A cache poisoning vulnerability has been identified in ISC BIND 9, specifically in versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, as well as in BIND Supported Preview Edition versions 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. The vulnerability arises from a weakness in the Pseudo Random Number Generator (PRNG), which can allow an attacker to predict the source port and query ID used by BIND. This predictability can be exploited to cache malicious responses, potentially leading to incorrect query results. While authoritative services are believed to be unaffected, the vulnerability does impact BIND resolvers.
Exploitation of this vulnerability allows for cache poisoning, where BIND is tricked into storing and reusing attacker-supplied responses. This can disrupt normal DNS resolution processes by introducing incorrect or malicious data into the cache.
Users are advised to upgrade to BIND 9.18.41, 9.20.15, or 9.21.14. For BIND Supported Preview Edition, upgrade to versions 9.18.41-S1 or 9.20.15-S1.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
