Veracode Vulnerability DatabaseVERACODE:29423Remote Code Execution
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
bind9 is vulnerable to remote code execution. A buffer overflow in GSSAPI security policy negotiation can result in remote code execution.
References
www.openwall.com/lists/oss-security/2021/02/19/1
www.openwall.com/lists/oss-security/2021/02/20/2
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2020-8625
kb.isc.org/v1/docs/cve-2020-8625
lists.debian.org/debian-lts-announce/2021/02/msg00029.html
lists.fedoraproject.org/archives/list/[email protected]/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ/
lists.fedoraproject.org/archives/list/[email protected]/message/KYXAF7G45RXDVNUTWWCI2CVTHRZ67LST/
lists.fedoraproject.org/archives/list/[email protected]/message/QWCMBOSZOJIIET7BWTRYS3HLX5TSDKHX/
security.netapp.com/advisory/ntap-20210319-0001/
www.debian.org/security/2021/dsa-4857
www.zerodayinitiative.com/advisories/ZDI-21-195/
Related
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P