cve/2020/CVE-2020-8625.md

### [CVE-2020-8625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625)
![](https://img.shields.io/static/v1?label=Product&message=BIND9&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Open%20Source%20Branches%209.5%20though%209.119.5.0%20through%20versions%20before%209.11.28%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=BIND%209.5.0%20-%3E%209.11.27%2C%209.12.0%20-%3E%209.16.11%2C%20and%20versions%20BIND%209.11.3-S1%20-%3E%209.11.27-S1%20and%209.16.8-S1%20-%3E%209.16.11-S1%20of%20BIND%20Supported%20Preview%20Edition.%20Also%20release%20versions%209.17.0%20-%3E%209.17.1%20of%20the%20BIND%209.17%20development%20branch%3AGSS-TSIG%20is%20an%20extension%20to%20the%20TSIG%20protocol%20which%20is%20intended%20to%20support%20the%20secure%20exchange%20of%20keys%20for%20use%20in%20verifying%20the%20authenticity%20of%20communications%20between%20parties%20on%20a%20network.%20%20SPNEGO%20is%20a%20negotiation%20mechanism%20used%20by%20GSSAPI%2C%20the%20application%20protocol%20interface%20for%20GSS-TSIG.%20%20The%20SPNEGO%20implementation%20used%20by%20BIND%20has%20been%20found%20to%20be%20vulnerable%20to%20a%20buffer%20overflow%20attack.&color=brighgreen)

### Description

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-8625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625)`
			`![](https://img.shields.io/static/v1?label=Product&message=BIND9&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=Open%20Source%20Branches%209.5%20though%209.119.5.0%20through%20versions%20before%209.11.28%20&color=brighgreen)`
			![](https://img.shields.io/static/v1?label=Vulnerability&message=BIND%209.5.0%20-%3E%209.11.27%2C%209.12.0%20-%3E%209.16.11%2C%20and%20versions%20BIND%209.11.3-S1%20-%3E%209.11.27-S1%20and%209.16.8-S1%20-%3E%209.16.11-S1%20of%20BIND%20Supported%20Preview%20Edition.%20Also%20release%20versions%209.17.0%20-%3E%209.17.1%20of%20the%20BIND%209.17%20development%20branch%3AGSS-TSIG%20is%20an%20extension%20to%20the%20TSIG%20protocol%20which%20is%20intended%20to%20support%20the%20secure%20exchange%20of%20keys%20for%20use%20in%20verifying%20the%20authenticity%20of%20communications%20between%20parties%20on%20a%20network.%20%20SPNEGO%20is%20a%20negotiation%20mechanism%20used%20by%20GSSAPI%2C%20the%20application%20protocol%20interface%20for%20GSS-TSIG.%20%20The%20SPNEGO%20implementation%20used%20by%20BIND%20has%20been%20found%20to%20be%20vulnerable%20to%20a%20buffer%20overflow%20attack.&color=brighgreen)

			`### Description`

			BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`