Vulnerability-Lookup

alsa-2022:7643

Vulnerability from osv_almalinux

Published

2022-11-08 00:00

Modified

2022-11-14 18:31

Summary

Important: bind9.16 security update

Details

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)
bind: DoS from specifically crafted TCP packets (CVE-2022-0396)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:7643	ADVISORY
	https://access.redhat.com/security/cve/CVE-2021-25220	REPORT
	https://access.redhat.com/security/cve/CVE-2022-0396	REPORT
	https://bugzilla.redhat.com/2064512	REPORT
	https://bugzilla.redhat.com/2064513	REPORT
	https://errata.almalinux.org/8/ALSA-2022-7643.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16-chroot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16-dnssec-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16-doc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16-libs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16-license"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "bind9.16-utils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "python3-bind9.16"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "32:9.16.23-0.9.el8.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)\n* bind: DoS from specifically crafted TCP packets (CVE-2022-0396)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:7643",
  "modified": "2022-11-14T18:31:41Z",
  "published": "2022-11-08T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:7643"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-25220"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-0396"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2064512"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2064513"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-7643.html"
    }
  ],
  "related": [
    "CVE-2021-25220",
    "CVE-2022-0396"
  ],
  "summary": "Important: bind9.16 security update"
}

CVE-2022-0396 (GCVE-0-2022-0396)

Vulnerability from cvelistv5 – Published: 2022-03-23 10:45 – Updated: 2024-09-16 19:05

Title

DoS from specifically crafted TCP packets

Summary

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/v1/docs/cve-2022-0396
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.netapp.com/advisory/ntap-2022040…
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://security.gentoo.org/glsa/202210-25	vendor-advisory

Impacted products

	Vendor	Product	Version
	ISC	BIND	Affected: Open Source Branch 9.16 9.16.11 through versions before 9.16.27 Affected: Development Branch 9.17 BIND 9.17 all versions Affected: Open Source Branch 9.18 9.18.0 Affected: Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S

Date Public ?

2022-03-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.544Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/v1/docs/cve-2022-0396"
          },
          {
            "name": "FEDORA-2022-14e36aac0c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "GLSA-202210-25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-25"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "Open Source Branch 9.16 9.16.11 through versions before 9.16.27"
            },
            {
              "status": "affected",
              "version": "Development Branch 9.17 BIND 9.17 all versions"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.18 9.18.0"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S"
            }
          ]
        }
      ],
      "datePublic": "2022-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-31T00:00:00.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "url": "https://kb.isc.org/v1/docs/cve-2022-0396"
        },
        {
          "name": "FEDORA-2022-14e36aac0c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "GLSA-202210-25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-25"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n    9.16.27\n    9.18.1\nBIND Supported Preview Edition is a special feature-preview branch of BIND provided to eligible ISC support customers.\n    9.16.27-S1"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "DoS from specifically crafted TCP packets",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue in all affected versions of BIND, use the default setting of keep-response-order { none; }.\nActive exploits: We are not aware of any active exploits."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2022-0396",
    "datePublished": "2022-03-23T10:45:13.589Z",
    "dateReserved": "2022-01-27T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:05:24.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25220 (GCVE-0-2021-25220)

Vulnerability from cvelistv5 – Published: 2022-03-23 12:50 – Updated: 2024-09-16 17:08

Title

DNS forwarders - cache poisoning vulnerability

Summary

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

CWE

When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are: Resolvers using per zone or global forwarding with forward first (forward first is the default). Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only. Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.

Assigner

isc

References

URL

Tags

	https://kb.isc.org/v1/docs/cve-2021-25220
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.netapp.com/advisory/ntap-2022040…
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://security.gentoo.org/glsa/202210-25	vendor-advisory
	https://supportportal.juniper.net/s/article/2022-…

Impacted products

	Vendor	Product	Version
	ISC	BIND	Affected: Open Source Branch 9.11 9.11.0 through versions before 9.11.37 Affected: Development Branch 9.17 BIND 9.17 all version Affected: Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27 Affected: Open Source Branch 9.18 9.18.0 Affected: Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S Affected: Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S

Date Public ?

2022-03-16 00:00

Credits

ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:56:11.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.isc.org/v1/docs/cve-2021-25220"
          },
          {
            "name": "FEDORA-2022-14e36aac0c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
          },
          {
            "name": "FEDORA-2022-042d9c6146",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
          },
          {
            "name": "FEDORA-2022-a88218de5c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
          },
          {
            "name": "FEDORA-2022-05918f0838",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
          },
          {
            "name": "FEDORA-2022-3f293290c3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "GLSA-202210-25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND",
          "vendor": "ISC",
          "versions": [
            {
              "status": "affected",
              "version": "Open Source Branch 9.11  9.11.0 through versions before 9.11.37"
            },
            {
              "status": "affected",
              "version": "Development Branch 9.17  BIND 9.17 all version"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.12-16  9.12.0 through versions before 9.16.27"
            },
            {
              "status": "affected",
              "version": "Open Source Branch 9.18 9.18.0"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S"
            },
            {
              "status": "affected",
              "version": "Supported Preview Branch 9.16-S  9.16.0-S through versions before 9.16.27-S"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue."
        }
      ],
      "datePublic": "2022-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are:     Resolvers using per zone or global forwarding with forward first (forward first is the default).     Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only.     Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND     9.11.0 -\u003e 9.11.36     9.12.0 -\u003e 9.16.26     9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions:     9.11.4-S1 -\u003e 9.11.36-S1     9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-23T00:00:00.000Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "url": "https://kb.isc.org/v1/docs/cve-2021-25220"
        },
        {
          "name": "FEDORA-2022-14e36aac0c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
        },
        {
          "name": "FEDORA-2022-042d9c6146",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
        },
        {
          "name": "FEDORA-2022-a88218de5c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
        },
        {
          "name": "FEDORA-2022-05918f0838",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
        },
        {
          "name": "FEDORA-2022-3f293290c3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "GLSA-202210-25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-25"
        },
        {
          "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n    BIND 9.11.37\n    BIND 9.16.27\n    BIND 9.18.1\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n    BIND 9.11.37-S1\n    BIND 9.16.27-S1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "DNS forwarders - cache poisoning vulnerability",
      "workarounds": [
        {
          "lang": "en",
          "value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use-case, it may be possible to use other zone types to replace forward zones.\nActive exploits: We are not aware of any active exploits."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2021-25220",
    "datePublished": "2022-03-23T12:50:10.367Z",
    "dateReserved": "2021-01-15T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:08:54.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

alsa-2022:7643

Vulnerability from osv_almalinux

CVE-2022-0396 (GCVE-0-2022-0396)

CVE-2021-25220 (GCVE-0-2021-25220)

Tags

Sightings

Nomenclature