[ SB 21.05 ] ISC Bind RCE ( CVE-2020-8625 )

BIND servers are vulnerable to a DoS and possible RCE if they are running an affected version and are configured to use GSS-TSIG features, which is not the default, but a common configuration in networks where BIND is integrated with Samba as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers.

This vulnerability affects BIND versions from 9.11 to 9.16. It can be triggered remotely and without authentication.

In a recent analysis we found ISC Bind version 9.11 accounting for half of the installatrions found online, so this vulnerability poses a real threat.

bind by versions

Bind-Installations by versions


Fragen? Kontakt: info@zero.bs