Lucene search

K

Gentoo FoundationMGASA-2021-0275

HistoryJun 23, 2021 - 8:11 p.m.

Updated bind packages fix a security vulnerability

2021-06-2320:11:28

Gentoo Foundation

advisories.mageia.org

18

bind packages

security vulnerability

incremental zone transfers

soa records

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.009

Percentile

83.0%

Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an owner name other than the transferred zone’s apex may cause the receiving named server to inadvertently remove the SOA record for the zone in question from the zone database. This leads to an assertion failure when the next SOA refresh query for that zone is made (CVE-2021-25214).

OSVersionArchitecturePackageVersionFilename
Mageia7noarchbind< 9.11.6-1.5bind-9.11.6-1.5.mga7

References

bugs.mageia.org/show_bug.cgi?id=28978

kb.isc.org/v1/docs/cve-2021-25214

www.debian.org/security/2021/dsa-4909

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.009

Percentile

83.0%