Количество 15
Количество 15
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a ...
GHSA-q6g5-8p95-hqh7
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
BDU:2021-00125
Уязвимость компонента tsig.c DNS-сервера BIND, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2020:1350-1
Security update for bind
ELSA-2020-2383
ELSA-2020-2383: bind security update (IMPORTANT)
ELSA-2020-2344
ELSA-2020-2344: bind security update (IMPORTANT)
ELSA-2020-2338
ELSA-2020-2338: bind security update (IMPORTANT)
SUSE-SU-2020:1914-1
Security update for bind
SUSE-SU-2020:14400-1
Security update for bind
openSUSE-SU-2020:1701-1
Security update for bind
openSUSE-SU-2020:1699-1
Security update for bind
SUSE-SU-2020:2914-1
Security update for bind
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-8617 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | CVSS3: 7.5 | 93% Критический | больше 5 лет назад |
 | CVE-2020-8617 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | CVSS3: 7.5 | 93% Критический | больше 5 лет назад |
 | CVE-2020-8617 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | CVSS3: 7.5 | 93% Критический | больше 5 лет назад |
| CVE-2020-8617 Using a specially-crafted message, an attacker may potentially cause a ... | CVSS3: 7.5 | 93% Критический | больше 5 лет назад |
| GHSA-q6g5-8p95-hqh7 Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | CVSS3: 5.9 | 93% Критический | больше 3 лет назад |
 | BDU:2021-00125 Уязвимость компонента tsig.c DNS-сервера BIND, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 93% Критический | больше 5 лет назад |
 | SUSE-SU-2020:1350-1 Security update for bind | больше 5 лет назад | ||
| ELSA-2020-2383 ELSA-2020-2383: bind security update (IMPORTANT) | больше 5 лет назад | ||
| ELSA-2020-2344 ELSA-2020-2344: bind security update (IMPORTANT) | больше 5 лет назад | ||
| ELSA-2020-2338 ELSA-2020-2338: bind security update (IMPORTANT) | больше 5 лет назад | ||
| SUSE-SU-2020:1914-1 Security update for bind | больше 5 лет назад | ||
| SUSE-SU-2020:14400-1 Security update for bind | больше 5 лет назад | ||
| openSUSE-SU-2020:1701-1 Security update for bind | больше 5 лет назад | ||
| openSUSE-SU-2020:1699-1 Security update for bind | больше 5 лет назад | ||
| SUSE-SU-2020:2914-1 Security update for bind | больше 5 лет назад |
Уязвимостей на страницу