Lucene search

K
ibmIBMFE1BF646F073E0CD70183824B616E6F0E4BCE19482B6A4D40D24FE61BAEF307F
HistoryMar 08, 2022 - 9:28 a.m.

Security Bulletin: Vulnerability in ISC BIND affects IBM Integrated Analytics System.

2022-03-0809:28:36
www.ibm.com
21
isc bind
ibm integrated analytics system
cve-2021-25214
cve-2021-25215
denial of service
security patch
ixfr
assertion failure

EPSS

0.067

Percentile

93.9%

Summary

ISC BIND used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE(CVE-2021-25214 , CVE-2021-25215 ).

Vulnerability Details

CVEID:CVE-2021-25214
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by a broken inbound incremental zone update (IXFR). By sending a specially crafted IXFR, an attacker could exploit this vulnerability to trigger a failed assertion check and terminate the named process.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200961 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-25215
**DESCRIPTION:**ISC BIND is vulnerable to a denial of service, caused by an assertion failure while answering queries for DNAME records. By sending a query for DNAME records, an attacker could exploit this vulnerability to trigger a failed assertion check and terminate the named process.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200960 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Integrated Analytics System 1.0.0-1.0.27.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying below security patch.

Product VRMF Remediation / First Fix
IBM Integrated Analytics System 7.9.21.12.SP6 Link to fix central

Please follow the steps given in release notes to upgrade system with security patches

Workarounds and Mitigations

None