SB2020052039 - Resource management error in bind (Alpine package)
Published: May 20, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2020-8616)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources with the applicatoin. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9fd4335a39b73f3ab692a227e470c31d0fc161b1
- https://git.alpinelinux.org/aports/commit/?id=54d9d7620b3c43d194b0db4a84b55f3def94cd75
- https://git.alpinelinux.org/aports/commit/?id=f415ad5b8bc9e3fb57d3f950785b0203d7eee934
- https://git.alpinelinux.org/aports/commit/?id=ff7db7c636342b669dde2b034e9c8c887cb9ee90