SB2021051901 - Denial of service in F5 BIG-IP BIND

Security Bulletin ID SB2021051901

Severity

Low

Patch available

NO

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reachable Assertion (CVE-ID: CVE-2021-25214)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when pressing IXFR queries. An IXFR stream containing SOA records with an owner name other than the transferred zone's apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made. When a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://support.f5.com/csp/article/K11426315