Уязвимость CVE-2020-12667: Информация
Описание
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
knot-resolver | sisyphus | 5.1.1-alt1 | 6.0.5-alt1 | ALT-PU-2020-1995-1 | 252073 | Исправлено |
knot-resolver | p10 | 5.1.1-alt1 | 5.7.0-alt1 | ALT-PU-2020-1995-1 | 252073 | Исправлено |
knot-resolver | c10f1 | 5.1.1-alt1 | 5.4.0-alt1 | ALT-PU-2020-1995-1 | 252073 | Исправлено |
knot-resolver | p11 | 5.1.1-alt1 | 6.0.5-alt1 | ALT-PU-2020-1995-1 | 252073 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ |
|
https://www.knot-resolver.cz/2020-05-19-knot-resolver-5.1.1.html |
|
[oss-security] 20200519 [CVE-2020-12667] Knot Resolver 5.1.1 NXNSAttack mitigation |
|
http://cyber-security-group.cs.tau.ac.il/# |
|
FEDORA-2020-bf68101ad3 | |
[debian-lts-announce] 20240426 [SECURITY] [DLA 3795-1] knot-resolver security update |