CVSS: 5.3EPSS: 0%CPEs: 51EXPL: 0CVE-2021-25219 – Lame cache can be abused to severely degrade resolver performance
https://notcve.org/view.php?id=CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. En BIND versiones 9.3.0 posteriores a 9.11.35, versiones 9.12.0 posteriores a 9.16.21, y en versiones 9.9.3-S1 posteriores a 9.11.35-S1 y versiones 9.16.8-S1 posteriores a 9.16.21-S1 de BIND Supported Preview Edition, así como en las versiones 9.17.0 -> 9.17.18 de la rama de desarrollo de BIND 9.17, una explotación de servidores autoritativos rotos usando un fallo en el procesamiento de respuestas puede causar una degradación en el rendimiento del resolver BIND. La forma en que está diseñada actualmente la caché de lame hace posible que sus estructuras de datos internas crezcan casi infinitamente, lo que puede causar retrasos significativos en el procesamiento de las consultas de los clientes A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2021-25219 https://lists.debian.org/debian-lts-announce/2021/11/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EF4NAVRV4H3W4GA3LGGZYUKD3HSJBAVW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGV7SA27CTYLGFJSPUM3V36ZWK7WWDI4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YTKC4E3HUOLYN5 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 44%CPEs: 45EXPL: 0CVE-2021-25216 – A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
https://notcve.org/view.php?id=CVE-2021-25216
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. • http://www.openwall.com/lists/oss-security/2021/04/29/1 http://www.openwall.com/lists/oss-security/2021/04/29/2 http://www.openwall.com/lists/oss-security/2021/04/29/3 http://www.openwall.com/lists/oss-security/2021/04/29/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2021-25215 https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html https://security.netapp.com/advisory/ntap-20210521-0006 http • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 6%CPEs: 48EXPL: 0CVE-2021-25215 – An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself
https://notcve.org/view.php?id=CVE-2021-25215
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. En BIND versiones 9.0.0 posteriores a 9.11.29, versiones 9.12.0 posteriores a 9.16.13, y BIND versiones 9.9.3-S1 posteriores a 9.11.29-S1 y versiones 9.16.8-S1 posteriores a 9.16.13-S1 de BIND Supported Preview Edition, así como versiones de lanzamiento 9.17.0 posteriores a 9.17.11 de la rama de desarrollo de BIND versión 9.17, cuando una versión vulnerable de named recibe una consulta para un registro que desencadena un fallo descrito anteriormente, el proceso named terminará debido a un comprobación de afirmación fallido. La vulnerabilidad afecta a todas las ramas de BIND 9 que se mantienen actualmente (9.11, 9.11-S, 9.16, 9.16-S, 9.17), así como a todas las demás versiones de BIND 9 A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. • http://www.openwall.com/lists/oss-security/2021/04/29/1 http://www.openwall.com/lists/oss-security/2021/04/29/2 http://www.openwall.com/lists/oss-security/2021/04/29/3 http://www.openwall.com/lists/oss-security/2021/04/29/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2021-25215 https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce& • CWE-617: Reachable Assertion •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2021-25214 – A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
https://notcve.org/view.php?id=CVE-2021-25214
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. En BIND versiones 9.8.5 posteriores a 9.8.8, versiones 9.9.3 posteriores a 9.11.29, versiones 9.12.0 posteriores a 9.16.13, y BIND versiones 9.9.3-S1 posteriores a 9.11.29-S1 y versiones 9.16.8-S1 posteriores a 9.16.13-S1 de BIND 9 Supported Preview Edition, así como versiones de lanzamiento 9.17.0 posteriores a 9.17.11 de la rama de desarrollo de BIND versión 9.17, cuando una versión vulnerable de named recibe un IXFR malformado que desencadena el fallo descrito anteriormente, el proceso named finalizará debido a una aserción fallida la próxima vez que se actualice la zona secundaria transferida Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made. • http://www.openwall.com/lists/oss-security/2021/04/29/1 http://www.openwall.com/lists/oss-security/2021/04/29/2 http://www.openwall.com/lists/oss-security/2021/04/29/3 http://www.openwall.com/lists/oss-security/2021/04/29/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2021-25214 https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html https://lists.fedoraproject.org/archives/list/package-announce& • CWE-617: Reachable Assertion •
CVSS: 8.1EPSS: 18%CPEs: 25EXPL: 0CVE-2020-8625 – A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
https://notcve.org/view.php?id=CVE-2020-8625
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. • http://www.openwall.com/lists/oss-security/2021/02/19/1 http://www.openwall.com/lists/oss-security/2021/02/20/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://kb.isc.org/v1/docs/cve-2020-8625 https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EBTPWRQWRQEJNWY4NHO4WLS4KLJ3ERHZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.or • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •