var-202005-1028
Vulnerability from variot
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. ・ Abuse the full resolver as a stepping stone for reflection attacks. ========================================================================= Ubuntu Security Notice USN-4365-2 May 20, 2020
bind9 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details:
Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616)
Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: bind9 1:9.9.5.dfsg-3ubuntu0.19+esm2
Ubuntu 12.04 ESM: bind9 1:9.8.1.dfsg.P1-4ubuntu0.30
In general, a standard system update will make all the necessary changes. 6.6) - x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: bind security update Advisory ID: RHSA-2020:3433-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3433 Issue date: 2020-08-12 CVE Names: CVE-2020-8616 CVE-2020-8617 ==================================================================== 1. Summary:
An update for bind is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64
- Description:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
-
bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616)
-
bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, the BIND daemon (named) will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals 1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: bind-9.9.4-51.el7_4.4.src.rpm
noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm
x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.4):
Source: bind-9.9.4-51.el7_4.4.src.rpm
noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm
ppc64le: bind-9.9.4-51.el7_4.4.ppc64le.rpm bind-chroot-9.9.4-51.el7_4.4.ppc64le.rpm bind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm bind-libs-9.9.4-51.el7_4.4.ppc64le.rpm bind-libs-lite-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.ppc64le.rpm bind-utils-9.9.4-51.el7_4.4.ppc64le.rpm
x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.4):
Source: bind-9.9.4-51.el7_4.4.src.rpm
noarch: bind-license-9.9.4-51.el7_4.4.noarch.rpm
x86_64: bind-9.9.4-51.el7_4.4.x86_64.rpm bind-chroot-9.9.4-51.el7_4.4.x86_64.rpm bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-9.9.4-51.el7_4.4.i686.rpm bind-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-libs-lite-9.9.4-51.el7_4.4.i686.rpm bind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm bind-utils-9.9.4-51.el7_4.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.4):
ppc64le: bind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm bind-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-lite-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.ppc64le.rpm bind-sdb-9.9.4-51.el7_4.4.ppc64le.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.ppc64le.rpm
x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.4):
x86_64: bind-debuginfo-9.9.4-51.el7_4.4.i686.rpm bind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm bind-devel-9.9.4-51.el7_4.4.i686.rpm bind-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-lite-devel-9.9.4-51.el7_4.4.i686.rpm bind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm bind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-9.9.4-51.el7_4.4.x86_64.rpm bind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-8616 https://access.redhat.com/security/cve/CVE-2020-8617 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXzPV8dzjgjWX9erEAQgCUA//dmZr/zZbkimNYOaBBZ00RvF26rGRA7yV yVgYREXrAF1lgd78GDJ7rL0Y1r7rIursw/la069kK4F8efbSG4o8b4VUtC85+E+Q O6crm0Dm17ns4a5ix97uliNk+H9tyjKPVW4aQFJujhSD+Dx5y9bOByfv8HFI4oh3 tCWmgFoPjcEpWMuIGR1saqrbFWN1Ukz3867jCLaWUr8b4A7XxngDPwd7qtceLpSW jYt5OaTIhOV3kjICJ5jY69S1D5Ab17/ObGfaq8nOJcRin+XvZgcfgWt00QI+mYkA ex63m8aGGE3o32MCS/6wsGY/4vP8U7XNe19f9JQTG8ZA4S/PdUJW7y5oRFEWgHg7 HtveWp+EkGyOB1HU7dRVVBP1lhMaWlz55WjhBoNc6xjV7Zi3IU/W1O85AOL8VtxX XzI6Gk+FWFOgocfLh7DexFOj+4iCtX7Ew3862PPwME1bXh4ijlKgkYvcotJCLCL6 IQGGLWIjIT8BBr1avjTBn998XBx3UxFzyo4QyQRB38fzKaYRXbMPXNWSmlq1CtA3 U0m5D2TVZGgVEH7/jlWHWzhNpO1TfhHEyyIDHWBpobATTVvToHeCdcQsDbZpuT3/ 8jdswGAx+PKQJI4Q4sPzsfXrXbUew/aS2kybTrkKVuGntIvY0C1EcLYZjbNHEKcG e/FXzzEtVBw\xd4RR -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7) - aarch64, ppc64le, s390x
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Solution:
For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for release 4.3.25, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/):
1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
CVE-2019-6477
It was discovered that TCP-pipelined queries can bypass tcp-client
limits resulting in denial of service.
