3 May 2021

ISC recommends updating DNS servers to fix new BIND vulnerabilities


ISC recommends updating DNS servers to fix new BIND vulnerabilities

The Internet Systems Consortium (ISC) has released an advisory that warnings about new vulnerabilities affecting DNS systems. Three vulnerabilities impact an open source project ISC Berkeley Internet Name Domain (BIND) 9, widely used as a DNS system. By exploiting any of these bugs an attacker can cause widespread disruption to the services.

CVE-2021-25216 is a remote buffer overflow vulnerability. A threat actor can launch an attack against  GSSAPI security policy negotiation mechanism for the GSS-TSIG protocol in BIND and potentially gain an ability to further cause crashes and perform remote code execution. This vulnerability has been issued a CVSS severity score of 8.1 (32-bit) or 7.4 (64-bit).

It’s worth noting that under configurations using default BIND settings vulnerable code paths are not exposed. They are exposed when a server's values (tkey-gssapi-keytab/tkey-gssapi-credential) are set.

The second bug (CVE-2021-25215) exists because of the way DNAME records are processed. By exploiting it remote attacker can cause process crashes due to failed assertions. CVSS score of 7.5 was assigned to this vulnerability.

The third flaw (CVE-2021-25214) impacts an incremental zone transfers (IXFR). An attacker can send a malformed IXFR to a named server and cause the named process to crash due to a failed assertion. CVSS score of 6.5 has been issued for this vulnerability.

The ISC is not aware of any active exploits for any of these vulnerabilities. It is highly recommended to deploy versions BIND 9.11.31, 9.16.15, and 9.17.12 which contain patches for all three bugs.

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021