### [CVE-2021-25215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215) ![](https://img.shields.io/static/v1?label=Product&message=BIND9&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=Development%20Branch%209.17%209.17.0%20through%20versiosn%20before%209.17.12%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=Open%20Source%20Branches%209.0%20through%209.11%209.0.0%20through%20versions%20before%209.11.30%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=Open%20Source%20Branches%209.12%20through%209.16%209.12.0%20through%20versions%20before%209.16.14%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=Supported%20Preview%20Branch%209.16-S%209.16.8-S1%20through%20versions%20before%209.16.14-S1%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=Supported%20Preview%20Branches%209.9-S%20through%209.11-S%209.9.3-S1%20through%20versions%20before%209.11.30-S1%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=DNAME%20records%2C%20described%20in%20RFC%206672%2C%20provide%20a%20way%20to%20redirect%20a%20subtree%20of%20the%20domain%20name%20tree%20in%20the%20DNS.%20A%20flaw%20in%20the%20way%20named%20processes%20these%20records%20may%20trigger%20an%20attempt%20to%20add%20the%20same%20RRset%20to%20the%20ANSWER%20section%20more%20than%20once.%20This%20causes%20an%20assertion%20check%20in%20BIND%20to%20fail.%20%20DNAME%20records%20are%20processed%20by%20both%20authoritative%20and%20recursive%20servers.%20For%20authoritative%20servers%2C%20the%20DNAME%20record%20triggering%20the%20flaw%20can%20be%20retrieved%20from%20a%20zone%20database.%20For%20servers%20performing%20recursion%2C%20such%20a%20record%20is%20processed%20in%20the%20course%20of%20a%20query%20sent%20to%20an%20authoritative%20server.%20%20Affects%20BIND%209.0.0%20-%3E%209.11.29%2C%209.12.0%20-%3E%209.16.13%2C%20and%20versions%20BIND%209.9.3-S1%20-%3E%209.11.29-S1%20and%209.16.8-S1%20-%3E%209.16.13-S1%20of%20BIND%20Supported%20Preview%20Edition%2C%20as%20well%20as%20release%20versions%209.17.0%20-%3E%209.17.11%20of%20the%20BIND%209.17%20development%20branch.&color=brightgreen) ### Description In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. ### POC #### Reference - https://www.oracle.com/security-alerts/cpuoct2021.html #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/DButter/whitehat_public - https://github.com/Dokukin1/Metasploitable - https://github.com/Furious992/HW13-01 - https://github.com/Iknowmyname/Nmap-Scans-M2 - https://github.com/Maribel0370/Nebula-io - https://github.com/NikulinMS/13-01-hw - https://github.com/Zhivarev/13-01-hw - https://github.com/krlabs/dnsbind-vulnerabilities - https://github.com/lekctut/sdb-hw-13-01 - https://github.com/mrt2h/DZ - https://github.com/pedr0alencar/vlab-metasploitable2 - https://github.com/psmedley/bind-os2 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems - https://github.com/zzzWTF/db-13-01