For the oldstable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u6.
For the stable distribution (buster), these problems have been fixed in version 1:9.11.5.P4+dfsg-5.1+deb10u1.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39 tMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF lOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR inKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s kUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp HokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV ssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF Rx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/ FK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o ye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp WIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs= =SqNI -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-1028",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.10.7"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.7"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.5"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.2"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.1"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.13.0"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.17.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.13.7"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.18"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.14.11"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.14.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.4"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.0.0"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.15.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.12.4"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.6"
},
{
"model": "bind",
"scope": "gte",
"trust": 1.0,
"vendor": "isc",
"version": "9.16.0"
},
{
"model": "bind",
"scope": "lte",
"trust": 1.0,
"vendor": "isc",
"version": "9.15.6"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.10.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.8"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.11.3"
},
{
"model": "bind",
"scope": "eq",
"trust": 1.0,
"vendor": "isc",
"version": "9.9.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.10.0 \u304b\u3089 1.10.8"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.11.0 \u304b\u3089 1.11.4"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.7.0 \u304b\u3089 1.7.18"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.7.0 \u306e\u5168\u3066"
},
{
"model": "dns",
"scope": "eq",
"trust": 0.8,
"vendor": "xack",
"version": "1.8.0 \u304b\u3089 1.8.23"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:misc:xack_xack_dns",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "158805"
},
{
"db": "PACKETSTORM",
"id": "158844"
},
{
"db": "PACKETSTORM",
"id": "158134"
},
{
"db": "PACKETSTORM",
"id": "158908"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
}
],
"trust": 1.2
},
"cve": "CVE-2020-8616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-8616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000036",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-8616",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-000036",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-8616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security-officer@isc.org",
"id": "CVE-2020-8616",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2020-000036",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-917",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-8616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. XACK DNS Is a corporation XACK Provides DNS Software for servers. XACK DNS In general NXNSAttack Service disruption due to a problem called (DoS) There are vulnerabilities that can be attacked. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. IPA Report to JPCERT/CC Coordinated with the developer.The following service operation interruptions by a remote third party (DoS) You may be attacked. -Increases the load of the full resolver and reduces performance. \u30fb Abuse the full resolver as a stepping stone for reflection attacks. =========================================================================\nUbuntu Security Notice USN-4365-2\nMay 20, 2020\n\nbind9 vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Bind. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. \nOriginal advisory details:\n\n Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind\n incorrectly limited certain fetches. A remote attacker could possibly use\n this issue to cause Bind to consume resources, leading to a denial of\n service, or possibly use Bind to perform a reflection attack. \n (CVE-2020-8616)\n\n Tobias Klein discovered that Bind incorrectly handled checking TSIG\n validity. A remote attacker could use this issue to cause Bind to crash,\n resulting in a denial of service, or possibly perform other attacks. \n (CVE-2020-8617)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n bind9 1:9.9.5.dfsg-3ubuntu0.19+esm2\n\nUbuntu 12.04 ESM:\n bind9 1:9.8.1.dfsg.P1-4ubuntu0.30\n\nIn general, a standard system update will make all the necessary changes. 6.6) - x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: bind security update\nAdvisory ID: RHSA-2020:3433-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:3433\nIssue date: 2020-08-12\nCVE Names: CVE-2020-8616 CVE-2020-8617\n====================================================================\n1. Summary:\n\nAn update for bind is now available for Red Hat Enterprise Linux 7.4\nAdvanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.4 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - noarch, x86_64\n\n3. Description:\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly. \n\nSecurity Fix(es):\n\n* bind: BIND does not sufficiently limit the number of fetches performed\nwhen processing referrals (CVE-2020-8616)\n\n* bind: A logic error in code which checks TSIG validity can be used to\ntrigger an assertion failure in tsig.c (CVE-2020-8617)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1836118 - CVE-2020-8616 bind: BIND does not sufficiently limit the number of fetches performed when processing referrals\n1836124 - CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nbind-9.9.4-51.el7_4.4.src.rpm\n\nnoarch:\nbind-license-9.9.4-51.el7_4.4.noarch.rpm\n\nx86_64:\nbind-9.9.4-51.el7_4.4.x86_64.rpm\nbind-chroot-9.9.4-51.el7_4.4.x86_64.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.i686.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm\nbind-libs-9.9.4-51.el7_4.4.i686.rpm\nbind-libs-9.9.4-51.el7_4.4.x86_64.rpm\nbind-libs-lite-9.9.4-51.el7_4.4.i686.rpm\nbind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm\nbind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm\nbind-utils-9.9.4-51.el7_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nbind-9.9.4-51.el7_4.4.src.rpm\n\nnoarch:\nbind-license-9.9.4-51.el7_4.4.noarch.rpm\n\nppc64le:\nbind-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-chroot-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-libs-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-libs-lite-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-pkcs11-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-pkcs11-libs-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-pkcs11-utils-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-utils-9.9.4-51.el7_4.4.ppc64le.rpm\n\nx86_64:\nbind-9.9.4-51.el7_4.4.x86_64.rpm\nbind-chroot-9.9.4-51.el7_4.4.x86_64.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.i686.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm\nbind-libs-9.9.4-51.el7_4.4.i686.rpm\nbind-libs-9.9.4-51.el7_4.4.x86_64.rpm\nbind-libs-lite-9.9.4-51.el7_4.4.i686.rpm\nbind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm\nbind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm\nbind-utils-9.9.4-51.el7_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nbind-9.9.4-51.el7_4.4.src.rpm\n\nnoarch:\nbind-license-9.9.4-51.el7_4.4.noarch.rpm\n\nx86_64:\nbind-9.9.4-51.el7_4.4.x86_64.rpm\nbind-chroot-9.9.4-51.el7_4.4.x86_64.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.i686.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm\nbind-libs-9.9.4-51.el7_4.4.i686.rpm\nbind-libs-9.9.4-51.el7_4.4.x86_64.rpm\nbind-libs-lite-9.9.4-51.el7_4.4.i686.rpm\nbind-libs-lite-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-libs-9.9.4-51.el7_4.4.i686.rpm\nbind-pkcs11-libs-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-utils-9.9.4-51.el7_4.4.x86_64.rpm\nbind-utils-9.9.4-51.el7_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nbind-debuginfo-9.9.4-51.el7_4.4.i686.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm\nbind-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-lite-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-sdb-9.9.4-51.el7_4.4.x86_64.rpm\nbind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\nbind-debuginfo-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-devel-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-lite-devel-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-pkcs11-devel-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-sdb-9.9.4-51.el7_4.4.ppc64le.rpm\nbind-sdb-chroot-9.9.4-51.el7_4.4.ppc64le.rpm\n\nx86_64:\nbind-debuginfo-9.9.4-51.el7_4.4.i686.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm\nbind-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-lite-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-sdb-9.9.4-51.el7_4.4.x86_64.rpm\nbind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4):\n\nx86_64:\nbind-debuginfo-9.9.4-51.el7_4.4.i686.rpm\nbind-debuginfo-9.9.4-51.el7_4.4.x86_64.rpm\nbind-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-lite-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-lite-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-pkcs11-devel-9.9.4-51.el7_4.4.i686.rpm\nbind-pkcs11-devel-9.9.4-51.el7_4.4.x86_64.rpm\nbind-sdb-9.9.4-51.el7_4.4.x86_64.rpm\nbind-sdb-chroot-9.9.4-51.el7_4.