Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

Published

2021-02-17T23:15:13.530

Last Modified

2024-11-21T05:39:09.040

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	isc	bind	≤ 9.11.27	Yes
Application	isc	bind	≤ 9.16.11	Yes
Application	isc	bind	9.11.3	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.5	Yes
Application	isc	bind	9.11.6	Yes
Application	isc	bind	9.11.7	Yes
Application	isc	bind	9.11.8	Yes
Application	isc	bind	9.11.21	Yes
Application	isc	bind	9.11.27	Yes
Application	isc	bind	9.16.8	Yes
Application	isc	bind	9.16.11	Yes
Application	isc	bind	9.17.0	Yes
Application	isc	bind	9.17.1	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	fedoraproject	fedora	33	Yes
Operating System	fedoraproject	fedora	34	Yes
Application	siemens	sinec_infrastructure_network_services	< 1.0.1.1	Yes
Application	netapp	cloud_backup	-	Yes
Operating System	netapp	a250_firmware	-	Yes
Hardware	netapp	a250	-	No
Operating System	netapp	500f_firmware	-	Yes
Hardware	netapp	500f	-	No

References

http://www.openwall.com/lists/oss-security/2021/02/19/1 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/02/20/2 Mailing List, Patch, Third Party Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory ([email protected])
https://kb.isc.org/v1/docs/cve-2020-8625 Mitigation, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/ ([email protected])
https://security.netapp.com/advisory/ntap-20210319-0001/ Third Party Advisory ([email protected])
https://www.debian.org/security/2021/dsa-4857 Third Party Advisory ([email protected])
https://www.zerodayinitiative.com/advisories/ZDI-21-195/ Third Party Advisory, VDB Entry ([email protected])
http://www.openwall.com/lists/oss-security/2021/02/19/1 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/02/20/2 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.isc.org/v1/docs/cve-2020-8625 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20210319-0001/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4857 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.zerodayinitiative.com/advisories/ZDI-21-195/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)