{"id":9710,"date":"2021-02-18T14:53:44","date_gmt":"2021-02-18T05:53:44","guid":{"rendered":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/?p=9710"},"modified":"2023-10-17T11:41:13","modified_gmt":"2023-10-17T02:41:13","slug":"isc-bind-9%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7%ef%bc%88cve-2020-8625%ef%bc%89%e3%81%ab%e9%96%a2%e3%81%99%e3%82%8b%e6%b3%a8%e6%84%8f%e5%96%9a%e8%b5%b7","status":"publish","type":"post","link":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/public\/heads-up\/isc-bind-9%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7%ef%bc%88cve-2020-8625%ef%bc%89%e3%81%ab%e9%96%a2%e3%81%99%e3%82%8b%e6%b3%a8%e6%84%8f%e5%96%9a%e8%b5%b7\/","title":{"rendered":"ISC BIND 9\u306e\u8106\u5f31\u6027\uff08CVE-2020-8625\uff09\u306b\u95a2\u3059\u308b\u6ce8\u610f\u559a\u8d77"},"content":{"rendered":"\n<p>I. \u6982\u8981<br \/>ISC BIND 9\u306b\u306f\u3001SPNEGO\u5b9f\u88c5\u306b\u304a\u3051\u308b\u30d0\u30c3\u30d5\u30a1\u30fc\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\uff08CVE-2020-8625\uff09\u304c\u3042\u308a\u307e\u3059\u3002<br \/>SPNEGO\u306f\u3001GSS-TSIG\u306b\u57fa\u3065\u304f\u9375\u4ea4\u63db\u3067\u4f7f\u7528\u3055\u308c\u308bGSS-API\u306b\u304a\u3044\u3066\u8a8d\u8a3c\u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u63d0\u4f9b\u3057\u3066\u3044\u307e\u3059\u3002<br \/>\u672c\u8106\u5f31\u6027\u304c\u60aa\u7528\u3055\u308c\u308b\u3068\u3001\u9060\u9694\u306e\u7b2c\u4e09\u8005\u304c\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3\uff08DoS\uff09\u306a\u3069\u3092\u5f15\u304d\u8d77\u3053\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<br \/>\u53c2\u8003\uff1a <a href=\"https:\/\/www.jpcert.or.jp\/at\/2021\/at210010.htm\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.jpcert.or.jp\/at\/2021\/at210010.htm<\/a><\/p>\n<p>ISC\u306f\u3001\u672c\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u6df1\u523b\u5ea6\u3092\u300c\u9ad8\uff08High\uff09\u300d\u3068\u8a55\u4fa1\u3057\u3066\u3044\u307e\u3059\u3002\u8106\u5f31\u6027\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001ISC\u306e\u60c5\u5831\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>Internet Systems Consortium, Inc. (ISC)<br \/>CVE-2020-8625: A vulnerability in BIND&#8217;s GSSAPI security policy negotiation can be targeted by a buffer overflow attack<br \/><a href=\"https:\/\/kb.isc.org\/docs\/cve-2020-8625\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/kb.isc.org\/docs\/cve-2020-8625<\/a><\/p>\n<p>\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30d0\u30fc\u30b8\u30e7\u30f3\u306eISC BIND 9\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\u300cIII.\u5bfe\u7b56\u300d\u3092\u53c2\u8003\u306b\u4fee\u6b63\u6e08\u307f\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u9069\u7528\u306b\u3064\u3044\u3066\u691c\u8a0e\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p><br \/>II. \u5bfe\u8c61<br \/>\u5bfe\u8c61\u3068\u306a\u308b\u88fd\u54c1\u3068\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<p>&#8211; BIND 9.16\u7cfb9.16.0\u304b\u30899.16.11\u307e\u3067<br \/>&#8211; BIND 9.11\u7cfb9.11.0\u304b\u30899.11.27\u307e\u3067<br \/>&#8211; BIND 9 Supported Preview Edition 9.16.8-S1\u304b\u30899.16.11-S1\u307e\u3067<br \/>&#8211; BIND 9 Supported Preview Edition 9.11.3-S1\u304b\u30899.11.27-S1\u307e\u3067<\/p>\n<p>\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306b\u304a\u3044\u3066\u3001GSS-API\u306b\u95a2\u3059\u308b\u30aa\u30d7\u30b7\u30e7\u30f3\uff08tkey-gssapi-keytab\u307e\u305f\u306ftkey-gssapi-credential\uff09\u3092\u6307\u5b9a\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u5bfe\u8c61\u3068\u306a\u308a\u307e\u3059\u3002<br \/>\u306a\u304a\u3001\u3059\u3067\u306b\u30b5\u30dd\u30fc\u30c8\u304c\u7d42\u4e86\u3057\u3066\u3044\u308bBIND 