CVE-2021-25216
- Source
- https://cve.org/CVERecord?id=CVE-2021-25216
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25216.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-25216
- Downstream
- Related
- Published
- 2021-04-29T01:15:08.047Z
- Modified
- 2026-04-02T06:47:56.282277Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.
- References
-
- https://kb.isc.org/v1/docs/cve-2021-25215
- http://www.openwall.com/lists/oss-security/2021/04/29/4
- https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
- https://security.netapp.com/advisory/ntap-20210521-0006/
- https://www.debian.org/security/2021/dsa-4909
- https://www.zerodayinitiative.com/advisories/ZDI-21-657/
- http://www.openwall.com/lists/oss-security/2021/04/29/1
- http://www.openwall.com/lists/oss-security/2021/04/29/2
- http://www.openwall.com/lists/oss-security/2021/04/29/3
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Affected packages
Git / gitlab.isc.org/isc-projects/bind9
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.isc.org/isc-projects/bind9
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "9.0" }, { "introduced": "9.0.0" }, { "fixed": "9.11.31" }, { "introduced": "9.12.0" }, { "fixed": "9.16.15" }, { "introduced": "9.17.0" }, { "fixed": "9.17.12" }, { "introduced": "0" }, { "last_affected": "9.9.3-s1" }, { "introduced": "0" }, { "last_affected": "9.9.12-s1" }, { "introduced": "0" }, { "last_affected": "9.10.5-s1" }, { "introduced": "0" }, { "last_affected": "9.10.7-s1" }, { "introduced": "0" }, { "last_affected": "9.11.3-s1" }, { "introduced": "0" }, { "last_affected": "9.11.6-s1" } ] }
Affected versions
Other
alessio/regression/026024a6ae
alessio/regression/227add4c3e
alessio/regression/2ebcafd8c2
alessio/regression/a26055f03e
andoni/test-rtd-tag-versioning
ondrej/lock-free-qpzone-reads-v1
stable
v9.*
v9.0.0
v9.0.0a1
v9.0.0a2
v9.0.0a3
v9.0.0b1
v9.0.0b2
v9.0.0b3
v9.0.0b4
v9.0.0b5
v9.0.0rc1
v9.0.0rc2
v9.0.0rc3
v9.0.0rc4
v9.0.0rc5
v9.0.0rc6
v9.0.1
v9.0.1rc1
v9.0.1rc2
v9.1.0
v9.1.0b1
v9.1.0b2
v9.1.0b3
v9.1.0rc1
v9.1.1
v9.1.1-P1
v9.1.1-P2
v9.1.1-P3
v9.1.1-P4
v9.1.1rc1
v9.1.1rc2
v9.1.1rc3
v9.1.1rc4
v9.1.1rc5
v9.1.1rc6
v9.1.1rc7
v9.1.2
v9.1.2rc1
v9.1.3
v9.1.3-P1
v9.1.3-P2
v9.1.3-P3
v9.1.3rc1
v9.1.3rc2
v9.1.3rc3
v9.10.0
v9.10.0-P1
v9.10.0-P2
v9.10.0a1
v9.10.0a2
v9.10.0b1
v9.10.0b2
v9.10.0rc1
v9.10.0rc2
v9.10.1
v9.10.1-P1
v9.10.1-P2
