A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
CVE-2020-8625
Summary
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
Affected Version(s)
BIND9 Open Source Branches 9.5 though 9.11 9.5.0 through versions before 9.11.28
BIND9 Open Source Branches 9.12 though 9.16 9.12.0 through versions before 9.16.12
BIND9 Supported Preview Branch 9.11-S 9.11.3-S1 through versions before 9.11.28-S1
References
EPSS Score
60% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved