Remote code execution in BIND in multiple F5 BIG-IP products



Published: 2021-03-05

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU50780

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-8625

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the SPNEGO implementation in the GSS-TSIG extension. A remote attacker can send a specially crafted DNS request to the server, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

BIG-IQ Centralized Management: 6.0.0 - 8.0.0

BIG-IP DNS: 11.6.1 - 16.0.1.1

BIG-IP SSLO: 11.6.1 - 16.0.1.1

BIG-IP PEM: 11.6.1 - 16.0.1.1

BIG-IP Link Controller: 11.6.1 - 16.0.1.1

BIG-IP GTM: 11.6.1 - 16.0.1.1

BIG-IP FPS: 11.6.1 - 16.0.1.1

BIG-IP DDHD: 11.6.1 - 16.0.1.1

BIG-IP ASM: 11.6.1 - 16.0.1.1

BIG-IP Analytics: 11.6.1 - 16.0.1.1

BIG-IP AFM: 11.6.1 - 16.0.1.1

BIG-IP Advanced WAF: 11.6.1 - 16.0.1.1

BIG-IP AAM: 11.6.1 - 16.0.1.1

BIG-IP LTM: 11.6.1 - 16.0.1.1

BIG-IP: 11.6.1 - 16.0.1.1

BIG-IP APM: 11.6.1 - 16.0.1.1


CPE2.3 External links

http://support.f5.com/csp/article/K13591074

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###