v9.10.1b1
v9.10.1b2
v9.10.1rc1
v9.10.1rc2
v9.10.2
v9.10.2-P1
v9.10.2-P2
v9.10.2-P3
v9.10.2-P4
v9.10.2b1
v9.10.2rc1
v9.10.2rc2
v9.10.3
v9.10.3-P2
v9.10.3-P3
v9.10.3-P4
v9.10.3b1
v9.10.3rc1
v9.10.4
v9.10.4-P1
v9.10.4-P2
v9.10.4-P3
v9.10.4-P4
v9.10.4-P5
v9.10.4-P6
v9.10.4-P8
v9.10.4b1
v9.10.4b2
v9.10.4b3
v9.10.4rc1
v9.10.5b1
v9.11.0
v9.11.0-P1
v9.11.0-P2
v9.11.0-P3
v9.11.0-P5
v9.11.0a1
v9.11.0a2
v9.11.0a3
v9.11.0b1
v9.11.0b2
v9.11.0b3
v9.11.0rc1
v9.11.0rc2
v9.11.0rc3
v9.11.1
v9.11.1-P1
v9.11.1-P2
v9.11.1-P3
v9.11.1b1
v9.11.1rc1
v9.11.1rc2
v9.11.1rc3
v9.11.2
v9.11.2-P1
v9.11.2b1
v9.11.2rc1
v9.11.2rc2
v9.11.3b1
v9.12.0
v9.12.0a0
v9.12.0a1
v9.12.0b1
v9.12.0b2
v9.12.0rc1
v9.12.0rc2
v9.12.0rc3
v9.12.1
v9.12.1-P2
v9.12.1b1
v9.12.1rc1
v9.12.2
v9.12.2-P1
v9.12.2-P2
v9.12.2rc1
v9.12.2rc2
v9.12.3
v9.12.3-P1
v9.12.3-P4
v9.12.3rc1
v9.12.4
v9.12.4-P1
v9.12.4rc1
v9.13.0
v9.13.1
v9.13.2
v9.13.3
v9.13.4
v9.13.5
v9.13.5-W1
v9.13.6
v9.13.7
v9.14.0
v9.14.0rc1
v9.14.0rc2
v9.14.0rc3
v9.14.1
v9.14.10
v9.14.11
v9.14.12
v9.14.2
v9.14.3
v9.14.4
v9.14.5
v9.14.6
v9.14.7
v9.14.8
v9.14.9
v9.15.0
v9.15.1
v9.15.2
v9.15.3
v9.15.4
v9.15.5
v9.15.6
v9.15.7
v9.15.8
v9.16.0
v9.16.1
v9.16.10
v9.16.11
v9.16.12
v9.16.13
v9.16.16
v9.16.17
v9.16.18
v9.16.19
v9.16.2
v9.16.20
v9.16.21
v9.16.22
v9.16.23
v9.16.24
v9.16.25
v9.16.26
v9.16.27
v9.16.28
v9.16.29
v9.16.3
v9.16.30
v9.16.31
v9.16.32
v9.16.33
v9.16.34
v9.16.35
v9.16.36
v9.16.37
v9.16.38
v9.16.39
v9.16.4
v9.16.40
v9.16.41
v9.16.42
v9.16.43
v9.16.44
v9.16.45
v9.16.48
v9.16.49
v9.16.5
v9.16.50
v9.16.6
v9.16.7
v9.16.8
v9.16.9
v9.17.0
v9.17.1
v9.17.10
v9.17.11
v9.17.13
v9.17.14
v9.17.15
v9.17.16
v9.17.17
v9.17.18
v9.17.19
v9.17.2
v9.17.20
v9.17.21
v9.17.22
v9.17.3
v9.17.4
v9.17.5
v9.17.6
v9.17.7
v9.17.8
v9.17.9
v9.18.0
v9.18.1
v9.18.10
v9.18.11
v9.18.12
v9.18.13
v9.18.14
v9.18.15
v9.18.16
v9.18.17
v9.18.18
v9.18.19
v9.18.2
v9.18.20
v9.18.21
v9.18.24
v9.18.25
v9.18.26
v9.18.27
v9.18.28
v9.18.29
v9.18.3
v9.18.30
v9.18.31
v9.18.32
v9.18.33
v9.18.34
v9.18.35
v9.18.36
v9.18.37
v9.18.38
v9.18.39
v9.18.4
v9.18.41
v9.18.42
v9.18.43
v9.18.44
v9.18.45
v9.18.46
v9.18.47
v9.18.48
v9.18.5
v9.18.6
v9.18.7
v9.18.8
v9.18.9
v9.19.0
v9.19.1
v9.19.10
v9.19.11
v9.19.12
v9.19.13
v9.19.14
v9.19.15
v9.19.16
v9.19.17
v9.19.18
v9.19.19
v9.19.2
v9.19.21
v9.19.22
v9.19.23
v9.19.24
v9.19.3
v9.19.4
v9.19.5
v9.19.6
v9.19.7
v9.19.8
v9.19.9
v9.2.0
v9.2.0-P1
