Vulnerability CVE-2021-25220: Information

Description

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Severity: MEDIUM (6.8) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-25220

Published: March 23, 2022

Modified: Nov. 9, 2023

Error type identifier: CWE-444

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
bind	sisyphus	9.11.37-alt1	9.18.27-alt1	ALT-PU-2022-1501-1	296799	Fixed
bind	sisyphus_e2k	9.11.37-alt1	9.18.27-alt1	ALT-PU-2022-4365-1	-	Fixed
bind	sisyphus_riscv64	9.11.37-alt1	9.18.27-alt1	ALT-PU-2022-4303-1	-	Fixed
bind	p10	9.11.37-alt1	9.16.48-alt1	ALT-PU-2022-1529-1	296816	Fixed
bind	p10_e2k	9.11.37-alt1	9.16.48-alt1	ALT-PU-2022-4351-1	-	Fixed
bind	p9	9.11.37-alt1	9.11.37-alt1	ALT-PU-2022-1568-1	296966	Fixed
bind	p9_e2k	9.11.37-alt1	9.11.37-alt1	ALT-PU-2022-4715-1	-	Fixed
bind	c10f1	9.11.37-alt1	9.16.48-alt0.c10f2.1	ALT-PU-2022-1529-1	296816	Fixed
bind	c9f2	9.11.37-alt1	9.11.37-alt1	ALT-PU-2022-1608-1	296995	Fixed
bind	p11	9.11.37-alt1	9.18.27-alt1	ALT-PU-2022-1501-1	296799	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://kb.isc.org/v1/docs/cve-2021-25220	Mitigation Vendor Advisory
https://security.netapp.com/advisory/ntap-20220408-0001/	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf	Patch Third Party Advisory
GLSA-202210-25	Third Party Advisory
https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US
FEDORA-2022-14e36aac0c
FEDORA-2022-042d9c6146
FEDORA-2022-a88218de5c
FEDORA-2022-05918f0838
FEDORA-2022-3f293290c3

Affected configurations:
1. Configuration 1
  cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*
  Start including
  9.16.8
  End excliding
  9.16.27
  cpe:2.3:a:isc:bind:*:*:*:*:supported_preview:*:*:*
  Start including
  9.11.4
  End excliding
  9.11.37
  cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
  Start including
  9.12.0
  End excliding
  9.16.27
  cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
  Start including
  9.11.0
  End excliding
  9.11.37
  cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*
  Start including
  9.17.0
  End including
  9.18.0
  
  Configuration 2
  cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  
  Configuration 4
  cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  
  Configuration 10
  cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
  
  Configuration 11
  cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
  cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
  End excliding
  1.0
  cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
  
  Configuration 12
  cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2-s7:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r3-s5:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r3-s6:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2-s5:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r3-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r3-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r3-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r3-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.3:r2-s6:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s6:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s5:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r1-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2-s5:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r1-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s8:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2-s6:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r3-s7:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:19.4:r2-s7:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r3-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r1-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r2-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r2-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r3-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r1-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r3-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.2:r3-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r3-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r1-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r3-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r3-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.3:r3-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r3-s3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r3-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r3-s4:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r3-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:20.4:r2-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.1:r3-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r3-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:r3:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.4:r2:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*
  cpe:2.3:o:juniper:junos:22.2:r1:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx100:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx110:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx1400:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx1500:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx210:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx220:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx240:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx240h2:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx240m:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx300:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx320:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx340:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx3400:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx345:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx3600:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx380:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx4000:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx4100:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx4200:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx4600:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx5000:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx5400:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx550:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx550_hm:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx550m:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx5600:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx5800:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:juniper:srx650:-:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2021-25220: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11

Configuration 12