← volver
CVE-2021-25215

An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

CVSS 7.5 HIGHEPSS 11.3%
En resumen

Un fallo en el software BIND (servidor DNS) causa que el servidor se bloquee al procesar ciertas consultas DNS para registros DNAME. Un atacante puede enviar una consulta especialmente diseñada para derribar el servicio DNS.

Detalle técnico

La vulnerabilidad existe en la lógica de procesamiento de registros DNAME de BIND donde una verificación de asserción fallida causa la terminación del proceso named. Un atacante no autenticado puede provocar una denegación de servicio enviando una consulta para un registro DNAME que requiere procesamiento recursivo, afectando versiones 9.0.0 hasta 9.17.11 en múltiples ramas.

Resumen generado y traducido por IA a partir de la descripción oficial.
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
ISC · BIND9

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://kb.isc.org/v1/docs/cve-2021-25215https://lists.debian.org/debian-lts-announce/2021/05/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/https://security.netapp.com/advisory/ntap-20210521-0006/https://www.debian.org/security/2021/dsa-4909https://www.oracle.com/security-alerts/cpuoct2021.htmlhttp://www.openwall.com/lists/oss-security/2021/04/29/1http://www.openwall.com/lists/oss-security/2021/04/29/2http://www.openwall.com/lists/oss-security/2021/04/29/3http://www.openwall.com/lists/oss-security/2021/04/29/4