Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-25219

Опубликовано: 27 окт. 2021
Источник: redhat
CVSS3: 5.3

Описание

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

A flaw was found in the way bind processes broken responses from authoritative servers. This caching mechanism could be abused by an attacker to significantly degrade resolver performance.

Меры по смягчению последствий

The vulnerability has been mitigated by changing the default value of lame-ttl to 0

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6bindOut of support scope
Red Hat Enterprise Linux 7bindOut of support scope
Red Hat Enterprise Linux 9bindNot affected
Red Hat Enterprise Linux 8bindFixedRHSA-2022:209210.05.2022
Red Hat Enterprise Linux 8bindFixedRHSA-2022:209210.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2017636bind: Lame cache can be abused to severely degrade resolver performance

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-25219

CVSS3: 5.3
ubuntu
больше 4 лет назад

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

nvd логотип

CVE-2021-25219

CVSS3: 5.3
nvd
больше 4 лет назад

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

msrc логотип

CVE-2021-25219

CVSS3: 5.3
msrc
около 4 лет назад

Lame cache can be abused to severely degrade resolver performance

debian логотип

CVE-2021-25219

CVSS3: 5.3
debian
больше 4 лет назад

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> ...

suse-cvrf логотип

openSUSE-SU-2022:0151-1

suse-cvrf
около 4 лет назад

Security update for bind

5.3 Medium

CVSS3