The Internet Systems Consortium (ISC) has released a security update that fixes a Medium severity vulnerability in multiple versions of ISC Berkeley Internet Name Domain (BIND).
BIND is the most widely used Domain Name System software on the Internet.
The latest BIND patch addresses a vulnerability (CVE-2021-25219) that could allow lame cache to be abused and severely degrade resolver performance.
The lame cache design flaw may cause internal data structures to grow almost infinitely, thus causing “significant delays in client query processing.”
As noted in the advisory, ISC described the BIND issue and impact:
“A successful attack exploiting this flaw causes aISC
namedresolver to spend most of its CPU time on managing and checking the lame cache. This results in client queries being responded to with large delays, and increased likelihood of DNS timeouts on client hosts.
Moreover, ISC recommends users upgrade to the appropriate BIND version:
- BIND 9.11.36
- BIND 9.16.22
- BIND 9.17.19.
- BIND 9.11.36-S1 (Supported Preview Edition)
- BIND 9.16.22-S1 (Supported Preview Edition).
Readers are encouraged to also check out related articles below for related DNS vulnerabilities and cyberattacks.
- NAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks
- DNSpooq: Dnsmasq vulnerabilities open up network and Linux devices to attack
- Microsoft July 2020 Security Updates and patch for ‘Wormable’ RCE Vulnerability in Window DNS Server
- DNSpionage campaign delivers Karkoff malware
- “Sea Turtle” DNS hijacking campaign
- BIND fixes DoS-related vulnerabilities
- BIND and Microsoft DNS security updates
- Worm uses removable drives to install BLADABINDI backdoor