Bug 1836124 (CVE-2020-8617)
Summary: | CVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | Petr Sklenar <psklenar> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | aegorenk, anon.amish, david, emarquez, kfujii, kyoneyam, lilhuang, mruprich, msehnout, pemensik, pzhukov, security-response-team, thozza, tkubota, vonsch, yozone, zdohnal | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | bind 9.11.19, bind 9.14.12, bind 9.16.3 | Doc Type: | If docs needed, set a value | ||||
Doc Text: |
An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2020-05-28 23:20:32 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1836134, 1836135, 1836136, 1836137, 1836138, 1836139, 1836140, 1837326, 1851574, 1851575, 1862576, 1862577, 1862578, 1862579, 1862580 | ||||||
Bug Blocks: | 1836119 | ||||||
Attachments: |
|
Description
Huzaifa S. Sidhpurwala
2020-05-15 08:44:46 UTC
Acknowledgments: Name: ISC Upstream: Tobias Klein Created attachment 1688833 [details]
Upstream patch against bind-9.11.19
External References: https://kb.isc.org/docs/cve-2020-8617 Created bind tracking bugs for this issue: Affects: fedora-all [bug 1837326] Patches for various upstream versions can be found here: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.19/patches 9.14 branch: https://downloads.isc.org/isc/bind9/9.14.12/patches 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.3/patches Mitigation: BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. Upstream recommends using random value in session-keyname as a workaround. This can be added to named.conf configuration file. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2338 https://access.redhat.com/errata/RHSA-2020:2338 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8617 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2344 https://access.redhat.com/errata/RHSA-2020:2344 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2345 https://access.redhat.com/errata/RHSA-2020:2345 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:2383 https://access.redhat.com/errata/RHSA-2020:2383 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2404 https://access.redhat.com/errata/RHSA-2020:2404 Statement: Upstream has released additional information about this flaw. Details available at: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:2893 https://access.redhat.com/errata/RHSA-2020:2893 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2020:3379 https://access.redhat.com/errata/RHSA-2020:3379 This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2020:3378 https://access.redhat.com/errata/RHSA-2020:3378 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:3433 https://access.redhat.com/errata/RHSA-2020:3433 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:3471 https://access.redhat.com/errata/RHSA-2020:3471 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:3470 https://access.redhat.com/errata/RHSA-2020:3470 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3475 https://access.redhat.com/errata/RHSA-2020:3475 |