Rewterz

Rewterz Threat Advisory – CVE-2021-29472 – PHP vulnerability allows supply-chain attacks

April 30, 2021
Rewterz

Rewterz Threat Alert – Stealthy RotaJakiro Backdoor Targeting Linux Systems

April 30, 2021

Rewterz Threat Advisory – CVE-2021-25215 – Red Hat Bind Vulnerability

Severity

High

Analysis Summary

CVE-2021-25215

A flaw exists in bind. The vulnerability exists due to an assertion check that can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself. An attacker can exploit this vulnerability to gain availability to the system.

Impact

System Breach

Affected Vendors

RedHat

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power
  • big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • little endian 7 ppc64le

Remediation

Download the latest patches and updates from https://bugzilla.redhat.com/show_bug.cgi?id=1953857

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.