阿里云漏洞库

漏洞描述

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://www.openwall.com/lists/oss-security/2021/04/29/1
http://www.openwall.com/lists/oss-security/2021/04/29/2
http://www.openwall.com/lists/oss-security/2021/04/29/3
http://www.openwall.com/lists/oss-security/2021/04/29/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://kb.isc.org/v1/docs/cve-2021-25215
https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://security.netapp.com/advisory/ntap-20210521-0006/
https://www.debian.org/security/2021/dsa-4909
https://www.oracle.com/security-alerts/cpuoct2021.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	isc	bind	*	From (including) 9.0.0	Up to (excluding) 9.11.31
	运行在以下环境
	应用	isc	bind	*	From (including) 9.12.0	Up to (excluding) 9.16.15
	运行在以下环境
	应用	isc	bind	*	From (including) 9.17.0	Up to (excluding) 9.17.12
	运行在以下环境
	应用	isc	bind	9.10.5	-
	运行在以下环境
	应用	isc	bind	9.10.7	-
	运行在以下环境
	应用	isc	bind	9.11.12	-
	运行在以下环境
	应用	isc	bind	9.11.21	-
	运行在以下环境
	应用	isc	bind	9.11.27	-
	运行在以下环境
	应用	isc	bind	9.11.29	-
	运行在以下环境
	应用	isc	bind	9.11.3	-
	运行在以下环境
	应用	isc	bind	9.11.5	-
	运行在以下环境
	应用	isc	bind	9.11.6	-
	运行在以下环境
	应用	isc	bind	9.11.7	-
	运行在以下环境
	应用	isc	bind	9.11.8	-
	运行在以下环境
	应用	isc	bind	9.16.11	-
	运行在以下环境
	应用	isc	bind	9.16.13	-
	运行在以下环境
	应用	isc	bind	9.16.8	-
	运行在以下环境
	应用	isc	bind	9.9.12	-
	运行在以下环境
	应用	isc	bind	9.9.13	-
	运行在以下环境
	应用	isc	bind	9.9.3	-
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	bind	*		Up to (excluding) 9.11.4-26.P2.2.al7.5
	运行在以下环境
	系统	alpine_3.10	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.11	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.12	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.13	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.14	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.15	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.16	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.17	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.18	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
	系统	alpine_3.19	bind	*		Up to (excluding) 9.16.15-r0
	运行在以下环境
系统	amazon_2	bind	*		Up to (excluding) 9.11.4-26.P2.amzn2.5
运行在以下环境
系统	amazon_AMI	bind	*		Up to (excluding) 9.8.2-0.68.rc1.87.amzn1
运行在以下环境
系统	anolis_os_7	bind	*		Up to (excluding) 9.11.4-26
运行在以下环境
系统	anolis_os_8	bind	*		Up to (excluding) 9.11.13-6
运行在以下环境
系统	centos_7	bind	*		Up to (excluding) 9.11.4-26.P2.el7_9.5
运行在以下环境
系统	debian	debian_linux	10.0	-
运行在以下环境
系统	debian	debian_linux	9.0	-
运行在以下环境
系统	debian_10	bind9	*		Up to (excluding) 9.11.5.P4+dfsg-5.1+deb10u5
运行在以下环境
系统	debian_11	bind9	*		Up to (excluding) 9.16.15-1
运行在以下环境
系统	debian_12	bind9	*		Up to (excluding) 9.16.15-1
运行在以下环境
系统	fedoraproject	fedora	34	-
运行在以下环境
系统	fedora_32	bind	*		Up to (excluding) 9.11.31-1.fc32
运行在以下环境
系统	fedora_33	bind	*		Up to (excluding) 9.11.31-1.fc33
运行在以下环境
系统	fedora_34	bind	*		Up to (excluding) 9.16.15-1.fc34
运行在以下环境
系统	kylinos_aarch64_V10	bind	*		Up to (excluding) 9.11.4-26.P2.el7_9.5
运行在以下环境
系统	kylinos_aarch64_V10SP1	dhcp	*		Up to (excluding) 4.4.2-9.ky10
运行在以下环境
系统	kylinos_aarch64_V10SP2	dhcp	*		Up to (excluding) 4.4.2-9.ky10
运行在以下环境
系统	kylinos_aarch64_V10SP3	dhcp	*		Up to (excluding) 4.4.2-9.ky10
运行在以下环境
系统	kylinos_loongarch64_V10SP1	dhcp	*		Up to (excluding) 4.4.2-9.a.ky10
运行在以下环境
系统	kylinos_loongarch64_V10SP3	dhcp	*		Up to (excluding) 4.4.2-9.a.ky10
运行在以下环境
系统	kylinos_x86_64_V10	bind	*		Up to (excluding) 9.11.4-26.P2.el7_9.5
运行在以下环境
系统	kylinos_x86_64_V10SP1	dhcp	*		Up to (excluding) 4.4.2-9.ky10
运行在以下环境
系统	kylinos_x86_64_V10SP2	dhcp	*		Up to (excluding) 4.4.2-9.ky10
运行在以下环境
系统	opensuse_Leap_15.2	bind	*		Up to (excluding) 9.16.6-lp152.14.19.1
运行在以下环境
系统	opensuse_Leap_15.3	bind	*		Up to (excluding) 9.16.6-22.7.1
运行在以下环境
系统	oracle_6	bind	*		Up to (excluding) 9.8.2-0.68.rc1.0.2.el6_10.8
运行在以下环境
系统	oracle_7	bind	*		Up to (excluding) 9.11.4-26.P2.el7_9.5
运行在以下环境
系统	oracle_8	bind	*		Up to (excluding) 9.11.26-4.el8_4
运行在以下环境
系统	redhat_7	bind	*		Up to (excluding) 9.11.4-26.P2.el7_9.5
运行在以下环境
系统	redhat_8	bind	*		Up to (excluding) 9.11.26-4.el8_4
运行在以下环境
系统	rocky_linux_8	bind	*		Up to (excluding) 39.11.26-4.el8_4
运行在以下环境
系统	suse_12_SP5	bind	*		Up to (excluding) 9.11.22-3.34.1
运行在以下环境
系统	ubuntu_16.04	bind9	*		Up to (excluding) 9.10.3.dfsg.P4-8ubuntu1.19
运行在以下环境
系统	ubuntu_18.04	bind9	*		Up to (excluding) 9.11.3+dfsg-1ubuntu1.15
运行在以下环境
系统	ubuntu_20.04	bind9	*		Up to (excluding) 9.16.1-0ubuntu2.8
运行在以下环境
系统	ubuntu_21.04	bind9	*		Up to (excluding) 9.16.8-1ubuntu3.1
运行在以下环境
系统	ubuntu_21.10	bind9	*		Up to (excluding) 9.16.8-1ubuntu3.1
运行在以下环境
系统	ubuntu_22.04	bind9	*		Up to (excluding) 9.16.8-1ubuntu3.1
运行在以下环境
系统	ubuntu_22.10	bind9	*		Up to (excluding) 9.16.8-1ubuntu3.1

攻击路径

远程
攻击复杂度

容易
权限要求

无需权限
影响范围

有限影响
EXP成熟度

N/A
补丁情况

官方补丁
数据保密性

无影响
数据完整性

无影响
服务器危害

服务器失陷
全网数量

N/A

CWE-ID	漏洞类型
CWE-617	可达断言

低危 BIND安全漏洞

漏洞描述

解决建议

参考链接

受影响软件情况