Anolis OS update for bind (Anolis OS 8.6)
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2018-5743 CVE-2019-6465 CVE-2019-6471 CVE-2020-8616 CVE-2020-8617 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-8625 CVE-2021-25219 |
| CWE-ID | CWE-770 CWE-200 CWE-362 CWE-399 CWE-617 CWE-264 CWE-119 CWE-400 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system python3-bind Operating systems & Components / Operating system package or component bind-license Operating systems & Components / Operating system package or component bind-utils Operating systems & Components / Operating system package or component bind-sdb-chroot Operating systems & Components / Operating system package or component bind-sdb Operating systems & Components / Operating system package or component bind-pkcs11-utils Operating systems & Components / Operating system package or component bind-pkcs11-libs Operating systems & Components / Operating system package or component bind-pkcs11-devel Operating systems & Components / Operating system package or component bind-pkcs11 Operating systems & Components / Operating system package or component bind-lite-devel Operating systems & Components / Operating system package or component bind-libs-lite Operating systems & Components / Operating system package or component bind-libs Operating systems & Components / Operating system package or component bind-export-libs Operating systems & Components / Operating system package or component bind-export-devel Operating systems & Components / Operating system package or component bind-devel Operating systems & Components / Operating system package or component bind-chroot Operating systems & Components / Operating system package or component bind Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU32025
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-5743
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU17828
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-6465
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable. A remote attacker can request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Race condition
EUVDB-ID: #VU21568
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-6471
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU28121
Risk: High
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-8616
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources with the applicatoin. In order for a server performing recursion to locate records in the DNS graph it must be capable of processing referrals, such as those received when it attempts to query an authoritative server for a record which is delegated elsewhere. A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Reachable Assertion
EUVDB-ID: #VU28123
Risk: Medium
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2020-8617
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when checking validity of messages containing TSIG resource records within tsig.c. A remote attacker can send a specially crafted message and cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
6) Reachable Assertion
EUVDB-ID: #VU45819
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-8622
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling TSIG-signed request. An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Reachable Assertion
EUVDB-ID: #VU45818
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-8623
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when processing DNS query for a zone signed with RSA. A remote attacker can send a specially crafted query and crash the DNS server.
Successful exploitation of the vulnerability requires that BIND is built with "--enable-native-pkcs11".
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU45817
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-8624
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform unauthorized actions.
The vulnerability exists due to change 4885 in BIND inadvertently caused "update-policy" rules of type "subdomain" to be treated as if they were of type "zonesub", allowing updates to all parts of the zone along with the intended subdomain. A remote user with privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU50780
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2020-8625
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the SPNEGO implementation in the GSS-TSIG extension. A remote attacker can send a specially crafted DNS request to the server, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource exhaustion
EUVDB-ID: #VU57752
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-25219
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to BIND does not properly control consumption of internal resources when processing lame cache. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
python3-bind: before 9.11.36-3
bind-license: before 9.11.36-3
bind-utils: before 9.11.36-3
bind-sdb-chroot: before 9.11.36-3
bind-sdb: before 9.11.36-3
bind-pkcs11-utils: before 9.11.36-3
bind-pkcs11-libs: before 9.11.36-3
bind-pkcs11-devel: before 9.11.36-3
bind-pkcs11: before 9.11.36-3
bind-lite-devel: before 9.11.36-3
bind-libs-lite: before 9.11.36-3
bind-libs: before 9.11.36-3
bind-export-libs: before 9.11.36-3
bind-export-devel: before 9.11.36-3
bind-devel: before 9.11.36-3
bind-chroot: before 9.11.36-3
bind: before 9.11.36-3
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:python3-bind:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-license:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-sdb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-utils:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-pkcs11:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-lite-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs-lite:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-libs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-export-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-devel:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind-chroot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:bind:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2022:0439
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
