Show Navigation
Conversation
Notices
-
ISC Releases Security Advisories for BIND CISA
https://us-cert.cisa.gov/ncas/current-activity/2020/08/21/isc-releases-security-advisories-bind
>The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.
>
>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following ISC advisories for more information and to apply the necessary updates.
CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c Security Advisories
https://kb.isc.org/docs/cve-2020-8620
CVE-2020-8621: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c Security Advisories
https://kb.isc.org/docs/cve-2020-8621
[CVE-2020-8622: A truncated TSIG response can lead to an assertion failure Security Advisories](https://kb.isc.org/docs/cve-2020-8622)
CVE-2020-8623: A flaw in native PKCS11 code can lead to a remotely triggerable assertion failure in pk11.c Security Advisories
https://kb.isc.org/docs/cve-2020-8623
CVE-2020-8624: update-policy rules of type "subdomain" are enforced incorrectly Security Advisories
https://kb.isc.org/docs/cve-2020-8624
-
#ISC's #BIND continues to have security holes one after another. I do sometimes wonder why we (the world as a whole) haven't migrated to something descended from DJBDNS.
#DNS #security