Vulnerabilities > CVE-2002-0029 - Buffer Overflow vulnerability in ISC BIND DNS Resolver

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
isc
astaro
nessus

Summary

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-196.NASL
    description[Bind version 9, the bind9 package, is not affected by these problems.] ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses. Circumstantial evidence suggests that the Internet Software Consortium (ISC), maintainers of BIND, was made aware of these issues in mid-October. Distributors of Open Source operating systems, including Debian, were notified of these vulnerabilities via CERT about 12 hours before the release of the advisories on November 12th. This notification did not include any details that allowed us to identify the vulnerable code, much less prepare timely fixes. Unfortunately ISS and the ISC released their security advisories with only descriptions of the vulnerabilities, without any patches. Even though there were no signs that these exploits are known to the black-hat community, and there were no reports of active attacks, such attacks could have been developed in the meantime - with no fixes available. We can all express our regret at the inability of the ironically named Internet Software Consortium to work with the Internet community in handling this problem. Hopefully this will not become a model for dealing with security issues in the future. The Common Vulnerabilities and Exposures (CVE) project identified the following vulnerabilities : - CAN-2002-1219: A buffer overflow in BIND 8 versions 8.3.3 and earlier allows a remote attacker to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). This buffer overflow can be exploited to obtain access to the victim host under the account the named process is running with, usually root. - CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3 allows a remote attacker to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. - CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows a remote attacker to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. These problems have been fixed in version 8.3.3-2.0woody1 for the current stable distribution (woody), in version 8.2.3-0.potato.3 for the previous stable distribution (potato) and in version 8.3.3-3 for the unstable distribution (sid). The fixed packages for unstable will enter the archive today.
    last seen2020-06-01
    modified2020-06-02
    plugin id15033
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15033
    titleDebian DSA-196-1 : bind - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-196. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15033);
      script_version("1.29");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2002-0029", "CVE-2002-1219", "CVE-2002-1220", "CVE-2002-1221");
      script_bugtraq_id(6159, 6160, 6161);
      script_xref(name:"CERT", value:"229595");
      script_xref(name:"CERT", value:"542971");
      script_xref(name:"CERT", value:"581682");
      script_xref(name:"CERT", value:"844360");
      script_xref(name:"CERT", value:"852283");
      script_xref(name:"DSA", value:"196");
    
      script_name(english:"Debian DSA-196-1 : bind - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "[Bind version 9, the bind9 package, is not affected by these
    problems.]
    
    ISS X-Force has discovered several serious vulnerabilities in the
    Berkeley Internet Name Domain Server (BIND). BIND is the most common
    implementation of the DNS (Domain Name Service) protocol, which is
    used on the vast majority of DNS servers on the Internet. DNS is a
    vital Internet protocol that maintains a database of easy-to-remember
    domain names (host names) and their corresponding numerical IP
    addresses.
    
    Circumstantial evidence suggests that the Internet Software Consortium
    (ISC), maintainers of BIND, was made aware of these issues in
    mid-October. Distributors of Open Source operating systems, including
    Debian, were notified of these vulnerabilities via CERT about 12 hours
    before the release of the advisories on November 12th. This
    notification did not include any details that allowed us to identify
    the vulnerable code, much less prepare timely fixes.
    
    Unfortunately ISS and the ISC released their security advisories with
    only descriptions of the vulnerabilities, without any patches. Even
    though there were no signs that these exploits are known to the
    black-hat community, and there were no reports of active attacks, such
    attacks could have been developed in the meantime - with no fixes
    available.
    
    We can all express our regret at the inability of the ironically named
    Internet Software Consortium to work with the Internet community in
    handling this problem. Hopefully this will not become a model for
    dealing with security issues in the future.
    
    The Common Vulnerabilities and Exposures (CVE) project identified the
    following vulnerabilities :
    
      - CAN-2002-1219: A buffer overflow in BIND 8 versions
        8.3.3 and earlier allows a remote attacker to execute
        arbitrary code via a certain DNS server response
        containing SIG resource records (RR). This buffer
        overflow can be exploited to obtain access to the victim
        host under the account the named process is running
        with, usually root.
      - CAN-2002-1220: BIND 8 versions 8.3.x through 8.3.3
        allows a remote attacker to cause a denial of service
        (termination due to assertion failure) via a request for
        a subdomain that does not exist, with an OPT resource
        record with a large UDP payload size.
    
