UBUNTU-CVE-2020-8617

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2020-8617

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8617.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-8617

Related

Published

2020-05-19T00:00:00Z

Modified

2020-05-19T00:00:00Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

References

Affected packages

Ubuntu:Pro:14.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.9.5.dfsg-3ubuntu0.19+esm2?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.9.5.dfsg-3ubuntu0.19+esm2

Affected versions

1:9.*

1:9.9.3.dfsg.P2-4ubuntu1

1:9.9.3.dfsg.P2-4ubuntu2

1:9.9.3.dfsg.P2-4ubuntu3

1:9.9.5.dfsg-2

1:9.9.5.dfsg-3

1:9.9.5.dfsg-3ubuntu0.1

1:9.9.5.dfsg-3ubuntu0.2

1:9.9.5.dfsg-3ubuntu0.3

1:9.9.5.dfsg-3ubuntu0.4

1:9.9.5.dfsg-3ubuntu0.5

1:9.9.5.dfsg-3ubuntu0.6

1:9.9.5.dfsg-3ubuntu0.7

1:9.9.5.dfsg-3ubuntu0.8

1:9.9.5.dfsg-3ubuntu0.9

1:9.9.5.dfsg-3ubuntu0.10

1:9.9.5.dfsg-3ubuntu0.11

1:9.9.5.dfsg-3ubuntu0.12

1:9.9.5.dfsg-3ubuntu0.13

1:9.9.5.dfsg-3ubuntu0.14

1:9.9.5.dfsg-3ubuntu0.15

1:9.9.5.dfsg-3ubuntu0.16

1:9.9.5.dfsg-3ubuntu0.17

1:9.9.5.dfsg-3ubuntu0.18

1:9.9.5.dfsg-3ubuntu0.19

1:9.9.5.dfsg-3ubuntu0.19+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "lwresd": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "bind9utils": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "bind9": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "libbind-dev": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "host": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "bind9-doc": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "liblwres90": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "libisccfg90": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "libisccc90": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "libdns100": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "libbind9-90": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "bind9-host": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "libisc95": "1:9.9.5.dfsg-3ubuntu0.19+esm2",
            "dnsutils": "1:9.9.5.dfsg-3ubuntu0.19+esm2"
        }
    ]
}

Ubuntu:16.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.10.3.dfsg.P4-8ubuntu1.16?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.10.3.dfsg.P4-8ubuntu1.16

Affected versions

1:9.*

1:9.9.5.dfsg-11ubuntu1

1:9.9.5.dfsg-12

1:9.9.5.dfsg-12.1

1:9.9.5.dfsg-12.1ubuntu1

1:9.10.3.dfsg.P2-4

1:9.10.3.dfsg.P2-5

1:9.10.3.dfsg.P4-3

1:9.10.3.dfsg.P4-4

1:9.10.3.dfsg.P4-5

1:9.10.3.dfsg.P4-8

1:9.10.3.dfsg.P4-8ubuntu1

1:9.10.3.dfsg.P4-8ubuntu1.1

1:9.10.3.dfsg.P4-8ubuntu1.2

1:9.10.3.dfsg.P4-8ubuntu1.3

1:9.10.3.dfsg.P4-8ubuntu1.4

1:9.10.3.dfsg.P4-8ubuntu1.5

1:9.10.3.dfsg.P4-8ubuntu1.6

1:9.10.3.dfsg.P4-8ubuntu1.7

1:9.10.3.dfsg.P4-8ubuntu1.8

1:9.10.3.dfsg.P4-8ubuntu1.9

1:9.10.3.dfsg.P4-8ubuntu1.10

1:9.10.3.dfsg.P4-8ubuntu1.11

1:9.10.3.dfsg.P4-8ubuntu1.12

1:9.10.3.dfsg.P4-8ubuntu1.14

1:9.10.3.dfsg.P4-8ubuntu1.15

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "bind9-host-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "lwresd": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisc-export160-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccc-export140-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libdns162": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "bind9utils": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccc-export140-udeb-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libirs-export141-udeb-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "bind9-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisc-export160-udeb-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libbind9-140": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libdns162-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisc-export160": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "bind9utils-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccfg-export140-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "dnsutils": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccfg140": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libirs-export141": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libdns-export162": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "liblwres141-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "dnsutils-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libbind-export-dev": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libdns-export162-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccfg140-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccfg-export140-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "liblwres141": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisc160-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccc-export140": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libirs-export141-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libbind9-140-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libdns-export162-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libirs-export141-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccc140-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "lwresd-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "bind9": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisc160": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libbind-dev": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "host": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccfg-export140": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisc-export160-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "bind9-doc": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccc140": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libirs141": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccc-export140-udeb": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libirs141-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libdns-export162-udeb-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "bind9-host": "1:9.10.3.dfsg.P4-8ubuntu1.16",
            "libisccfg-export140-udeb-dbgsym": "1:9.10.3.dfsg.P4-8ubuntu1.16"
        }
    ]
}

