CVE - CVE-2020-8625

CVE-ID
CVE-2020-8625	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf CONFIRM:https://security.netapp.com/advisory/ntap-20210319-0001/ CONFIRM:https://kb.isc.org/v1/docs/cve-2020-8625 URL:https://kb.isc.org/v1/docs/cve-2020-8625 DEBIAN:DSA-4857 URL:https://www.debian.org/security/2021/dsa-4857 FEDORA:FEDORA-2021-0595625865 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/ FEDORA:FEDORA-2021-28f97e232d URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/ FEDORA:FEDORA-2021-8b4744f152 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/ MISC:https://www.zerodayinitiative.com/advisories/ZDI-21-195/ MLIST:[debian-lts-announce] 20210219 [SECURITY] [DLA 2568-1] bind9 security update URL:https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html MLIST:[oss-security] 20210218 BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server termination URL:http://www.openwall.com/lists/oss-security/2021/02/19/1 MLIST:[oss-security] 20210220 BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17 URL:http://www.openwall.com/lists/oss-security/2021/02/20/2
Assigning CNA
Internet Systems Consortium (ISC)
Date Record Created
20200205	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20200205)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)