      - CAN-2002-1221: BIND 8 versions 8.x through 8.3.3 allows
        a remote attacker to cause a denial of service (crash)
        via SIG RR elements with invalid expiry times, which are
        removed from the internal BIND database and later cause
        a null dereference.
    
    These problems have been fixed in version 8.3.3-2.0woody1 for the
    current stable distribution (woody), in version 8.2.3-0.potato.3 for
    the previous stable distribution (potato) and in version 8.3.3-3 for
    the unstable distribution (sid). The fixed packages for unstable will
    enter the archive today."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2002/dsa-196"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the bind package immediately, update to bind9, or switch to
    another DNS server implementation."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2002/11/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"2.2", prefix:"bind", reference:"8.2.3-0.potato.3")) flag++;
    if (deb_check(release:"2.2", prefix:"bind-dev", reference:"8.2.3-0.potato.3")) flag++;
    if (deb_check(release:"2.2", prefix:"bind-doc", reference:"8.2.3-0.potato.3")) flag++;
    if (deb_check(release:"2.2", prefix:"dnsutils", reference:"8.2.3-0.potato.3")) flag++;
    if (deb_check(release:"2.2", prefix:"task-dns-server", reference:"8.2.3-0.potato.3")) flag++;
    if (deb_check(release:"3.0", prefix:"bind", reference:"8.3.3-2.0woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"bind-dev", reference:"8.3.3-2.0woody1")) flag++;
    if (deb_check(release:"3.0", prefix:"bind-doc", reference:"8.3.3-2.0woody1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-383.NASL
    descriptionUpdated glibc packages that fix a security flaw in the resolver as well as dlclose handling are now available. The GNU libc packages (known as glibc) contain the standard C libraries used by applications. A security audit of the glibc packages in Red Hat Enterprise Linux 2.1 found a flaw in the resolver library which was originally reported as affecting versions of ISC BIND 4.9. This flaw also applied to glibc versions before 2.3.2. An attacker who is able to send DNS responses (perhaps by creating a malicious DNS server) could remotely exploit this vulnerability to execute arbitrary code or cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0029 to this issue. These updated packages also fix a dlclose function bug on certain shared libraries, which caused program crashes. All users of glibc should upgrade to these updated packages, which resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id14212
    published2004-08-05
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14212
    titleRHEL 2.1 : glibc (RHSA-2004:383)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2004:383. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14212);
      script_version ("1.33");
      script_cvs_date("Date: 2019/10/25 13:36:10");
    
      script_cve_id("CVE-2002-0029");
      script_xref(name:"CERT", value:"844360");
      script_xref(name:"RHSA", value:"2004:383");
    
      script_name(english:"RHEL 2.1 : glibc (RHSA-2004:383)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated glibc packages that fix a security flaw in the resolver as
    well as dlclose handling are now available.
    
    The GNU libc packages (known as glibc) contain the standard C
    libraries used by applications.
    
    A security audit of the glibc packages in Red Hat Enterprise Linux 2.1
    found a flaw in the resolver library which was originally reported as
    affecting versions of ISC BIND 4.9. This flaw also applied to glibc
    versions before 2.3.2. An attacker who is able to send DNS responses
    (perhaps by creating a malicious DNS server) could remotely exploit
    this vulnerability to execute arbitrary code or cause a denial of
    service. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) has assigned the name CVE-2002-0029 to this issue.
    
    These updated packages also fix a dlclose function bug on certain
    shared libraries, which caused program crashes.
    
