BIND fixes DoS-related vulnerabilities

BIND fixes DoS-related vulnerabilities

The Internet Systems Consortium (ISC) has released security updates that fix five vulnerabilities in multiple versions of ISC Berkeley Internet Name Domain (BIND) that could result in denial-of-service (DoS) condition.

BIND is the most widely used Domain Name System software on the Internet.

In all, ISC patched the following five vulnerabilities:

  1. CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c
  2. CVE-2020-8621: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
  3. CVE-2020-8622: A truncated TSIG response can lead to an assertion failure
  4. CVE-2020-8623: A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
  5. CVE-2020-8624: update-policy rules of type “subdomain” are enforced incorrectly.

In addition, ISC rates the first four of the BIND vulnerabilities as Medium severity and the fifth as Low severity.

On a related front, readers may also recall when Microsoft patched a Critical ‘Wormable’ RCE Vulnerability in Window DNS Server last month. Similarly, BIND and Microsoft each issued security updates back in May to address DNS-related vulnerabilities that could result in denial of service.

Organizations should upgrade to the latest versions of BIND to address each of the vulnerabilities.

Related Articles