mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
181 lines
8.6 KiB
JSON
181 lines
8.6 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security-officer@isc.org",
|
|
"DATE_PUBLIC": "2021-04-28T20:19:47.000Z",
|
|
"ID": "CVE-2021-25214",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "BIND9",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_name": "Open Source Branch 9.8",
|
|
"version_value": "9.8.5 through 9.8.8"
|
|
},
|
|
{
|
|
"version_name": "Open Source Branches 9.9 through 9.11",
|
|
"version_value": "9.9.3 through versions before 9.11.30"
|
|
},
|
|
{
|
|
"version_name": "Open Source Branches 9.12 through 9.16",
|
|
"version_value": "9.12.0 through versions before 9.16.14"
|
|
},
|
|
{
|
|
"version_name": "Supported Preview Branches 9.9-S through 9.11-S",
|
|
"version_value": "9.9.3-S1 through versions before 9.11.30-S1"
|
|
},
|
|
{
|
|
"version_name": "Supported Preview Branch 9.16-S",
|
|
"version_value": "9.16.8-S1 through versions before 9.16.14-S1"
|
|
},
|
|
{
|
|
"version_name": "Development Branch 9.17",
|
|
"version_value": "9.17.0 through versiosn before 9.17.12"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "ISC"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "ISC would like to thank Greg Kuechle of SaskTel for bringing this vulnerability to our attention."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "We are not aware of any active exploits."
|
|
}
|
|
],
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made. Affects BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://kb.isc.org/v1/docs/cve-2021-25214",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://kb.isc.org/v1/docs/cve-2021-25214"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210428 ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/1"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/2"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/3"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[oss-security] 20210429 Re: ISC discloses three BIND vulnerabilities (CVE-2021-25214, CVE-2021-25215, and CVE-2021-25216)",
|
|
"url": "http://www.openwall.com/lists/oss-security/2021/04/29/4"
|
|
},
|
|
{
|
|
"refsource": "DEBIAN",
|
|
"name": "DSA-4909",
|
|
"url": "https://www.debian.org/security/2021/dsa-4909"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[debian-lts-announce] 20210504 [SECURITY] [DLA 2647-1] bind9 security update",
|
|
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2021-ace61cbee1",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/"
|
|
},
|
|
{
|
|
"refsource": "FEDORA",
|
|
"name": "FEDORA-2021-47f23870ec",
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://security.netapp.com/advisory/ntap-20210521-0006/",
|
|
"url": "https://security.netapp.com/advisory/ntap-20210521-0006/"
|
|
},
|
|
{
|
|
"refsource": "CONFIRM",
|
|
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf",
|
|
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
|
|
}
|
|
]
|
|
},
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.31\n BIND 9.16.15\n BIND 9.17.12\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.31-S1\n BIND 9.16.15-S1"
|
|
}
|
|
],
|
|
"source": {
|
|
"discovery": "USER"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Disabling incremental zone transfers (IXFR) by setting request-ixfr no; in the desired configuration block (options, zone, or server) prevents the failing assertion from being evaluated."
|
|
}
|
|
]
|
|
} |