CVE-2021-25220
Summary
| CVE | CVE-2021-25220 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-23 13:15:00 UTC |
| Updated | 2023-11-09 14:44:00 UTC |
| Description | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. |
Risk And Classification
Problem Types: CWE-444
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Operating System | Fedoraproject | Fedora | 36 | All | All | All |
| Application | Isc | Bind | All | All | All | All |
| Application | Isc | Bind | All | All | All | All |
| Application | Isc | Bind | All | All | All | All |
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | 19.3 | - | All | All |
| Operating System | Juniper | Junos | 19.3 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2-s3 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2-s4 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2-s5 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2-s6 | All | All |
| Operating System | Juniper | Junos | 19.3 | r2-s7 | All | All |
| Operating System | Juniper | Junos | 19.3 | r3 | All | All |
| Operating System | Juniper | Junos | 19.3 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 19.3 | r3-s2 | All | All |
| Operating System | Juniper | Junos | 19.3 | r3-s3 | All | All |
| Operating System | Juniper | Junos | 19.3 | r3-s4 | All | All |
| Operating System | Juniper | Junos | 19.3 | r3-s5 | All | All |
| Operating System | Juniper | Junos | 19.3 | r3-s6 | All | All |
| Operating System | Juniper | Junos | 19.4 | - | All | All |
| Operating System | Juniper | Junos | 19.4 | r1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s3 | All | All |
| Operating System | Juniper | Junos | 19.4 | r1-s4 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2-s3 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2-s4 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2-s5 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2-s6 | All | All |
| Operating System | Juniper | Junos | 19.4 | r2-s7 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s2 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s3 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s4 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s5 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s6 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s7 | All | All |
| Operating System | Juniper | Junos | 19.4 | r3-s8 | All | All |
| Operating System | Juniper | Junos | 20.2 | - | All | All |
| Operating System | Juniper | Junos | 20.2 | r1 | All | All |
| Operating System | Juniper | Junos | 20.2 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 20.2 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 20.2 | r1-s3 | All | All |
| Operating System | Juniper | Junos | 20.2 | r2 | All | All |
| Operating System | Juniper | Junos | 20.2 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 20.2 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 20.2 | r2-s3 | All | All |
| Operating System | Juniper | Junos | 20.2 | r3 | All | All |
| Operating System | Juniper | Junos | 20.2 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 20.2 | r3-s2 | All | All |
| Operating System | Juniper | Junos | 20.2 | r3-s3 | All | All |
| Operating System | Juniper | Junos | 20.2 | r3-s4 | All | All |
| Operating System | Juniper | Junos | 20.3 | - | All | All |
| Operating System | Juniper | Junos | 20.3 | r1 | All | All |
| Operating System | Juniper | Junos | 20.3 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 20.3 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 20.3 | r2 | All | All |
| Operating System | Juniper | Junos | 20.3 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 20.3 | r3 | All | All |
| Operating System | Juniper | Junos | 20.3 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 20.3 | r3-s2 | All | All |
| Operating System | Juniper | Junos | 20.3 | r3-s3 | All | All |
| Operating System | Juniper | Junos | 20.3 | r3-s4 | All | All |
| Operating System | Juniper | Junos | 20.4 | - | All | All |
| Operating System | Juniper | Junos | 20.4 | r1 | All | All |
| Operating System | Juniper | Junos | 20.4 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 20.4 | r2 | All | All |
| Operating System | Juniper | Junos | 20.4 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 20.4 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 20.4 | r3 | All | All |
| Operating System | Juniper | Junos | 20.4 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 20.4 | r3-s2 | All | All |
| Operating System | Juniper | Junos | 20.4 | r3-s3 | All | All |
| Operating System | Juniper | Junos | 20.4 | r3-s4 | All | All |
| Operating System | Juniper | Junos | 21.1 | - | All | All |
| Operating System | Juniper | Junos | 21.1 | r1 | All | All |
| Operating System | Juniper | Junos | 21.1 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 21.1 | r2 | All | All |
| Operating System | Juniper | Junos | 21.1 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 21.1 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 21.1 | r3 | All | All |
| Operating System | Juniper | Junos | 21.1 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 21.1 | r3-s2 | All | All |
| Operating System | Juniper | Junos | 21.2 | - | All | All |
| Operating System | Juniper | Junos | 21.2 | r1 | All | All |
| Operating System | Juniper | Junos | 21.2 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 21.2 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 21.2 | r2 | All | All |