v9.2.0-P2
v9.2.0a1
v9.2.0a2
v9.2.0a3
v9.2.0b1
v9.2.0b2
v9.2.0rc1
v9.2.0rc10
v9.2.0rc2
v9.2.0rc3
v9.2.0rc4
v9.2.0rc5
v9.2.0rc6
v9.2.0rc7
v9.2.0rc8
v9.2.0rc9
v9.2.1
v9.2.1-P1
v9.2.1rc1
v9.2.1rc2
v9.2.2
v9.2.2-P1
v9.2.2-P2
v9.2.2-P3
v9.2.2rc1
v9.2.3
v9.2.3rc1
v9.2.3rc2
v9.2.3rc3
v9.2.3rc4
v9.2.4
v9.2.4rc1
v9.2.4rc2
v9.2.4rc3
v9.2.4rc4
v9.2.4rc5
v9.2.4rc6
v9.2.4rc7
v9.2.4rc8
v9.2.5
v9.2.5rc1
v9.2.6
v9.2.6-P1
v9.2.6-P2
v9.2.6b1
v9.2.6b2
v9.2.6rc1
v9.2.7
v9.2.7b1
v9.2.7rc1
v9.2.7rc2
v9.2.7rc3
v9.2.8
v9.2.8-P1
v9.2.9
v9.2.9b1
v9.2.9rc1
v9.20.0
v9.20.1
v9.20.10
v9.20.11
v9.20.12
v9.20.13
v9.20.15
v9.20.16
v9.20.17
v9.20.18
v9.20.19
v9.20.2
v9.20.20
v9.20.21
v9.20.22
v9.20.3
v9.20.4
v9.20.5
v9.20.6
v9.20.7
v9.20.8
v9.20.9
v9.21.0
v9.21.1
v9.21.10
v9.21.11
v9.21.12
v9.21.14
v9.21.15
v9.21.16
v9.21.17
v9.21.18
v9.21.19
v9.21.2
v9.21.20
v9.21.21
v9.21.3
v9.21.4
v9.21.5
v9.21.6
v9.21.7
v9.21.8
v9.21.9
v9.3.0
v9.3.0rc1
v9.3.0rc2
v9.3.0rc3
v9.3.0rc4
v9.3.1
v9.3.1rc1
v9.3.2
v9.3.2-P1
v9.3.2-P2
v9.3.2b1
v9.3.2b2
v9.3.2rc1
v9.3.3
v9.3.3b1
v9.3.3rc1
v9.3.3rc2
v9.3.3rc3
v9.3.4
v9.3.4-P1
v9.3.5
v9.3.5-P1
v9.3.5-P2
v9.3.5-P2-W1
v9.3.5-P2-W2
v9.3.5b1
v9.3.5rc1
v9.3.5rc2
v9.3.6
v9.3.6-P1
v9.3.6-P2
v9.3.6b1
v9.3.6rc1
v9.4-ESV
v9.4-ESV-R1
v9.4-ESV-R2
v9.4-ESV-R3
v9.4-ESV-R4
v9.4-ESV-R4-P1
v9.4-ESV-R5
v9.4-ESV-R5-P1
v9.4-ESV-R5b1
v9.4-ESV-R5rc1
v9.4-ESVb1
v9.4-ESVrc1
v9.4.0
v9.4.0a1
v9.4.0a2
v9.4.0a3
v9.4.0a4
v9.4.0a5
v9.4.0a6
v9.4.0b1
v9.4.0b2
v9.4.0b3
v9.4.0b4
v9.4.0rc1
v9.4.0rc2
v9.4.1
v9.4.1-P1
v9.4.2
v9.4.2-P1
v9.4.2-P2
v9.4.2-P2-W1
v9.4.2-P2-W2
v9.4.2b1
v9.4.2rc1
v9.4.2rc2
v9.4.3
v9.4.3-P1
v9.4.3-P2
v9.4.3-P3
v9.4.3-P4
v9.4.3-P5
v9.4.3b1
v9.4.3b2
v9.4.3b3
v9.4.3rc1
v9.4.4b1
v9.5.0
v9.5.0-P1
v9.5.0-P2
v9.5.0-P2-W1
v9.5.0-P2-W2
v9.5.0a1
v9.5.0a2
v9.5.0a3
v9.5.0a4
v9.5.0a5
v9.5.0a6
v9.5.0a7
v9.5.0b1
v9.5.0b2
v9.5.0b3
v9.5.0rc1
v9.5.1
v9.5.1-P1
v9.5.1-P2
v9.5.1-P3
v9.5.1b1
v9.5.1b2
v9.5.1b3
v9.5.1rc1
v9.5.1rc2
v9.5.2
v9.5.2-P1
v9.5.2-P2
v9.5.2-P3
v9.5.2-P4
v9.5.2b1
v9.5.2rc1
v9.5.3b1
v9.5.3rc1
v9.6-ESV
v9.6-ESV-R1
v9.6-ESV-R10
v9.6-ESV-R10-P1
v9.6-ESV-R10b1
v9.6-ESV-R10rc1
v9.6-ESV-R10rc2
v9.6-ESV-R11
v9.6-ESV-R11b1
v9.6-ESV-R11rc1
v9.6-ESV-R11rc2
v9.6-ESV-R2
v9.6-ESV-R3
v9.6-ESV-R4
v9.6-ESV-R4-P1
v9.6-ESV-R4-P2
v9.6-ESV-R4-P3
v9.6-ESV-R5
v9.6-ESV-R5-P1
v9.6-ESV-R5b1
v9.6-ESV-R5rc1
v9.6-ESV-R6
v9.6-ESV-R6b1
v9.6-ESV-R6rc1
v9.6-ESV-R6rc2
v9.6-ESV-R7
