High-Severity DoS Vulnerability Patched in BIND DNS Software

Source
Advertisement


The flaw, tracked as CVE-2021-25218, affects BIND versions 9.16.19, 9.17.16, and 9.16.19-S1. Patches are included in versions ​​9.16.20, 9.17.17 and 9.16.20-S1. Workarounds are also available.

It’s worth noting that while the existence of the vulnerability was made public on August 18, customers received a notification one week in advance.

The vulnerability can be exploited remotely to cause the BIND name server (named) process to crash.

“If named attempts to respond over UDP with a response that is larger than the current effective interface maximum transmission unit (MTU), and if response-rate limiting (RRL) is active, an assertion failure is triggered (resulting in termination of the named server process),” ISC said in its advisory.

Advertisement