ISC Berkeley Internet Name Domain Denial of Service Vulnerabilities

ISC Berkeley Internet Name Domain Denial of Service Vulnerabilities

Four new vulnerabilities affecting the BIND DNS software have been released, two of them being high severity.

An attacker who successfully exploits these vulnerabilities can cause a “denial of service” on the affected server (For all these vulnerabilities, no analysis has been made and no CVSS scores have been assigned by NIST yet).

Affected Systems

The following servers/systems are affected by these vulnerabilities;

• CVE-2022-0667: 9.18.0
• CVE-2022-0635: 9.18.0
• CVE-2022-0396: 9.16.11 to 9.16.26, 9.17.0 to 9.18.0, 9.16.11-S1 to 9.16.26-S1
• CVE-2021-25220: 9.11.0 to 9.11.36, 9.12.0 to 9.16.26, 9.17.0 to 9.18.0

IoC’s

-

Recommended Solution(s)

Organizations using the following products are recommended to download the patches in the table below.

CVE / CWE

CVE-2021-25220, CVE-2022-0396, CVE-2022-0635, CVE-2022-0667

Related Website(s)

• https://www.cisa.gov/uscert/ncas/current-activity/2022/03/17/isc-releases-security-advisories-bind
• https://kb.isc.org/docs/cve-2021-25220
• https://kb.isc.org/docs/cve-2022-0396
• https://kb.isc.org/docs/cve-2022-0635
• https://kb.isc.org/docs/cve-2022-0667

* Vulnerabilities with a CVSS 3.1 score between 7.0 and 8.9 are evaluated to be “high” whereas vulnerabilities with a CVSS 3.1 score between 9.0 and 10.0 are evaluated to be “critical”.