CVE-2020-8625 vulnerability in ISC and Other Products
Published on February 17, 2021

A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-8625 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2020-8625

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-8625 are published in these products:

ISC BIND

Debian Linux

Fedora Project Fedora

Siemens Sinec Infrastructure Network Services

NetApp Cloud Backup

Affected Versions

ISC BIND9:

Version Open Source Branches 9.5 though 9.11 9.5.0 through versions before 9.11.28 is affected.
Version Open Source Branches 9.12 though 9.16 9.12.0 through versions before 9.16.12 is affected.
Version Supported Preview Branch 9.11-S 9.11.3-S1 through versions before 9.11.28-S1 is affected.
Version Supported Preview Branch 9.16-S 9.16.8-S1 through versions before 9.16.12-S1 is affected.
Version Development Branch 9.17 9.17.0 through versions before 9.17.2 is affected.

Exploit Probability

EPSS

19.50%

Percentile

95.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-8625 vulnerability in ISC and Other ProductsPublished on February 17, 2021

Vulnerability Analysis

Products Associated with CVE-2020-8625

Affected Versions

Exploit Probability

CVE-2020-8625 vulnerability in ISC and Other Products
Published on February 17, 2021