As per upstream advisory: An error in BIND code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger an assertion failure in tsig.c, resulting in denial of service to clients. Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. Please note that a huge majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable and that that key exposes the vulnerability unless specifically disabled.
Acknowledgments: Name: ISC Upstream: Tobias Klein
Created attachment 1688833 [details] Upstream patch against bind-9.11.19
External References: https://kb.isc.org/docs/cve-2020-8617
Created bind tracking bugs for this issue: Affects: fedora-all [bug 1837326]
Patches for various upstream versions can be found here: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.19/patches 9.14 branch: https://downloads.isc.org/isc/bind9/9.14.12/patches 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.3/patches
Mitigation: BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. Upstream recommends using random value in session-keyname as a workaround. This can be added to named.conf configuration file.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2338 https://access.redhat.com/errata/RHSA-2020:2338
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8617
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2344 https://access.redhat.com/errata/RHSA-2020:2344
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2345 https://access.redhat.com/errata/RHSA-2020:2345
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:2383 https://access.redhat.com/errata/RHSA-2020:2383
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2404 https://access.redhat.com/errata/RHSA-2020:2404
Statement: Upstream has released additional information about this flaw. Details available at: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.7 Extended Update Support Via RHSA-2020:2893 https://access.redhat.com/errata/RHSA-2020:2893
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2020:3379 https://access.redhat.com/errata/RHSA-2020:3379
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Advanced Update Support Via RHSA-2020:3378 https://access.redhat.com/errata/RHSA-2020:3378
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.4 Advanced Update Support Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions Red Hat Enterprise Linux 7.4 Telco Extended Update Support Via RHSA-2020:3433 https://access.redhat.com/errata/RHSA-2020:3433
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.2 Advanced Update Support Via RHSA-2020:3471 https://access.redhat.com/errata/RHSA-2020:3471
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.3 Advanced Update Support Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions Red Hat Enterprise Linux 7.3 Telco Extended Update Support Via RHSA-2020:3470 https://access.redhat.com/errata/RHSA-2020:3470
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Extended Update Support Via RHSA-2020:3475 https://access.redhat.com/errata/RHSA-2020:3475