CVE-2020-8625
Description
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BINDs default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
11.064
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in BIND 9.17.1 | Windows |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) bind-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) bind-chrootenv-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) bind-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) bind-debugsource-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) bind-doc-9.11.22-3.29.1.noarch.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) bind-utils-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) bind-utils-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libbind9-161-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libbind9-161-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libdns1110-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libdns1110-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libirs161-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libirs161-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisc1107-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisc1107-32bit-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisc1107-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisc1107-debuginfo-32bit-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisccc161-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisccc161-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisccfg163-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) libisccfg163-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) liblwres161-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) liblwres161-debuginfo-9.11.22-3.29.1.x86_64.rpm | Linux |
| SUSE-SU-2021:0503-1(SUSE Linux Enterprise Server 12-SP5 ) python-bind-9.11.22-3.29.1.noarch.rpm | Linux |
| bind9 security update(DSA-4857-1) bind9_9.11.5.P4+dfsg-5.1+deb10u3_i386.deb | Linux |
| bind9 security update(DSA-4857-1) bind9_9.11.5.P4+dfsg-5.1+deb10u3_amd64.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.16.1-0ubuntu2.6_i386.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.16.1-0ubuntu2.6_amd64.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.16.6-3ubuntu1.1_i386.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.16.6-3ubuntu1.1_amd64.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.11.3+dfsg-1ubuntu1.14_i386.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.11.3+dfsg-1ubuntu1.14_amd64.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.10.3.dfsg.P4-8ubuntu1.18_i386.deb | Linux |
| Internet Domain Name Server (USN-4737-1) bind9_9.10.3.dfsg.P4-8ubuntu1.18_amd64.deb | Linux |
| (RHSA-2021:0670) bind security update bind-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-chroot-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-debugsource-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-debugsource-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-devel-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-devel-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-export-devel-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-export-devel-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-export-libs-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-export-libs-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-libs-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-libs-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-libs-lite-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-libs-lite-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-license-9.11.20-5.el8_3.1.noarch.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-lite-devel-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-lite-devel-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-pkcs11-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-pkcs11-devel-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-pkcs11-devel-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-pkcs11-libs-9.11.20-5.el8_3.1.i686.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-pkcs11-libs-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-pkcs11-utils-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-sdb-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-sdb-chroot-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update bind-utils-9.11.20-5.el8_3.1.x86_64.rpm | Linux |
| (RHSA-2021:0670) bind security update python3-bind-9.11.20-5.el8_3.1.noarch.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-chroot-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-export-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-export-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-export-libs-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-export-libs-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-libs-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-libs-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-libs-lite-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-libs-lite-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-license-9.11.4-26.P2.el7_9.4.noarch.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-lite-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-lite-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-pkcs11-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-pkcs11-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-pkcs11-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-pkcs11-libs-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-pkcs11-libs-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-pkcs11-utils-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-sdb-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-sdb-chroot-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (RHSA-2021:0671) bind security update bind-utils-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| Bind update (ELSA-2021-9117) bind-9.8.2-0.68.rc1.0.1.el6_10.8.i686.rpm | Linux |
| Bind update (ELSA-2021-9117) bind-9.8.2-0.68.rc1.0.1.el6_10.8.x86_64.rpm | Linux |
| Bind-chroot update (ELSA-2021-9117) bind-chroot-9.8.2-0.68.rc1.0.1.el6_10.8.i686.rpm | Linux |
| Bind-chroot update (ELSA-2021-9117) bind-chroot-9.8.2-0.68.rc1.0.1.el6_10.8.x86_64.rpm | Linux |
| Bind-devel update (ELSA-2021-9117) bind-devel-9.8.2-0.68.rc1.0.1.el6_10.8.i686.rpm | Linux |
| Bind-devel update (ELSA-2021-9117) bind-devel-9.8.2-0.68.rc1.0.1.el6_10.8.x86_64.rpm | Linux |
| Bind-libs update (ELSA-2021-9117) bind-libs-9.8.2-0.68.rc1.0.1.el6_10.8.i686.rpm | Linux |
| Bind-libs update (ELSA-2021-9117) bind-libs-9.8.2-0.68.rc1.0.1.el6_10.8.x86_64.rpm | Linux |
| Bind-sdb update (ELSA-2021-9117) bind-sdb-9.8.2-0.68.rc1.0.1.el6_10.8.i686.rpm | Linux |
| Bind-sdb update (ELSA-2021-9117) bind-sdb-9.8.2-0.68.rc1.0.1.el6_10.8.x86_64.rpm | Linux |
| Bind-utils update (ELSA-2021-9117) bind-utils-9.8.2-0.68.rc1.0.1.el6_10.8.i686.rpm | Linux |
| Bind-utils update (ELSA-2021-9117) bind-utils-9.8.2-0.68.rc1.0.1.el6_10.8.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-chroot-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-export-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-export-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-export-libs-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-export-libs-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-libs-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-libs-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-libs-lite-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-libs-lite-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-license-9.11.4-26.P2.el7_9.4.noarch.rpm | Linux |
| (CESA-2021:0671) bind security update bind-lite-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-lite-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-pkcs11-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-pkcs11-devel-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-pkcs11-devel-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-pkcs11-libs-9.11.4-26.P2.el7_9.4.i686.rpm | Linux |
| (CESA-2021:0671) bind security update bind-pkcs11-libs-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-pkcs11-utils-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-sdb-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-sdb-chroot-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| (CESA-2021:0671) bind security update bind-utils-9.11.4-26.P2.el7_9.4.x86_64.rpm | Linux |
| Internet Domain Name Server (USN-4737-2) bind9_9.8.1.dfsg.P1-4ubuntu0.32_i386.deb | Linux |
| Internet Domain Name Server (USN-4737-2) bind9_9.8.1.dfsg.P1-4ubuntu0.32_amd64.deb | Linux |
| Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability (CVE-2020-8625) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234