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-8616\nhttps://access.redhat.com/security/cve/CVE-2020-8617\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXzPV8dzjgjWX9erEAQgCUA//dmZr/zZbkimNYOaBBZ00RvF26rGRA7yV\nyVgYREXrAF1lgd78GDJ7rL0Y1r7rIursw/la069kK4F8efbSG4o8b4VUtC85+E+Q\nO6crm0Dm17ns4a5ix97uliNk+H9tyjKPVW4aQFJujhSD+Dx5y9bOByfv8HFI4oh3\ntCWmgFoPjcEpWMuIGR1saqrbFWN1Ukz3867jCLaWUr8b4A7XxngDPwd7qtceLpSW\njYt5OaTIhOV3kjICJ5jY69S1D5Ab17/ObGfaq8nOJcRin+XvZgcfgWt00QI+mYkA\nex63m8aGGE3o32MCS/6wsGY/4vP8U7XNe19f9JQTG8ZA4S/PdUJW7y5oRFEWgHg7\nHtveWp+EkGyOB1HU7dRVVBP1lhMaWlz55WjhBoNc6xjV7Zi3IU/W1O85AOL8VtxX\nXzI6Gk+FWFOgocfLh7DexFOj+4iCtX7Ew3862PPwME1bXh4ijlKgkYvcotJCLCL6\nIQGGLWIjIT8BBr1avjTBn998XBx3UxFzyo4QyQRB38fzKaYRXbMPXNWSmlq1CtA3\nU0m5D2TVZGgVEH7/jlWHWzhNpO1TfhHEyyIDHWBpobATTVvToHeCdcQsDbZpuT3/\n8jdswGAx+PKQJI4Q4sPzsfXrXbUew/aS2kybTrkKVuGntIvY0C1EcLYZjbNHEKcG\ne/FXzzEtVBw\\xd4RR\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. Solution:\n\nFor OpenShift Container Platform 4.3 see the following documentation, which\nwill be updated shortly for release 4.3.25, for important instructions on\nhow to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.3/updating/updating-cluster\n- -cli.html. Bugs fixed (https://bugzilla.redhat.com/):\n\n1821583 - CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information\n\n5. \n\nCVE-2019-6477\n\n It was discovered that TCP-pipelined queries can bypass tcp-client\n limits resulting in denial of service. \n\nFor the oldstable distribution (stretch), these problems have been fixed\nin version 1:9.10.3.dfsg.P4-12.3+deb9u6. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:9.11.5.P4+dfsg-5.1+deb10u1. \n\nWe recommend that you upgrade your bind9 packages. \n\nFor the detailed security status of bind9 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl7ENhhfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0TG0w//d/ZEG5TM8bmDZSBkB0n+JZ9S1ZOuRbETrtXAYnI1DjQZzk427PR9Vm39\ntMbe2UOmYgxD/UybCL7tGNsNqFo4iRrefnEU47I8nWp1szCo9MsUbl9itmZfprGF\nlOvMvyklu8WZFXLSHOntOEKANv5k/ygq9ux4t/YWpL4jdpfCR+fdECfr16vV5XkR\ninKQuGDokmDs0E+bJHKUGWTcTsTXmcFZIaurKx+IeHAyQxbEmV1qiJHQKtvkmp9s\nkUlNyrfs1tLXM+JeQK0GtPTJuiMpznkisvC1/hJVPNy2kvGl+5pZ6LRB7BzuswSp\nHokcQ4p8BIw1LAGXq+TvnJaQd+mfHHfasI2FS+XRWEos92bF1+TlxFW4gTLghMYV\nssuK4nBIbvucrNXc2Wcm7n/1UxEiAiT7Zf9mKFBdBxZSxz8ueLh2js0SKxH9GTBF\nRx6x1NXGLI9u9QQgOOzyQh8ClRLC1Z2UtHQLLITTT7UlnXRSO1OvmJEFFuA+0E5/\nFK2zzpD8a3+cHS5O1+a1LihqiwxDkFJXNY/d/BSLAoNeYyGjgQq/1AgoEbjVDO4o\nye6ttRSaaMUS8rvUrE9U4PfSyclHke+filK4KURkY7kZ+UEH7XH2jCZunW/POpKp\nWIBvqVSEK6qTYWji5Ayucm2tgmUMIxV+tH1Im2Im6HjrP/pyGrs=\n=SqNI\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-8616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "PACKETSTORM",
"id": "157784"
},
{
"db": "PACKETSTORM",
"id": "158805"
},
{
"db": "PACKETSTORM",
"id": "158844"
},
{
"db": "PACKETSTORM",
"id": "158134"
},
{
"db": "PACKETSTORM",
"id": "158908"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "PACKETSTORM",
"id": "168830"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-8616",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2020/05/19/4",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVN40208370",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "157784",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158844",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158134",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158908",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1932",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3522",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2744",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2593",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2267",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1893.4",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1777",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1886",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1905",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1777.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1893.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2649",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1975",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2794",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2108",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2833",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158720",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158806",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157921",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158276",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157759",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157864",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157890",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48083",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-8616",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158805",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158900",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "158131",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168830",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "PACKETSTORM",
"id": "157784"
},
{
"db": "PACKETSTORM",
"id": "158805"
},
{
"db": "PACKETSTORM",
"id": "158844"
},
{
"db": "PACKETSTORM",
"id": "158134"
},
{
"db": "PACKETSTORM",
"id": "158908"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "PACKETSTORM",
"id": "168830"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"id": "VAR-202005-1028",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2024-09-19T21:30:28.439000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-8616 (NXNSAttack) \u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "https://xack.co.jp/info/?ID=622"
},
{
"title": "ISC BIND Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119356"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203433 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202383 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: bind9 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4365-1"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203272 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203470 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202404 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203471 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203379 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202345 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202338 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: bind9 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4365-2"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203475 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202344 - Security Advisory"
},
{
"title": "Red Hat: Important: bind security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203378 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: bind9: CVE-2020-8616 CVE-2020-8617",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=381e66e05d75d93918e55cdaa636e1b0"
},
{
"title": "Debian Security Advisories: DSA-4689-1 bind9 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=808ccb545c64882f6cfa960abf75abfa"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.4.8 openshift-enterprise-hyperkube-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202449 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.2.36 ose-machine-config-operator-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202595 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1369",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1369"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.3.25 openshift-enterprise-hyperkube-container security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202441 - Security Advisory"
},
{
"title": "Red Hat: Moderate: OpenShift Container Platform 4.3.25 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20202439 - Security Advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-8616 log"
},
{
"title": "Arch Linux Advisories: [ASA-202005-13] bind: denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-202005-13"
},
{
"title": "Amazon Linux 2: ALAS2-2020-1426",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1426"
},
{
"title": "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (July 2020v1)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4ca8040b949152189bea3a3126afcd39"
},
{
"title": "Red Hat: Important: Container-native Virtualization security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203194 - Security Advisory"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/pexip/os-bind9-libs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4365-1/"
},
{
"trust": 1.7,
"url": "http://www.nxnsattack.com"
},
{
"trust": 1.7,
"url": "https://kb.isc.org/docs/cve-2020-8616"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/4"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2020/dsa-4689"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200522-0002/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4365-2/"
},
{
"trust": 1.7,
"url": "https://www.synology.com/security/advisory/synology_sa_20_12"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8616"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8616"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5591"
},
{
"trust": 0.8,
"url": "https://jprs.jp/tech/security/2020-05-20-bind9-vuln-processing-referrals.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn40208370/index.html"
},
{
"trust": 0.8,
"url": "http://www.nxnsattack.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8617"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wogcjs2xq3sqnf4w6glz73lwzj6zzwzi/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/jkjxvbokz36er3eucr7vrb7wghiimpnj/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-8617"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-bind-affect-aix-cve-2020-8616-and-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158134/red-hat-security-advisory-2020-2449-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158908/red-hat-security-advisory-2020-3475-01.html"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2020/jvndb-2020-000036.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158844/red-hat-security-advisory-2020-3433-01.html"
},
{
"trust": 0.6,