9.10\u7cfb\u4ee5\u524d\u30849.12\u7cfb\u304b\u30899.15\u7cfb\u307e\u3067\u3001\u304a\u3088\u3073\u958b\u767a\u7248\u306e9.17\u7cfb\u306b\u3064\u3044\u3066\u3082\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3068\u306e\u3053\u3068\u3067\u3059\u3002<\/p>\n<p>\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30bf\u30fc\u304c\u63d0\u4f9b\u3057\u3066\u3044\u308bBIND\u3092\u304a\u4f7f\u3044\u306e\u5834\u5408\u306f\u3001\u4f7f\u7528\u4e2d\u306e\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30bf\u30fc\u306a\u3069\u306e\u60c5\u5831\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<p><br \/>III. \u5bfe\u7b56<br \/>ISC\u304b\u3089\u8106\u5f31\u6027\u3092\u4fee\u6b63\u3057\u305f\u30d0\u30fc\u30b8\u30e7\u30f3\u306eISC BIND 9\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<br \/>\u307e\u305f\u3001\u4eca\u5f8c\u5404\u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30bf\u30fc\u306a\u3069\u304b\u3089\u3082\u3001\u4fee\u6b63\u6e08\u307f\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u63d0\u4f9b\u3055\u308c\u308b\u3068\u601d\u308f\u308c\u308b\u305f\u3081\u3001\u5341\u5206\u306a\u30c6\u30b9\u30c8\u3092\u5b9f\u65bd\u306e\u4e0a\u3001\u4fee\u6b63\u6e08\u307f\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u3092\u3054\u691c\u8a0e\u304f\u3060\u3055\u3044\u3002<\/p>\n<p>&#8211; BIND 9.16.12<br \/>&#8211; BIND 9.11.28<br \/>&#8211; BIND 9 Supported Preview Edition 9.16.12-S1<br \/>&#8211; BIND 9 Supported Preview Edition 9.11.28-S1<\/p>\n<p><br \/>IV. \u53c2\u8003\u60c5\u5831<br \/>\u682a\u5f0f\u4f1a\u793e\u65e5\u672c\u30ec\u30b8\u30b9\u30c8\u30ea\u30b5\u30fc\u30d3\u30b9\uff08JPRS\uff09<br \/>\uff08\u7dca\u6025\uff09BIND 9.x\u306e\u8106\u5f31\u6027\uff08DNS\u30b5\u30fc\u30d3\u30b9\u306e\u505c\u6b62\u30fb\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\uff09\u306b\u3064\u3044\u3066\uff08CVE-2020-8625\uff09- GSS-TSIG\u304c\u6709\u52b9\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306e\u307f\u5bfe\u8c61\u3001\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u3092\u5f37\u304f\u63a8\u5968 &#8211;<br \/><a href=\"https:\/\/jprs.jp\/tech\/security\/2021-02-18-bind9-vuln-gsstsig.html\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/jprs.jp\/tech\/security\/2021-02-18-bind9-vuln-gsstsig.html<\/a><\/p>\n<p>Internet Systems Consortium, Inc. (ISC)<br \/>BIND 9 Security Vulnerability Matrix<br \/><a href=\"https:\/\/kb.isc.org\/docs\/aa-00913\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/kb.isc.org\/docs\/aa-00913<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I. \u6982\u8981ISC BIND 9\u306b\u306f\u3001SPNEGO\u5b9f\u88c5\u306b\u304a\u3051\u308b\u30d0\u30c3\u30d5\u30a1\u30fc\u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306e\u8106\u5f31\u6027\uff08CVE-2020-8625\uff09\u304c\u3042\u308a\u307e\u3059\u3002SPNEGO\u306f\u3001GSS-TSIG\u306b\u57fa\u3065\u304f\u9375\u4ea4\u63db\u3067\u4f7f\u7528\u3055\u308c\u308bGSS-API\u306b\u304a\u3044\u3066\u8a8d\u8a3c\u30e1 [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[45],"_links":{"self":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/9710"}],"collection":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/comments?post=9710"}],"version-history":[{"count":6,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/9710\/revisions"}],"predecessor-version":[{"id":14989,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/9710\/revisions\/14989"}],"wp:attachment":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/media?parent=9710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/categories?post=9710"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/tags?post=9710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}