Ubuntu:18.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.11.3+dfsg-1ubuntu1.12?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.11.3+dfsg-1ubuntu1.12

Affected versions

1:9.*

1:9.10.3.dfsg.P4-12.6ubuntu1

1:9.11.2.P1-1ubuntu2

1:9.11.2.P1-1ubuntu3

1:9.11.2.P1-1ubuntu4

1:9.11.2.P1-1ubuntu5

1:9.11.3+dfsg-1ubuntu1

1:9.11.3+dfsg-1ubuntu1.1

1:9.11.3+dfsg-1ubuntu1.2

1:9.11.3+dfsg-1ubuntu1.3

1:9.11.3+dfsg-1ubuntu1.5

1:9.11.3+dfsg-1ubuntu1.7

1:9.11.3+dfsg-1ubuntu1.8

1:9.11.3+dfsg-1ubuntu1.9

1:9.11.3+dfsg-1ubuntu1.10

1:9.11.3+dfsg-1ubuntu1.11

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "bind9-host-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libbind9-160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccfg160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisc-export169-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libdns1100-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "bind9utils": "1:9.11.3+dfsg-1ubuntu1.12",
            "libdns-export1100": "1:9.11.3+dfsg-1ubuntu1.12",
            "bind9-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccc-export160": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccfg-export160": "1:9.11.3+dfsg-1ubuntu1.12",
            "liblwres160": "1:9.11.3+dfsg-1ubuntu1.12",
            "libirs-export160": "1:9.11.3+dfsg-1ubuntu1.12",
            "bind9utils-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccc-export160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libirs160": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccfg-export160-udeb": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisc-export169": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisc169-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "dnsutils-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libbind-export-dev": "1:9.11.3+dfsg-1ubuntu1.12",
            "libdns1100": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccc160": "1:9.11.3+dfsg-1ubuntu1.12",
            "libdns-export1100-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libdns-export1100-udeb": "1:9.11.3+dfsg-1ubuntu1.12",
            "liblwres160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libirs-export160-udeb": "1:9.11.3+dfsg-1ubuntu1.12",
            "bind9": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisc169": "1:9.11.3+dfsg-1ubuntu1.12",
            "libbind-dev": "1:9.11.3+dfsg-1ubuntu1.12",
            "libirs-export160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccc-export160-udeb": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisc-export169-udeb": "1:9.11.3+dfsg-1ubuntu1.12",
            "bind9-doc": "1:9.11.3+dfsg-1ubuntu1.12",
            "libirs160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccfg160": "1:9.11.3+dfsg-1ubuntu1.12",
            "libbind9-160": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccc160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "bind9-host": "1:9.11.3+dfsg-1ubuntu1.12",
            "libisccfg-export160-dbgsym": "1:9.11.3+dfsg-1ubuntu1.12",
            "dnsutils": "1:9.11.3+dfsg-1ubuntu1.12"
        }
    ]
}

Ubuntu:20.04:LTS / bind9

Package

Name: bind9
Purl: pkg:deb/ubuntu/bind9@1:9.16.1-0ubuntu2.1?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:9.16.1-0ubuntu2.1

Affected versions

1:9.*

1:9.11.5.P4+dfsg-5.1ubuntu2

1:9.11.5.P4+dfsg-5.1ubuntu3

1:9.11.5.P4+dfsg-5.1ubuntu4

1:9.11.5.P4+dfsg-5.1ubuntu5

1:9.11.14+dfsg-1ubuntu1

1:9.11.14+dfsg-3ubuntu1

1:9.16.0-1ubuntu3

1:9.16.0-1ubuntu4

1:9.16.0-1ubuntu5

1:9.16.1-0ubuntu1

1:9.16.1-0ubuntu2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "bind9-doc": "1:9.16.1-0ubuntu2.1",
            "bind9-dnsutils-dbgsym": "1:9.16.1-0ubuntu2.1",
            "bind9-host": "1:9.16.1-0ubuntu2.1",
            "bind9-host-dbgsym": "1:9.16.1-0ubuntu2.1",
            "bind9utils": "1:9.16.1-0ubuntu2.1",
            "bind9-dbgsym": "1:9.16.1-0ubuntu2.1",
            "bind9-libs": "1:9.16.1-0ubuntu2.1",
            "bind9": "1:9.16.1-0ubuntu2.1",
            "bind9-utils": "1:9.16.1-0ubuntu2.1",
            "bind9-dnsutils": "1:9.16.1-0ubuntu2.1",
            "bind9-libs-dbgsym": "1:9.16.1-0ubuntu2.1",
            "bind9-utils-dbgsym": "1:9.16.1-0ubuntu2.1",
            "dnsutils": "1:9.16.1-0ubuntu2.1"
        }
    ]
}