v9.6-ESV-R7-P1
v9.6-ESV-R7-P2
v9.6-ESV-R7-P3
v9.6-ESV-R7-P4
v9.6-ESV-R8
v9.6-ESV-R8b1
v9.6-ESV-R9
v9.6-ESV-R9-P1
v9.6-ESV-R9b1
v9.6-ESV-R9b2
v9.6-ESV-R9rc1
v9.6-ESV-R9rc2
v9.6.0
v9.6.0-P1
v9.6.0a1
v9.6.0b1
v9.6.0rc1
v9.6.0rc2
v9.6.1
v9.6.1-P1
v9.6.1-P2
v9.6.1-P3
v9.6.1b1
v9.6.1rc1
v9.6.2
v9.6.2-P1
v9.6.2-P2
v9.6.2-P3
v9.6.2b1
v9.6.2rc1
v9.6.3
v9.6.3b1
v9.6.3rc1
v9.7.0
v9.7.0-P1
v9.7.0-P2
v9.7.0a1
v9.7.0a2
v9.7.0a3
v9.7.0b1
v9.7.0b2
v9.7.0b3
v9.7.0rc1
v9.7.0rc2
v9.7.1
v9.7.1-P1
v9.7.1-P2
v9.7.1b1
v9.7.1rc1
v9.7.2
v9.7.2-P1
v9.7.2-P2
v9.7.2-P3
v9.7.2b1
v9.7.2rc1
v9.7.3
v9.7.3-P1
v9.7.3-P2
v9.7.3-P3
v9.7.3b1
v9.7.3rc1
v9.7.4
v9.7.4-P1
v9.7.4b1
v9.7.4rc1
v9.7.5
v9.7.5-W1
v9.7.5b1
v9.7.5rc1
v9.7.5rc2
v9.7.6
v9.7.6-P1
v9.7.6-P2
v9.7.6-P3
v9.7.6-P4
v9.7.7
v9.7.7b1
v9.7.7rc1
v9.8.0
v9.8.0-P1
v9.8.0-P2
v9.8.0-P3
v9.8.0-P4
v9.8.0a1
v9.8.0b1
v9.8.0rc1
v9.8.1
v9.8.1-P1
v9.8.1b1
v9.8.1b2
v9.8.1b3
v9.8.1rc1
v9.8.2
v9.8.2-W1
v9.8.2b1
v9.8.2rc1
v9.8.2rc2
v9.8.3
v9.8.3-P1
v9.8.3-P2
v9.8.3-P3
v9.8.3-P4
v9.8.4
v9.8.4-P1
v9.8.4-P2
v9.8.4b1
v9.8.4rc1
v9.8.5
v9.8.5-P1
v9.8.5-P2
v9.8.5b1
v9.8.5b2
v9.8.5rc1
v9.8.5rc2
v9.8.6
v9.8.6-P1
v9.8.6-P2
v9.8.6b1
v9.8.6rc1
v9.8.6rc2
v9.8.7
v9.8.7-P1
v9.8.7-W1
v9.8.7b1
v9.8.7rc1
v9.8.7rc2
v9.8.8
v9.8.8b1
v9.8.8b2
v9.8.8rc1
v9.8.8rc2
v9.8.9-P2
v9.9-ESV-R10-P2
v9.9.0
v9.9.0-W1
v9.9.0a1
v9.9.0a2
v9.9.0a3
v9.9.0b1
v9.9.0b2
v9.9.0rc1
v9.9.0rc2
v9.9.0rc3
v9.9.0rc4
v9.9.1
v9.9.1-P1
v9.9.1-P2
v9.9.1-P3
v9.9.1-P4
v9.9.2
v9.9.2-P1
v9.9.2-P2
v9.9.2b1
v9.9.2rc1
v9.9.3b1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25216.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.9.13-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.5-s3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.5-s5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.5-s6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.7-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.8-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.12-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.21-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.27-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.11.29-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.16.8-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.16.11-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.16.13-s1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1.1"
}
]
}
]