CVE-2020-8625 in BINDИнформация

Сводка

по MITRE • 18.02.2021

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

Internet Systems Consortium (ISC)

Резервировать

05.02.2020

Раскрытие

18.02.2021

Модерация

принято

Вход

VDB-170127

EPSS

0.64161

KEV

Нет

Деятельности

Очень низкий

Источники

Do you know our Splunk app?

Download it now for free!