileges to change certain\nparts of a zone could use this issue to change other contents of the zone,\ncontrary to expectations. This issue only affected Ubuntu 18.04 LTS and\nUbuntu 20.04 LTS. (CVE-2020-8624)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n bind9 1:9.16.1-0ubuntu2.3\n\nUbuntu 18.04 LTS:\n bind9 1:9.11.3+dfsg-1ubuntu1.13\n\nUbuntu 16.04 LTS:\n bind9 1:9.10.3.dfsg.P4-8ubuntu1.17\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://usn.ubuntu.com/4468-1\n CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623,\n CVE-2020-8624\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.3\n https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.13\n https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.P4-8ubuntu1.17\n", "sources": [ { "db": "NVD", "id": "CVE-2020-8621" }, { "db": "VULHUB", "id": "VHN-186746" }, { "db": "VULMON", "id": "CVE-2020-8621" }, { "db": "PACKETSTORM", "id": "159004" }, { "db": "PACKETSTORM", "id": "158940" } ], "trust": 1.26 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-8621", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "159004", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "158940", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.3522", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202008-1078", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-186746", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2020-8621", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-186746" }, { "db": "VULMON", "id": "CVE-2020-8621" }, { "db": "PACKETSTORM", "id": "159004" }, { "db": "PACKETSTORM", "id": "158940" }, { "db": "NVD", "id": "CVE-2020-8621" }, { "db": "CNNVD", "id": "CNNVD-202008-1078" } ] }, "id": "VAR-202008-1139", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-186746" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:55:07.672000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": null, "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=126813" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-8621" }, { "db": "CNNVD", "id": "CNNVD-202008-1078" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-617", "trust": 1.1 }, { "problemtype": "CWE-20", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-186746" }, { "db": "NVD", "id": "CVE-2020-8621" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "https://security.gentoo.org/glsa/202008-19" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20200827-0003/" }, { "trust": 1.8, "url": "https://www.synology.com/security/advisory/synology_sa_20_19" }, { "trust": 1.8, "url": "https://kb.isc.org/docs/cve-2020-8621" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" }, { "trust": 1.8, "url": "https://usn.ubuntu.com/4468-1/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8621" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158940/ubuntu-security-notice-usn-4468-1.html" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159004/gentoo-linux-security-advisory-202008-19.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3522/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/isc-bind-denial-of-service-via-qname-minimization-33127" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8620" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8623" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/617.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://seclists.org/oss-sec/2020/q3/129" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssb-439005.txt" }, { "trust": 0.1, "url": "https://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://security.gentoo.org/" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.10.3.dfsg.p4-8ubuntu1.17" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.11.3+dfsg-1ubuntu1.13" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4468-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/bind9/1:9.16.1-0ubuntu2.3" } ], "sources": [ { "db": "VULHUB", "id": "VHN-186746" }, { "db": "VULMON", "id": "CVE-2020-8621" }, { "db": "PACKETSTORM", "id": "159004" }, { "db": "PACKETSTORM", "id": "158940" }, { "db": "NVD", "id": "CVE-2020-8621" }, { "db": "CNNVD", "id": "CNNVD-202008-1078" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-186746" }, { "db": "VULMON", "id": "CVE-2020-8621" }, { "db": "PACKETSTORM", "id": "159004" }, { "db": "PACKETSTORM", "id": "158940" }, { "db": "NVD", "id": "CVE-2020-8621" }, { "db": "CNNVD", "id": "CNNVD-202008-1078" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-08-21T00:00:00", "db": "VULHUB", "id": "VHN-186746" }, { "date": "2020-08-21T00:00:00", "db": "VULMON", "id": "CVE-2020-8621" }, { "date": "2020-08-31T14:39:46", "db": "PACKETSTORM", "id": "159004" }, { "date": "2020-08-21T21:44:34", "db": "PACKETSTORM", "id": "158940" }, { "date": "2020-08-21T21:15:12.167000", "db": "NVD", "id": "CVE-2020-8621" }, { "date": "2020-08-21T00:00:00", "db": "CNNVD", "id": "CNNVD-202008-1078" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-28T00:00:00", "db": "VULHUB", "id": "VHN-186746" }, { "date": "2022-04-28T00:00:00", "db": "VULMON", "id": "CVE-2020-8621" }, { "date": "2022-04-28T18:27:41.020000", "db": "NVD", "id": "CVE-2020-8621" }, { "date": "2022-04-29T00:00:00", "db": "CNNVD", "id": "CNNVD-202008-1078" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "158940" }, { "db": "CNNVD", "id": "CNNVD-202008-1078" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ISC BIND Input validation error vulnerability", "sources": [ { "db": "CNNVD", "id": "CNNVD-202008-1078" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202008-1078" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.