ISC BIND DoS Vulnerability (CVE-2021-25215) - Linux

2021-04-3000:00:00

plugins.openvas.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.05 Low

EPSS

Percentile

92.8%

JSON

ISC BIND is prone to a denial of service (DoS) vulnerability.

# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:isc:bind";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.145865");
  script_version("2021-08-17T14:01:00+0000");
  script_tag(name:"last_modification", value:"2021-08-17 14:01:00 +0000 (Tue, 17 Aug 2021)");
  script_tag(name:"creation_date", value:"2021-04-30 03:24:57 +0000 (Fri, 30 Apr 2021)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2021-05-21 09:15:00 +0000 (Fri, 21 May 2021)");

  script_cve_id("CVE-2021-25215");

  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("ISC BIND DoS Vulnerability (CVE-2021-25215) - Linux");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
  script_family("Denial of Service");
  script_dependencies("gb_isc_bind_consolidation.nasl", "os_detection.nasl");
  script_mandatory_keys("isc/bind/detected", "Host/runs_unixoide");

  script_tag(name:"summary", value:"ISC BIND is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"DNAME records, described in RFC 6672, provide a way to redirect
  a subtree of the domain name tree in the DNS. A flaw in the way named processes these records may
  trigger an attempt to add the same RRset to the ANSWER section more than once. This causes an
  assertion check in BIND to fail.

  DNAME records are processed by both authoritative and recursive servers. For authoritative servers,
  the DNAME record triggering the flaw can be retrieved from a zone database. For servers performing
  recursion, such a record is processed in the course of a query sent to an authoritative server.");

  script_tag(name:"impact", value:"When a vulnerable version of named receives a query for a record
  triggering the flaw described above, the named process will terminate due to a failed assertion check.");

  script_tag(name:"affected", value:"BIND 9.0.0 through 9.11.29, 9.12.0 through 9.16.13, 9.9.3-S1 through
  9.11.29-S1, 9.16.8-S1 through 9.16.13-S1 and 9.17.0 through 9.17.11.");

  script_tag(name:"solution", value:"Update to version 9.11.31, 9.16.15, 9.17.12, 9.11.31-S1,
  9.16.15-S1 or later.");

  script_xref(name:"URL", value:"https://kb.isc.org/docs/cve-2021-25215");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_full(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
proto = infos["proto"];
location = infos["location"];

if (version =~ "^9\.[0-9]+\.[0-9]+s[0-9]") {
  if (version_in_range(version: version, test_version: "9.9.3s1", test_version2: "9.11.29s1")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.11.31-S1", install_path: location);
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }

  if (version_in_range(version: version, test_version: "9.16.8s1", test_version2: "9.16.13s1")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.16.15-S1", install_path: location);
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }
} else {
  if (version_in_range(version: version, test_version: "9.0.0", test_version2: "9.11.29")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.11.31", install_path: location);
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }

  if (version_in_range(version: version, test_version: "9.12.0", test_version2: "9.16.13")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.16.15", install_path: location);
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }

  if (version_in_range(version: version, test_version: "9.17.0", test_version2: "9.17.11")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.17.12", install_path: location);
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }
}

exit(99);