pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/p9/ALT-PU-2020-2685/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

201 lines
9.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20202685",
"Version": "oval:org.altlinux.errata:def:20202685",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2020-2685: package `bind` update to version 9.11.22-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch p9"
],
"Products": [
"ALT Server",
"ALT Virtualization Server",
"ALT Workstation",
"ALT Workstation K",
"ALT Education",
"Simply Linux",
"Starterkit"
]
}
],
"References": [
{
"RefID": "ALT-PU-2020-2685",
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2685",
"Source": "ALTPU"
},
{
"RefID": "BDU:2021-01693",
"RefURL": "https://bdu.fstec.ru/vul/2021-01693",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01725",
"RefURL": "https://bdu.fstec.ru/vul/2021-01725",
"Source": "BDU"
},
{
"RefID": "BDU:2021-01726",
"RefURL": "https://bdu.fstec.ru/vul/2021-01726",
"Source": "BDU"
},
{
"RefID": "CVE-2020-8619",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8619",
"Source": "CVE"
},
{
"RefID": "CVE-2020-8622",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8622",
"Source": "CVE"
},
{
"RefID": "CVE-2020-8623",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8623",
"Source": "CVE"
},
{
"RefID": "CVE-2020-8624",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-8624",
"Source": "CVE"
}
],
"Description": "This update upgrades bind to version 9.11.22-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01693: Уязвимость реализации сборки DNS-сервера с опцией «--enable-native-pkcs11» Bind9, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01725: Уязвимость пакета создающий DNS-сервер Bind9, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2021-01726: Уязвимость пакета DNS-сервера Bind9, связанная с ошибками при обработке правил «update-policy» типа «subdomain», позволяющая нарушителю обновлять все части DNS-зоны вместе с тем поддоменом, обновление которого запланировано\n\n * CVE-2020-8619: In ISC BIND9 versions BIND 9.11.14 -\u003e 9.11.19, BIND 9.14.9 -\u003e 9.14.12, BIND 9.16.0 -\u003e 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -\u003e 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (\"*\") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.\n\n * CVE-2020-8622: In BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.\n\n * CVE-2020-8623: In BIND 9.10.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.10.5-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with \"--enable-native-pkcs11\" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker\n\n * CVE-2020-8624: In BIND 9.9.12 -\u003e 9.9.13, 9.10.7 -\u003e 9.10.8, 9.11.3 -\u003e 9.11.21, 9.12.1 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.12-S1 -\u003e 9.9.13-S1, 9.11.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "High",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2020-08-26"
},
"Updated": {
"Date": "2020-08-26"
},
"BDUs": [
{
"ID": "BDU:2021-01693",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-269",
"Href": "https://bdu.fstec.ru/vul/2021-01693",
"Impact": "Low",
"Public": "20200820"
},
{
"ID": "BDU:2021-01725",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-617",
"Href": "https://bdu.fstec.ru/vul/2021-01725",
"Impact": "Low",
"Public": "20200820"
},
{
"ID": "BDU:2021-01726",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-269",
"Href": "https://bdu.fstec.ru/vul/2021-01726",
"Impact": "Low",
"Public": "20200820"
}
],
"CVEs": [
{
"ID": "CVE-2020-8619",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-404",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8619",
"Impact": "Low",
"Public": "20200617"
},
{
"ID": "CVE-2020-8622",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8622",
"Impact": "Low",
"Public": "20200821"
},
{
"ID": "CVE-2020-8623",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-617",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8623",
"Impact": "High",
"Public": "20200821"
},
{
"ID": "CVE-2020-8624",
"CVSS": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-269",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-8624",
"Impact": "Low",
"Public": "20200821"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:kworkstation:9",
"cpe:/o:alt:workstation:9",
"cpe:/o:alt:server:9",
"cpe:/o:alt:server-v:9",
"cpe:/o:alt:education:9",
"cpe:/o:alt:slinux:9",
"cpe:/o:alt:starterkit:p9"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:1001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20202685001",
"Comment": "bind is earlier than 0:9.11.22-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202685002",
"Comment": "bind-devel is earlier than 0:9.11.22-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202685003",
"Comment": "bind-doc is earlier than 0:9.11.22-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202685004",
"Comment": "bind-utils is earlier than 0:9.11.22-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202685005",
"Comment": "libbind is earlier than 0:9.11.22-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20202685006",
"Comment": "lwresd is earlier than 0:9.11.22-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink