 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.13.2020.140.01 |
| Category: | Slackware Local Security Checks |
| Title: | Slackware: Security Advisory (SSA:2020-140-01) |
| Summary: | The remote host is missing an update for the 'bind' package(s) announced via the SSA:2020-140-01 advisory. |
| Description: | Summary: The remote host is missing an update for the 'bind' package(s) announced via the SSA:2020-140-01 advisory. Vulnerability Insight: New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.11.19-i586-1_slack14.2.txz: Upgraded. This update fixes security issues: A malicious actor who intentionally exploits the lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and the attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. Replaying a TSIG BADTIME response as a request could trigger an assertion failure. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'bind' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-8616 Debian Security Information: DSA-4689 (Google Search) https://www.debian.org/security/2020/dsa-4689 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOGCJS2XQ3SQNF4W6GLZ73LWZJ6ZZWZI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JKJXVBOKZ36ER3EUCR7VRB7WGHIIMPNJ/ http://www.nxnsattack.com https://lists.debian.org/debian-lts-announce/2020/05/msg00031.html http://www.openwall.com/lists/oss-security/2020/05/19/4 SuSE Security Announcement: openSUSE-SU-2020:1699 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html SuSE Security Announcement: openSUSE-SU-2020:1701 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html https://usn.ubuntu.com/4365-1/ https://usn.ubuntu.com/4365-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-8617 http://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |