Bug 1869473 (CVE-2020-8622) - CVE-2020-8622 bind: truncated TSIG response can lead to an assertion failure
Summary: CVE-2020-8622 bind: truncated TSIG response can lead to an assertion failure
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-8622
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1869474 1869475 1870904 1872084 1874951 1874954 1874957 1874960
Blocks: 1869469
TreeView+ depends on / blocked
 
Reported: 2020-08-18 04:52 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-16 19:29 UTC (History)
14 users (show)

Fixed In Version: bind 9.11.22, bind 9.16.6, bind 9.17.4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in bind. An assertion failure can occur when trying to verify a truncated response to a TSIG-signed request. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2020-10-08 02:21:12 UTC


Attachments (Terms of Use)
Patch against 9.11.22 (1.36 KB, patch)
2020-08-18 06:49 UTC, Huzaifa S. Sidhpurwala
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4183 0 None None None 2020-10-07 20:16:44 UTC
Red Hat Product Errata RHSA-2020:4500 0 None None None 2020-11-04 01:30:53 UTC
Red Hat Product Errata RHSA-2020:4992 0 None None None 2020-11-10 10:01:05 UTC
Red Hat Product Errata RHSA-2020:5011 0 None None None 2020-11-10 13:00:05 UTC
Red Hat Product Errata RHSA-2020:5203 0 None None None 2020-11-24 11:33:37 UTC

Description Huzaifa S. Sidhpurwala 2020-08-18 04:52:03 UTC
As per upstream advisory:

Attempting to verify a truncated response to a TSIG-signed request leads to an assertion failure.

An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.

Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

Comment 1 Huzaifa S. Sidhpurwala 2020-08-18 04:52:07 UTC
Acknowledgments:

Name: ISC
Upstream: Dave Feldman (Oracle), Jeff Warren (Oracle), Joel Cunningham (Oracle)

Comment 3 Huzaifa S. Sidhpurwala 2020-08-18 06:49:51 UTC
Created attachment 1711687 [details]
Patch against 9.11.22

Comment 4 Huzaifa S. Sidhpurwala 2020-08-21 02:18:42 UTC
External References:

https://kb.isc.org/docs/cve-2020-8622

Comment 5 Huzaifa S. Sidhpurwala 2020-08-21 02:19:33 UTC
Created bind tracking bugs for this issue:

Affects: fedora-all [bug 1870904]

Comment 33 errata-xmlrpc 2020-10-07 20:16:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:4183 https://access.redhat.com/errata/RHSA-2020:4183

Comment 34 Product Security DevOps Team 2020-10-08 02:21:12 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8622

Comment 40 errata-xmlrpc 2020-11-04 01:30:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:4500 https://access.redhat.com/errata/RHSA-2020:4500

Comment 43 errata-xmlrpc 2020-11-10 10:01:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Extended Update Support

Via RHSA-2020:4992 https://access.redhat.com/errata/RHSA-2020:4992

Comment 44 errata-xmlrpc 2020-11-10 13:00:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:5011 https://access.redhat.com/errata/RHSA-2020:5011

Comment 46 errata-xmlrpc 2020-11-24 11:33:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Extended Update Support

Via RHSA-2020:5203 https://access.redhat.com/errata/RHSA-2020:5203


Note You need to log in before you can comment on or make changes to this bug.