CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.4%
According to its self-reported version, the ISC Bind present on the remote host is affected by a buffer overflow vulnerability:
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
include('compat.inc');
if (description)
{
script_id(149210);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/11/09");
script_cve_id("CVE-2021-25216");
script_xref(name:"IAVA", value:"2021-A-0206-S");
script_name(english:"ISC BIND GSS-TSIG SPNEGO Buffer Overflow (CVE-2021-25216)");
script_set_attribute(attribute:"synopsis", value:
"The remote name server is affected by a buffer overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the ISC Bind present on the remote
host is affected by a buffer overflow vulnerability:
- GSS-TSIG is an extension to the TSIG protocol which is intended to support
the secure exchange of keys for use in verifying the authenticity of
communications between parties on a network. SPNEGO is a negotiation
mechanism used by GSSAPI, the application protocol interface for GSS-TSIG.
BIND servers are vulnerable if they are running an affected version and are
configured to use GSS-TSIG features. n a configuration which uses BIND's
default settings the vulnerable code path is not exposed, but a server can be
rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab
or tkey-gssapi-credential configuration options. Although the default
configuration is not vulnerable, GSS-TSIG is frequently used in networks
where BIND is integrated with Samba, as well as in mixed-server environments
that combine BIND servers with Active Directory domain controllers. For
servers that meet these conditions, the ISC SPNEGO implementation is
vulnerable to various attacks, depending on the CPU architecture for which
BIND was built.
Note that Nessus has not tested for this issue but has instead relied only on
the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/v1/docs/CVE-2021-25216");
script_set_attribute(attribute:"solution", value:
"Upgrade to the patched release most closely related to your current version of BIND.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25216");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/28");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/30");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"DNS");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("bind_version.nasl");
script_require_keys("bind/version", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
# Workaround exists
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
vcf::bind::initialize();
app_info = vcf::get_app_info(app:'BIND', port:53, kb_ver:'bind/version', service:TRUE, proto:'UDP');
constraints = [
{ 'min_version' : '9.5.0', 'max_version' : '9.11.29', 'fixed_display' : '9.11.31' },
{ 'min_version' : '9.12.0', 'max_version' : '9.16.13', 'fixed_display' : '9.16.15'},
{ 'min_version' : '9.11.3-S1', 'max_version' : '9.11.29-S1', 'fixed_display' : '9.11.31-S1' },
{ 'min_version' : '9.16.8-S1', 'max_version' : '9.16.13-S1', 'fixed_display' : '9.16.15-S1'},
# The below have no fixed versions
{ 'min_version' : '9.17.0', 'max_version' : '9.17.1', 'fixed_display' : 'Update to the latest available stable release'}
];
constraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version);
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
97.4%