Описание
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:9.11.3+dfsg-1ubuntu1.13 |
| devel | released | 1:9.16.6-2ubuntu1 |
| esm-infra-legacy/trusty | released | 1:9.9.5.dfsg-3ubuntu0.19+esm3 |
| esm-infra/bionic | released | 1:9.11.3+dfsg-1ubuntu1.13 |
| esm-infra/focal | released | 1:9.16.1-0ubuntu2.3 |
| esm-infra/xenial | released | 1:9.10.3.dfsg.P4-8ubuntu1.17 |
| focal | released | 1:9.16.1-0ubuntu2.3 |
| precise/esm | not-affected | 1:9.8.1.dfsg.P1-4ubuntu0.31 |
| trusty | ignored | end of standard support |
| trusty/esm | released | 1:9.9.5.dfsg-3ubuntu0.19+esm3 |
Показывать по
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
A truncated TSIG response can lead to an assertion failure
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also aff ...
4 Medium
CVSS2
6.5 Medium
CVSS3