Buffer overflow : ISC BIND Buffer Overflow Vulnerability (CVE-2020-8625)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.145412

Categoría: Buffer overflow

Título: ISC BIND Buffer Overflow Vulnerability (CVE-2020-8625) - Linux

Resumen: ISC BIND is prone to a buffer overflow vulnerability in the GSSAPI security; policy negotiation.

Descripción: Summary:
ISC BIND is prone to a buffer overflow vulnerability in the GSSAPI security
policy negotiation.

Vulnerability Insight:
GSS-TSIG is an extension to the TSIG protocol which is intended to support
the secure exchange of keys for use in verifying the authenticity of communications between parties on a
network.

SPNEGO is a negotiation mechanism used by GSSAPI, the application protocol interface for GSS-TSIG.

The SPNEGO implementation used by BIND has been found to be vulnerable to a buffer overflow attack.

Vulnerability Impact:
The most likely outcome of a successful exploitation of the vulnerability
is a crash of the named process. However, remote code execution, while unproven, is theoretically possible.

Affected Software/OS:
BIND 9.5.0 - 9.11.27, 9.12.0 - 9.16.11, 9.11.3-S1 - 9.11.27-S1 and
9.16.8-S1 - 9.16.11-S1.

Solution:
Update to version 9.11.28, 9.16.12, 9.11.28-S1, 9.16.12-S1 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-8625
https://kb.isc.org/v1/docs/cve-2020-8625
Debian Security Information: DSA-4857 (Google Search)
https://www.debian.org/security/2021/dsa-4857
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/
https://www.zerodayinitiative.com/advisories/ZDI-21-195/
https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html
http://www.openwall.com/lists/oss-security/2021/02/19/1
http://www.openwall.com/lists/oss-security/2021/02/20/2

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.145412
Categoría:	Buffer overflow
Título:	ISC BIND Buffer Overflow Vulnerability (CVE-2020-8625) - Linux
Resumen:	ISC BIND is prone to a buffer overflow vulnerability in the GSSAPI security; policy negotiation.
Descripción:	Summary: ISC BIND is prone to a buffer overflow vulnerability in the GSSAPI security policy negotiation. Vulnerability Insight: GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between parties on a network. SPNEGO is a negotiation mechanism used by GSSAPI, the application protocol interface for GSS-TSIG. The SPNEGO implementation used by BIND has been found to be vulnerable to a buffer overflow attack. Vulnerability Impact: The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affected Software/OS: BIND 9.5.0 - 9.11.27, 9.12.0 - 9.16.11, 9.11.3-S1 - 9.11.27-S1 and 9.16.8-S1 - 9.16.11-S1. Solution: Update to version 9.11.28, 9.16.12, 9.11.28-S1, 9.16.12-S1 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-8625 https://kb.isc.org/v1/docs/cve-2020-8625 Debian Security Information: DSA-4857 (Google Search) https://www.debian.org/security/2021/dsa-4857 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/ https://www.zerodayinitiative.com/advisories/ZDI-21-195/ https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html http://www.openwall.com/lists/oss-security/2021/02/19/1 http://www.openwall.com/lists/oss-security/2021/02/20/2
Copyright	Copyright (C) 2021 Greenbone Networks GmbH