    All users of glibc should upgrade to these updated packages, which
    resolve these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2002-0029"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:383"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2002/11/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/08/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2004:383";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-2.2.4-32.17")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i686", reference:"glibc-2.2.4-32.17")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-common-2.2.4-32.17")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-devel-2.2.4-32.17")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"glibc-profile-2.2.4-32.17")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"nscd-2.2.4-32.17")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-profile / nscd");
      }
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_BF2E7483D3FA440D8C6E8F1F2F018818.NASL
    descriptionTrevor Johnson reported that the Red Hat Linux RPMs used by linux_base contained multiple older vulnerabilities, such as a DNS resolver issue and critical bugs in X font handling and XPM image handling.
    last seen2020-06-01
    modified2020-06-02
    plugin id19106
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19106
    titleFreeBSD : linux_base -- vulnerabilities in Red Hat 7.1 libraries (bf2e7483-d3fa-440d-8c6e-8f1f2f018818)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19106);
      script_version("1.23");
      script_cvs_date("Date: 2019/08/02 13:32:37");
    
      script_cve_id("CVE-2002-0029", "CVE-2004-0083", "CVE-2004-0084", "CVE-2004-0106", "CVE-2004-0687", "CVE-2004-0688", "CVE-2004-0692", "CVE-2004-0914");
    
      script_name(english:"FreeBSD : linux_base -- vulnerabilities in Red Hat 7.1 libraries (bf2e7483-d3fa-440d-8c6e-8f1f2f018818)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Trevor Johnson reported that the Red Hat Linux RPMs used by linux_base
    contained multiple older vulnerabilities, such as a DNS resolver issue
    and critical bugs in X font handling and XPM image handling."
      );
      # http://fedoralegacy.org/updates/RH7.3/2004-10-23-FLSA_2004_1947__Updated_glibc_packages_fix_flaws.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ef55f8ae"
      );
      # http://rhn.redhat.com/errata/RHSA-2004-059.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:059"
      );
      # http://rhn.redhat.com/errata/RHSA-2004-478.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:478"
      );
      # http://rhn.redhat.com/errata/RHSA-2004-612.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2004:612"
      );
      # https://vuxml.freebsd.org/freebsd/bf2e7483-d3fa-440d-8c6e-8f1f2f018818.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?75c31f92"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux_base");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/06/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"linux_base<7.3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDNS
    NASL idBIND_STUB_RES.NASL
    descriptionThe remote BIND 4.x server, according to its version number, is vulnerable to a buffer overflow in the DNS stub resolver library. An attacker might use this flaw to execute arbitrary code on the remote host.
    last seen2020-06-01
    modified2020-06-02
    plugin id11857
    published2003-09-29
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11857
    titleISC BIND < 4.9.11 stub resolver (libresolv.a) DNS Response Overflow
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    if (description)
    {
     script_id(11857);
     script_version("1.22");
     script_cvs_date("Date: 2018/06/27 18:42:25");
    
     script_cve_id("CVE-2002-0029");
     script_bugtraq_id(6186);
     
     script_name(english:"ISC BIND < 4.9.11 stub resolver (libresolv.a) DNS Response Overflow");
     script_summary(english:"Checks that BIND is not version 4.9.2 through 4.9.10");
     
     script_set_attribute(attribute:"synopsis", value:
    "It is possible to use the remote name server to execute arbitrary code on
    the remote host." );
     script_set_attribute(attribute:"description", value:
    "The remote BIND 4.x server, according to its version number, is vulnerable 
    to a buffer overflow in the DNS stub resolver library.
    
    An attacker might use this flaw to execute arbitrary code on the remote host." );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to 4.9.11 or later in the 4.x branch, or consider upgrading 
    to a more recent release." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2003/09/29");
     script_set_attribute(attribute:"vuln_publication_date", value: "2002/11/12");
     script_set_attribute(attribute:"plugin_type", value:"remote");
     script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
     script_end_attributes();
     
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
     script_family(english: "DNS");
     script_dependencie("bind_version.nasl");
     script_require_keys("bind/version");
     exit(0);
    }
    
    vers = get_kb_item("bind/version");
    if(!vers)exit(0);
    if (vers =~ "^4\.9\.[2-9]") security_hole(53); 
    if (vers =~ "^4\.9\.10") security_hole(53);