| Operating System | Juniper | Junos | 21.2 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 21.2 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 21.2 | r3 | All | All |
| Operating System | Juniper | Junos | 21.2 | r3-s1 | All | All |
| Operating System | Juniper | Junos | 21.3 | - | All | All |
| Operating System | Juniper | Junos | 21.3 | r1 | All | All |
| Operating System | Juniper | Junos | 21.3 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 21.3 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 21.3 | r2 | All | All |
| Operating System | Juniper | Junos | 21.3 | r2-s1 | All | All |
| Operating System | Juniper | Junos | 21.3 | r2-s2 | All | All |
| Operating System | Juniper | Junos | 21.3 | r3 | All | All |
| Operating System | Juniper | Junos | 21.4 | - | All | All |
| Operating System | Juniper | Junos | 21.4 | r1 | All | All |
| Operating System | Juniper | Junos | 21.4 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 21.4 | r1-s2 | All | All |
| Operating System | Juniper | Junos | 21.4 | r2 | All | All |
| Operating System | Juniper | Junos | 22.1 | r1 | All | All |
| Operating System | Juniper | Junos | 22.1 | r1-s1 | All | All |
| Operating System | Juniper | Junos | 22.2 | r1 | All | All |
| Hardware | Juniper | Srx100 | - | All | All | All |
| Hardware | Juniper | Srx110 | - | All | All | All |
| Hardware | Juniper | Srx1400 | - | All | All | All |
| Hardware | Juniper | Srx1500 | - | All | All | All |
| Hardware | Juniper | Srx210 | - | All | All | All |
| Hardware | Juniper | Srx220 | - | All | All | All |
| Hardware | Juniper | Srx240 | - | All | All | All |
| Hardware | Juniper | Srx240h2 | - | All | All | All |
| Hardware | Juniper | Srx240m | - | All | All | All |
| Hardware | Juniper | Srx300 | - | All | All | All |
| Hardware | Juniper | Srx320 | - | All | All | All |
| Hardware | Juniper | Srx340 | - | All | All | All |
| Hardware | Juniper | Srx3400 | - | All | All | All |
| Hardware | Juniper | Srx345 | - | All | All | All |
| Hardware | Juniper | Srx3600 | - | All | All | All |
| Hardware | Juniper | Srx380 | - | All | All | All |
| Hardware | Juniper | Srx4000 | - | All | All | All |
| Hardware | Juniper | Srx4100 | - | All | All | All |
| Hardware | Juniper | Srx4200 | - | All | All | All |
| Hardware | Juniper | Srx4600 | - | All | All | All |
| Hardware | Juniper | Srx5000 | - | All | All | All |
| Hardware | Juniper | Srx5400 | - | All | All | All |
| Hardware | Juniper | Srx550 | - | All | All | All |
| Hardware | Juniper | Srx550m | - | All | All | All |
| Hardware | Juniper | Srx550 Hm | - | All | All | All |
| Hardware | Juniper | Srx5600 | - | All | All | All |
| Hardware | Juniper | Srx5800 | - | All | All | All |
| Hardware | Juniper | Srx650 | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H300e | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H300e Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H300s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H300s Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H410c | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H410c Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H410s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H410s Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H500e | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H500e Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H500s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H500s Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H700e | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H700e Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H700s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H700s Firmware | - | All | All | All |
| Hardware | Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware | Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware | Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware | Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware | Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware | Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware | Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware | Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Application | Siemens | Sinec Ins | All | All | All | All |
| Application | Siemens | Sinec Ins | 1.0 | - | All | All |
| Application | Siemens | Sinec Ins | 1.0 | sp1 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 36 Update: dhcp-4.4.3-2.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE-2021-25220: DNS forwarders - cache poisoning vulnerability | CONFIRM | kb.isc.org | |
| [SECURITY] Fedora 34 Update: dhcp-4.4.2-12.b1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 34 Update: dhcp-4.4.2-12.b1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: dhcp-4.4.3-2.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| ISC BIND: Multiple Vulnerabilities (GLSA 202210-25) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 36 Update: dhcp-4.4.3-2.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf | CONFIRM | cert-portal.siemens.com | |
| [SECURITY] Fedora 36 Update: bind-dyndb-ldap-11.9-14.fc36 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: dhcp-4.4.3-2.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 34 Update: bind-9.16.27-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CEC Juniper Community | MISC | supportportal.juniper.net | |
| [SECURITY] Fedora 34 Update: bind-9.16.27-1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 36 Update: bind-dyndb-ldap-11.9-14.fc36 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| March 2022 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue.
