Denial of Service : ISC BIND DoS Vulnerability (CVE-2021-25214)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.145864

Kategorie: Denial of Service

Titel: ISC BIND DoS Vulnerability (CVE-2021-25214) - Windows

Zusammenfassung: ISC BIND is prone to a denial of service (DoS) vulnerability.

Beschreibung: Summary:
ISC BIND is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
Incremental zone transfers (IXFR) provide a way of transferring
changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner
name other than the transferred zone's apex may cause the receiving named server to inadvertently
remove the SOA record for the zone in question from the zone database. This leads to an assertion
failure when the next SOA refresh query for that zone is made.

Vulnerability Impact:
When a vulnerable version of named receives a malformed IXFR
triggering the flaw described above, the named process will terminate due to a failed assertion
the next time the transferred secondary zone is refreshed.

Affected Software/OS:
BIND 9.8.5 through 9.8.8, 9.9.3 through 9.11.29, 9.12.0 through
9.16.13, 9.9.3-S1 through 9.11.29-S1, 9.16.8-S1 through 9.16.13-S1 and 9.17.0 through 9.17.11.

Solution:
Update to version 9.11.31, 9.16.15, 9.17.12, 9.11.31-S1,
9.16.15-S1 or later.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-25214
https://kb.isc.org/v1/docs/cve-2021-25214
Debian Security Information: DSA-4909 (Google Search)
https://www.debian.org/security/2021/dsa-4909
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/
https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
http://www.openwall.com/lists/oss-security/2021/04/29/1
http://www.openwall.com/lists/oss-security/2021/04/29/2
http://www.openwall.com/lists/oss-security/2021/04/29/3
http://www.openwall.com/lists/oss-security/2021/04/29/4

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.145864
Kategorie:	Denial of Service
Titel:	ISC BIND DoS Vulnerability (CVE-2021-25214) - Windows
Zusammenfassung:	ISC BIND is prone to a denial of service (DoS) vulnerability.
Beschreibung:	Summary: ISC BIND is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made. Vulnerability Impact: When a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. Affected Software/OS: BIND 9.8.5 through 9.8.8, 9.9.3 through 9.11.29, 9.12.0 through 9.16.13, 9.9.3-S1 through 9.11.29-S1, 9.16.8-S1 through 9.16.13-S1 and 9.17.0 through 9.17.11. Solution: Update to version 9.11.31, 9.16.15, 9.17.12, 9.11.31-S1, 9.16.15-S1 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-25214 https://kb.isc.org/v1/docs/cve-2021-25214 Debian Security Information: DSA-4909 (Google Search) https://www.debian.org/security/2021/dsa-4909 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/ https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html http://www.openwall.com/lists/oss-security/2021/04/29/1 http://www.openwall.com/lists/oss-security/2021/04/29/2 http://www.openwall.com/lists/oss-security/2021/04/29/3 http://www.openwall.com/lists/oss-security/2021/04/29/4
Copyright	Copyright (C) 2021 Greenbone Networks GmbH