mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
182 lines
8.7 KiB
JSON
182 lines
8.7 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security-officer@isc.org",
|
|
"DATE_PUBLIC": "2021-04-28T20:20:01.000Z",
|
|
"ID": "CVE-2021-25215",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "BIND9",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_name": "Open Source Branches 9.0 through 9.11",
|
|
"version_value": "9.0.0 through versions before 9.11.30"
|
|
},
|
|
{
|
|
"version_name": "Open Source Branches 9.12 through 9.16",
|
|
"version_value": "9.12.0 through versions before 9.16.14"
|
|
},
|
|
{
|
|
"version_name": "Supported Preview Branches 9.9-S through 9.11-S",
|
|
"version_value": "9.9.3-S1 through versions before 9.11.30-S1"
|
|
},
|
|
{
|
|
"version_name": "Supported Preview Branch 9.16-S",
|
|
"version_value": "9.16.8-S1 through versions before 9.16.14-S1"
|
|
},
|
|
{
|
|
"version_name": "Development Branch 9.17",
|
|
"version_value": "9.17.0 through versiosn before 9.17.12"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "ISC"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "ISC would like to thank Siva Kakarla for bringing this vulnerability to our attention."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "We are not aware of any active exploits."
|
|
}
|
|
],
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an assertion check in BIND to fail. DNAME records are processed by both authoritative and recursive servers. For authoritative servers, the DNAME record triggering the flaw can be retrieved from a zone database. For servers performing recursion, such a record is processed in the course of a query sent to an authoritative server. Affects BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://kb.isc.org/v1/docs/cve-2021-25215",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kb.isc.org/v1/docs/cve-2021-25215"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/4"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4909",
|
|
"url": "https://www.debian.org/security/2021/dsa-4909"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2021-ace61cbee1",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2021-47f23870ec",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/"
|
|
},
|
|
{
|
|
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
|
|
"refsource": "MISC",
|
|
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20210521-0006/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20210521-0006/"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.31\n BIND 9.16.15\n BIND 9.17.12\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.31-S1\n BIND 9.16.15-S1"
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "No workarounds known."
|
|
}
|
|
]
|
|
} |