BIND»º³åÇøÒç¶Âí½Å£¨CVE-2021-25216£©

°ä²¼¹¦·ò 2021-04-30

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2021-25216

ʱ   ¼ä

2021-04-30

Àà   ÐÍ

»º³åÇøÒç³ö

µÈ    ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

·ñ

 

0x01 ·ì϶ÏêÇé

image.png

BIND£¨Berkeley Internet Name Domain £¬²®¿ËÀûÒòÌØÍøÃû³ÆÓò£©·þÎñÊÇÈ«ÇòÁìÓòÄÚʹÓÃ×î¿í·º¡¢ ×ȫ¿¿µÃסÇÒ¸ßЧµÄÓòÃû½âÎö·þÎñ·¨Ê½¡£

2021Äê04ÔÂ28ÈÕ £¬ISC°ä²¼°²È«²¼¸æ £¬¹«¿ªÁËBINDÖеÄÒ»¸ö»º³åÇøÒç¶Âí½Å£¨CVE-2021-25216£© £¬¸Ã·ì϶µÄCVSSÆÀ·ÖΪ8.1¡£¹¥»÷ÕßÄܹ»ÀûÓô˷ì϶´¥·¢»º³åÇøÒç³ö £¬×îÖÕµ¼Ö·þÎñÆ÷±ÀÀ£»òÔ¶³Ì´úÂëÖ´ÐС£

 

·ì϶ϸ½Ú

¸Ã·ì϶´æÔÚÓÚBINDʹÓõÄSPNEGOÖÐ £¬ÈôÊÇBIND·þÎñÆ÷ÅäÖÃΪʹÓÃGSS-TSIGÖ°ÄÜ £¬Ôò´æÔÚ´Ë·ì϶¡£GSS-TSIGÊǶÔTSIGºÍ̸µÄÀ©´ó £¬Ö¼ÔÚÖ§³Ö°²È«»¥»»ÃÜÔ¿ £¬ÓÃÓÚÑéÖ¤ÍøÂçÉϸ÷·½Ö®¼äͨѶµÄÕæÊµÐÔ £¬SPNEGOÊÇGSSAPIʹÓõÄÒ»ÖÖЭÉÌ»úÔì £¬ÊÇGSS-TSIGµÄÀûÓúÍ̸½Ó¿Ú¡£

BINDĬÈÏÅäÖò»»á¶³öÒ×Êܹ¥»÷µÄ´úÂëõè¾¶ £¬µ«Í¨¹ýÉèÖÃtkey-gssapi-keytab»òtkey-gssapi-credentialÅäÖÃÑ¡ÏîµÄÖµ £¬Äܹ»Ê¹·þÎñÆ÷Êܵ½¹¥»÷¡£´Ë±í £¬GSS-TSIGʱʱ±»ÓÃÓÚBINDÓëSamba¼¯³ÉµÄÍøÂçÖÐ £¬ÒÔ¼°BIND·þÎñÆ÷ÓëActive DirectoryÓò½ÚÔìÆ÷½áºÏµÄ»ìºÏ·þÎñÆ÷»·¾³ÖÐ £¬ÕâÖÖ»·¾³ÏµÄISC SPNEGOÈÝÒ×Êܵ½Õë¶Ô´Ë·ì϶µÄ¹¥»÷ £¬¾ßÌåÓ°ÏìÈ¡¾öÓÚBINDËùʹÓõÄCPU¼Ü¹¹£º

Named£¨64룩£ºCVSSÆÀ·Ö7.4 £¬´Ë·ì϶¿É´¥·¢»º³åÇøÒç³ö £¬´Ó¶øµ¼Ö·þÎñÆ÷±ÀÀ£¡£

Named£¨32룩£ºCVSSÆÀ·Ö8.1 £¬´Ë·ì϶¿É´¥·¢»º³åÇøÒç³öµ¼Ö·þÎñÆ÷±ÀÀ£ £¬²¢Ô¶³ÌÖ´ÐдúÂë¡£

 

Ó°ÏìÁìÓò

BIND 9.5.0 - 9.11.29

BIND 9.12.0- 9.16.13

BINDÖ§³ÖµÄÔ¤ÀÀ°æ9.11.3-S1 - 9.11.29-S1ºÍ 9.16.8-S1 - 9.16.13-S1

ÒÔ¼°BIND 9.17·ÖÖ§¿¯ÐаæBIND 9.17.0 - 9.17.1¡£

 

0x02 ´ëÖý¨Òé

Ŀǰ´Ë·ì϶ÒѾ­½¨¸´ £¬½¨ÒéÉý¼¶µ½ÒÔϰ汾£º

BIND 9.11.31

BIND 9.16.15

BINDÖ§³ÖµÄÔ¤ÀÀ°æ£¨ºÏÓÃÓÚÇкÏǰÌáµÄISCÖ§³Ö¿Í»§£©£º

BIND 9.11.31-S1

BIND 9.16.15-S1

 

½â¾ö²½Ö裺

´Ë·ì϶½öÓ°ÏìÅäÖÃΪʹÓÃGSS-TSIGµÄ·þÎñÆ÷ £¬Äܹ»Í¨¹ýÑ¡Ôñ²»ÆôÓÃGSS-TSIGÖ°ÄÜÀ´Ô¤·À¸Ã·ì϶¡£

ÔÚ2021Äê4ÔµÄBIND°ä²¼Ö®ºó £¬ËùÓÐÖ§³ÖµÄ·ÖÖ§¶¼É¾³ýÁËisc-spnego £¬ÒÔÔ¤·À´Ë·ì϶ £¬µ«±ØÒªÏµÍ³Ê¹ÓÃÆäËü¿âºÍÍ·ÎļþÀ´Ö§³ÖGSS-TSIGÖ°ÄÜ £¬³ý·ÇÔÚÑ¡Ôñ¹¹½¨Ñ¡ÏîʱÏò./configure¾ç±¾Ìṩ--without-gssapi²ÎÊýÀ´½ûÓÃÕâÖÖÖ°ÄÜ¡£

 

ÏÂÔØÁ´½Ó£º

https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11_31/HISTORY.md

https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_16_15/HISTORY.md

 

0x03 ²Î¿¼Á´½Ó

https://kb.isc.org/docs/cve-2021-25216

https://us-cert.cisa.gov/ncas/current-activity/2021/04/29/isc-releases-security-advisory-bind

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216

 

0x04 ¹¦·òÏß

2021-04-28  ISC°ä²¼°²È«²¼¸æ

2021-04-30  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png