Legacy QID Mappings
- 15129 ISC BIND Domain Name System (DNS) forwarders - cache poisoning Vulnerability
- 160207 Oracle Enterprise Linux Security Update for bind (ELSA-2022-7790)
- 160219 Oracle Enterprise Linux Security Update for bind9.16 (ELSA-2022-7643)
- 160287 Oracle Enterprise Linux Security Update for dhcp security and enhancement update (ELSA-2022-8385)
- 160313 Oracle Enterprise Linux Security Update for bind (ELSA-2022-8068)
- 160426 Oracle Enterprise Linux Security Update for bind (ELSA-2023-0402)
- 179133 Debian Security Update for bind9 (DLA 2955-1)
- 179135 Debian Security Update for bind9 (DLA 2955-2)
- 179144 Debian Security Update for bind9 (DSA 5105-1)
- 183084 Debian Security Update for bind9 (CVE-2021-25220)
- 198706 Ubuntu Security Notification for Bind Vulnerabilities (USN-5332-1)
- 240822 Red Hat Update for bind (RHSA-2022:7790)
- 240828 Red Hat Update for bind9.16 (RHSA-2022:7643)
- 240888 Red Hat Update for bind (RHSA-2022:8068)
- 240901 Red Hat Update for dhcp (RHSA-2022:8385)
- 241122 Red Hat Update for bind (RHSA-2023:0402)
- 257214 CentOS Security Update for bind (CESA-2023:0402)
- 282499 Fedora Security Update for bind (FEDORA-2022-427cfc50f8)
- 282526 Fedora Security Update for bind (FEDORA-2022-042d9c6146)
- 282592 Fedora Security Update for dhcp (FEDORA-2022-a88218de5c)
- 282634 Fedora Security Update for dhcp (FEDORA-2022-05918f0838)
- 296063 Oracle Solaris 11.4 Support Repository Update (SRU) 45.119.2 Missing (CPUAPR2022)
- 330108 IBM AIX Domain Name System (DNS) cache poisoning Vulnerability due to ISC BIND (bind_advisory21)
- 354384 Amazon Linux Security Advisory for bind : ALAS2022-2022-166
- 354410 Amazon Linux Security Advisory for bind : ALAS2022-2022-138
- 354835 Amazon Linux Security Advisory for bind : ALAS2-2023-2001
- 355147 Amazon Linux Security Advisory for bind : ALAS2023-2023-010
- 377944 Alibaba Cloud Linux Security Update for bind (ALINUX2-SA-2023:0006)
- 500062 Alpine Linux Security Update for bind
- 501383 Alpine Linux Security Update for bind
- 503872 Alpine Linux Security Update for bind
- 671737 EulerOS Security Update for bind (EulerOS-SA-2022-1783)
- 671745 EulerOS Security Update for bind (EulerOS-SA-2022-1800)
- 671788 EulerOS Security Update for bind (EulerOS-SA-2022-1857)
- 671816 EulerOS Security Update for bind (EulerOS-SA-2022-1833)
- 671874 EulerOS Security Update for bind (EulerOS-SA-2022-1922)
- 672329 EulerOS Security Update for dhcp (EulerOS-SA-2022-2759)
- 672358 EulerOS Security Update for dhcp (EulerOS-SA-2022-2724)
- 672424 EulerOS Security Update for dhcp (EulerOS-SA-2022-2842)
- 672461 EulerOS Security Update for dhcp (EulerOS-SA-2022-2817)
- 672477 EulerOS Security Update for dhcp (EulerOS-SA-2023-1032)
- 672510 EulerOS Security Update for dhcp (EulerOS-SA-2023-1007)
- 710661 Gentoo Linux ISC BIND Multiple Vulnerabilities (GLSA 202210-25)
- 751911 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2022:0908-1)
- 751923 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2022:0946-1)
- 751925 OpenSUSE Security Update for bind (openSUSE-SU-2022:0945-1)
- 751927 OpenSUSE Security Update for bind (openSUSE-SU-2022:0946-1)
- 751997 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2022:0945-1)
- 752191 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2022:1616-1)
- 752457 SUSE Enterprise Linux Security Update for bind (SUSE-SU-2022:2713-1)
- 900774 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (9108)
- 901658 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (9118)
- 902300 Common Base Linux Mariner (CBL-Mariner) Security Update for bind (9118-1)
- 940734 AlmaLinux Security Update for bind (ALSA-2022:7790)
- 940749 AlmaLinux Security Update for bind9.16 (ALSA-2022:7643)
- 940793 AlmaLinux Security Update for dhcp (ALSA-2022:8385)
- 940822 AlmaLinux Security Update for bind (ALSA-2022:8068)
- 960205 Rocky Linux Security Update for bind (RLSA-2022:7790)
- 960456 Rocky Linux Security Update for bind9.16 (RLSA-2022:7643)
- 960562 Rocky Linux Security Update for dhcp (RLSA-2022:8385)
- 960628 Rocky Linux Security Update for bind (RLSA-2022:8068)