"url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200826-01-ddos-cn"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2267/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-bind-for-ibm-i-is-affected-by-cve-2020-8616-and-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158806/red-hat-security-advisory-2020-3379-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2794/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1893.4/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158720/red-hat-security-advisory-2020-3272-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2744/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2833/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48083"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2108/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2649/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157921/red-hat-security-advisory-2020-2383-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1932/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1777.2/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-publicly-disclosed-vulnerabilities-from-bind-affect-ibm-netezza-host-management/"
},
{
"trust": 0.6,
"url": "https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-027.pdf"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/isc-bind-two-vulnerabilities-32300"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v10-is-impacted-by-denial-of-service-vulnerabilities-in-crunchy-kernel-cve-2020-8616-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157759/ubuntu-security-notice-usn-4365-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2593/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1893.5/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157864/red-hat-security-advisory-2020-2338-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157784/ubuntu-security-notice-usn-4365-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0174/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1905/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157890/red-hat-security-advisory-2020-2345-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1777/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1820/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1886/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-cve-2020-8616-and-cve-2020-8617/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3522/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1975/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158276/red-hat-security-advisory-2020-2595-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-ibm-integrated-analytics-system/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:3433"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8555"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8555"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2020-8616"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4365-2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4365-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3378"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/release_notes/ocp-4-4-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2449"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.4/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3475"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3470"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:2441"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/bind9"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6477"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "PACKETSTORM",
"id": "157784"
},
{
"db": "PACKETSTORM",
"id": "158805"
},
{
"db": "PACKETSTORM",
"id": "158844"
},
{
"db": "PACKETSTORM",
"id": "158134"
},
{
"db": "PACKETSTORM",
"id": "158908"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "PACKETSTORM",
"id": "168830"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"db": "PACKETSTORM",
"id": "157784"
},
{
"db": "PACKETSTORM",
"id": "158805"
},
{
"db": "PACKETSTORM",
"id": "158844"
},
{
"db": "PACKETSTORM",
"id": "158134"
},
{
"db": "PACKETSTORM",
"id": "158908"
},
{
"db": "PACKETSTORM",
"id": "158900"
},
{
"db": "PACKETSTORM",
"id": "158131"
},
{
"db": "PACKETSTORM",
"id": "168830"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"date": "2020-05-20T20:08:05",
"db": "PACKETSTORM",
"id": "157784"
},
{
"date": "2020-08-10T14:26:57",
"db": "PACKETSTORM",
"id": "158805"
},
{
"date": "2020-08-12T15:54:40",
"db": "PACKETSTORM",
"id": "158844"
},
{
"date": "2020-06-17T21:46:33",
"db": "PACKETSTORM",
"id": "158134"
},
{
"date": "2020-08-18T16:40:06",
"db": "PACKETSTORM",
"id": "158908"
},
{
"date": "2020-08-18T16:18:47",
"db": "PACKETSTORM",
"id": "158900"
},
{
"date": "2020-06-17T21:45:27",
"db": "PACKETSTORM",
"id": "158131"
},
{
"date": "2020-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "168830"
},
{
"date": "2020-05-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"date": "2020-05-19T14:15:11.877000",
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-8616"
},
{
"date": "2020-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-000036"
},
{
"date": "2021-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-917"
},
{
"date": "2023-11-07T03:26:38.287000",
"db": "NVD",
"id": "CVE-2020-8616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "157784"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XACK DNS Service operation interruption in (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-000036"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-917"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.