Vulnerability Details : CVE-2020-8625
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
Vulnerability category: OverflowExecute code
Products affected by CVE-2020-8625
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.3:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.7:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.6:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.8:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.11.27:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.16.8:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.16.11:s1:*:*:supported_preview:*:*:*
- cpe:2.3:a:isc:bind:9.17.0:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.17.1:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:500f_firmware:-:*:*:*:*:*:*:*
Threat overview for CVE-2020-8625
Top countries where our scanners detected CVE-2020-8625
Top open port discovered on systems with this issue
53
IPs affected by CVE-2020-8625 1,276,567
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-8625!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-8625
18.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8625
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
Internet Systems Consortium (ISC) |
CWE ids for CVE-2020-8625
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-8625
-
https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html
[SECURITY] [DLA 2568-1] bind9 security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4857
Debian -- Security Information -- DSA-4857-1 bind9Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/
[SECURITY] Fedora 32 Update: bind-9.11.28-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/02/19/1
oss-security - BIND Operational Notification: Enabling the new BIND option "stale-answer-client-timeout" can result in unexpected server terminationMailing List;Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/
[SECURITY] Fedora 34 Update: bind-9.16.11-5.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://kb.isc.org/v1/docs/cve-2020-8625
CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack - Security AdvisoriesMitigation;Vendor Advisory
-
https://security.netapp.com/advisory/ntap-20210319-0001/
CVE-2020-8625 ISC BIND Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/
[SECURITY] Fedora 33 Update: bind-9.11.28-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/02/20/2
oss-security - BIND Operational Notification: Zone journal (.jnl) file incompatibility,after upgrading to BIND 9.16.12 and 9.17Mailing List;Patch;Third Party Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-21-195/
ZDI-21-195 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Patch;Third Party Advisory
Jump to