{ "id": "CVE-2020-8619", "sourceIdentifier": "security-officer@isc.org", "published": "2020-06-17T22:15:13.070", "lastModified": "2022-10-07T15:26:43.750", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (\"*\") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable." }, { "lang": "es", "value": "En las versiones ISC BIND9 BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: A menos que un servidor de nombres proporcione un servicio autorizado para una o m\u00e1s zonas y al menos una zona contenga una entrada sin terminal vac\u00eda que contenga un car\u00e1cter asterisco (\"*\"), este defecto no puede ser encontrado. Un posible atacante al que se le permite cambiar el contenido de la zona, podr\u00eda introducir te\u00f3ricamente dicho registro para explotar esta condici\u00f3n y causar una denegaci\u00f3n de servicio, aunque consideramos que el uso de este vector es poco probable porque cualquier ataque requerir\u00eda de un nivel de privilegio significativo y que sea f\u00e1cilmente rastreable" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.2, "impactScore": 3.6 }, { "source": "security-officer@isc.org", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.2, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-404" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.11.14", "versionEndIncluding": "9.11.19", "matchCriteriaId": "5217395B-5877-4FA1-BA0A-F61D2A5F6B7E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:preview:*:*:*", "versionStartIncluding": "9.11.14-s1", "versionEndIncluding": "9.11.19-s1", "matchCriteriaId": "BB971925-B806-4FB8-BE38-F3E7AC9C1091" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.14.9", "versionEndIncluding": "9.14.12", "matchCriteriaId": "26E8318C-FCC3-4AB1-AB50-3CC7F95183A5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.16.0", "versionEndIncluding": "9.16.3", "matchCriteriaId": "4F542837-BDE3-4DA7-B903-5A90464E002D" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493" }, { "vulnerable": true, "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D" } ] } ] } ], "references": [ { "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html", "source": "security-officer@isc.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html", "source": "security-officer@isc.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://kb.isc.org/docs/cve-2020-8619", "source": "security-officer@isc.org", "tags": [ "Vendor Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNFTTYJ5JJJJ6QG3AHXJGDIIEYMDFWFW/", "source": "security-officer@isc.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EIOXMJX4N3LBKC65OXNBE52W4GAS7QEX/", "source": "security-officer@isc.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url": "https://security.netapp.com/advisory/ntap-20200625-0003/", "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/4399-1/", "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.debian.org/security/2020/dsa-4752", "source": "security-officer@isc.org", "tags": [ "Third Party Advisory" ] } ] }