ISC Releases Security Advisory for BIND

Security updates for the Berkeley Internet Name Domain system

Threat ID:: CC-3968
Threat Severity:: Information only
Published:: 29 October 2021 2:16 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates for the Berkeley Internet Name Domain system

Affected platforms

The following platforms are known to be affected:

Versions: BIND 9.3.0 to 9.11.35, 9.12.0 to 9.16.21, and versions 9.9.3-S1 to 9.11.35-S1 and 9.16.8-S1 to 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 to 9.17.18 of the BIND 9.17 development branch

Berkeley Internet Name Domain (BIND) System

Threat details

Introduction

The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Remediation advice

Affected organisations are encouraged to review the ISC security advisory CVE-2021-25219 and apply the necessary updates or workarounds.

CVE Vulnerabilities

Status Published

CVE-2021-25219

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

Last edited: 29 October 2021 3:03 pm