U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Flaws in the BIND software expose DNS servers to attacks

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws. The Internet Systems Consortium (ISC) has released security updates for the BIND DNS software to address several vulnerabilities that can be exploited by attackers to trigger denial-of-service (DoS) conditions and potentially to remotely execute […]

Agentic AI Artificial Intelligence incident response Bind

The Internet Systems Consortium (ISC) released updates for the BIND DNS software to patch several denial-of-service (DoS) and potential RCE flaws.

The Internet Systems Consortium (ISC) has released security updates for the BIND DNS software to address several vulnerabilities that can be exploited by attackers to trigger denial-of-service (DoS) conditions and potentially to remotely execute arbitrary code.

The most serious vulnerability, tracked as CVE-2021-25216, is a buffer overflow issue that can lead to a server crash and under specific conditions to remote code execution.

“GSS-TSIG is an extension to the TSIG protocol which is intended to support the secure exchange of keys for use in verifying the authenticity of communications between parties on a network.” reads the advisory published by the organization. “SPNEGO is a negotiation mechanism used by GSSAPI, the application protocol interface for GSS-TSIG. The SPNEGO implementation used by BIND has been found to be vulnerable to a buffer overflow attack.”

The issue only affects servers configured to use GSS-TSIG features which are very common, for this reason, the flaw has been rated with a CVSS score of 8.1.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a security advisory about this vulnerability warning that a remote attacker could exploit this flaw to take control of an affected system.

Versions affected are BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch.

The CVE-2021-25216 flaw was reported to ISC by an anonymous researcher through Trend Micro’s Zero Day Initiative.

The second vulnerability, tracked as CVE-2021-25215, can be exploited by a remote attacker to cause the BIND name server (named) process to terminate due to a failed assertion check triggering a DoS condition. The vulnerability has been rated with a CVSS score of 7.5.

The third vulnerability fixed by the organization is a medium-severity issue tracked as CVE-2021-25214 that can be exploited to trigger DoS attacks. The flaw is remotely exploitable only the target server accepts zone transfers from the potential attacker.

The good news is that the ISC was not aware of any attacks exploiting the above vulnerabilities.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, BIND)

[adrotate banner=”5″]

[adrotate banner=”13″]