SB2025071768 - Multiple vulnerabilities in ISC BIND

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Reachable assertion (CVE-ID: CVE-2025-40777)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when named caching resolver is configured with "serve-stale-enable=yes" and "stale-answer-client-timeout=0". A remote attacker can supply a specially crafted CNAME chain in DNS response and perform a denial of service attack against the resolver. 

2) Reversible One-Way Hash (CVE-ID: CVE-2025-40776)

The vulnerability allows a remote attacker to perform cache poisoning attacks.

The vulnerability exists due to named caching resolver is configured to send ECS (EDNS Client Subnet) options. In such configuration the resolver can be compelled to make queries that slightly increase the odds of guessing the source port and other details necessary to bypass the original birthday cache poisoning attack mitigations.A remote attacker can poison DNS cache. 

Remediation

Install update from vendor's website.

References

• https://kb.isc.org/docs/cve-2025-40777
• https://kb.isc.org/docs/cve-2025-40776