Published:2020/06/05  Last Updated:2020/06/05

JVN#40208370
XACK DNS vulnerable to denial-of-service (DoS)

Overview

XACK DNS provided by XACK Corporation contain a denial-of-service (DoS) vulnerability.

Products Affected

Any of the following XACK DNS versions that use the cache server feature (full resolver configuration is set) are affected:

  • XACK DNS 1.11.0 to 1.11.4
  • XACK DNS 1.10.0 to 1.10.8
  • XACK DNS 1.8.0 to 1.8.23
  • XACK DNS 1.7.0 to 1.7.18
  • XACK DNS versions before 1.7.0

Description

XACK DNS is DNS server software provided by XACK, Inc.  XACK DNS contains a denial-of-service (DoS) vulnerability due to an issue commonly referred to as NXNSAttack.

Impact

A remote attacker may be able to cause denial-of-service (DoS) conditions listed below.

  • The performance of the recursive resolver can potentially be degraded by the additional work required to perform fetches
  • An attacker can exploit this behavior to use the recursive resolver as a reflector in a reflection attack

Solution

Update the software
Apply the appropriate update according to the information provided by the developer.

  • XACK DNS 1.11.5
  • XACK DNS 1.10.9
  • XACK DNS 1.8.24
  • XACK DNS 1.7.19

If you use the version 1.6.x and earlier, update the software to the latest version.

Applying this update adds a new configuration item, cache_ns_name_limit, that limits the number of queries to authoritative DNS servers for processing delegation information during full resolver name resolution.

Apply a workaround
If the latest version of software cannot be obtained or software update cannot be applied, applying the workaround listed below may mitigate the impacts of this vulnerability.
  • Set cache_recursion_limit to a smaller value
The developer states this setting works for all domains including root and top-level domains, but setting it too small may lower the success rate of name resolution.

Vendor Status

Vendor Link
XACK, Inc. About CVE-2020-8616 (NXNSAttack)

References

  1. Tel Aviv University
    NXNSAttack
  2. Japan Registry Services Co., Ltd.(JPRS)
    2020-05-20 Bind9 Vuln Processing Referrals (In Japanese)

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Base Score: 8.6
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)
CVSS v2 AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score: 5.0
Access Vector(AV) Local (L) Adjacent Network (A) Network (N)
Access Complexity(AC) High (H) Medium (M) Low (L)
Authentication(Au) Multiple (M) Single (S) None (N)
Confidentiality Impact(C) None (N) Partial (P) Complete (C)
Integrity Impact(I) None (N) Partial (P) Complete (C)
Availability Impact(A) None (N) Partial (P) Complete (C)

Credit

XACK, Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and XACK, Inc. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5591
JVN iPedia JVNDB-2020-000036

Update History

2020/06/05
Fixed the description under the section [Impact]