CVE-2020-8625
Severity
8.1HIGH
EPSS
26.3%
top 3.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 17
Latest updateMay 24
Description
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as …
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33, 34
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-mxh3-93ph-p9r2: BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features↗2022-05-24
CVEList▶
A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack↗2021-02-17
OSV▶
CVE-2020-8625: BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features↗2021-02-17
📋Vendor Advisories
5Red Hat▶
bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation↗2021-02-17
Microsoft▶
A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack↗2021-02-09
Debian▶
CVE-2020-8625: bind9 - BIND servers are vulnerable if they are running an affected version and are conf...↗2020
🕵️Threat Intelligence
3💬Community
1Bugzilla▶
CVE-2019-8625 webkitgtk: Incorrect state management leading to universal cross-site scripting↗2020-09-07