As per upstream advisory: In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. In its original design BIND (as well as other nameservers) does not sufficiently limit the number of fetches which may be performed while processing a referral response. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals,cause a recursing server to issue a very large number of fetches in an attempt to process the referral.
Acknowledgments: Name: ISC Upstream: Lior Shafir and Yehuda Afek (Tel Aviv University), Anat Bremler-Barr (Interdisciplinary Center (IDC) Herzliya)
Created attachment 1688822 [details] Upstream patch against bind-9.11.19
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1837325]
Patches for various upstream versions can be found here: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.19/patches 9.14 branch: https://downloads.isc.org/isc/bind9/9.14.12/patches 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.3/patches
External References: https://kb.isc.org/docs/cve-2020-8616 https://www.theregister.co.uk/2020/05/21/nxnaattack_bug_disclosed/
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2338 https://access.redhat.com/errata/RHSA-2020:2338
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8616
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2344 https://access.redhat.com/errata/RHSA-2020:2344
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2345 https://access.redhat.com/errata/RHSA-2020:2345
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:2383 https://access.redhat.com/errata/RHSA-2020:2383
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2404 https://access.redhat.com/errata/RHSA-2020:2404
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:3272 https://access.redhat.com/errata/RHSA-2020:3272
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2020:3379 https://access.redhat.com/errata/RHSA-2020:3379
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2020:3378 https://access.redhat.com/errata/RHSA-2020:3378
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:3433 https://access.redhat.com/errata/RHSA-2020:3433
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:3471 https://access.redhat.com/errata/RHSA-2020:3471
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:3470 https://access.redhat.com/errata/RHSA-2020:3470
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3475 https://access.redhat.com/errata/RHSA-2020:3475