Vulnerabilities > CVE-2006-4095 - Reachable Assertion vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200609-11.NASL description The remote host is affected by the vulnerability described in GLSA-200609-11 (BIND: Denial of Service) Queries for SIG records will cause an assertion error if more than one SIG RRset is returned. Additionally, an INSIST failure can be triggered by sending multiple recursive queries if the response to the query arrives after all the clients looking for the response have left the recursion queue. Impact : An attacker having access to a recursive server can crash the server by querying the SIG records where there are multiple SIG RRsets, or by sending many recursive queries in a short time. The exposure can be lowered by restricting the clients that can ask for recursion. An attacker can also crash an authoritative server serving a DNSSEC zone in which there are multiple SIG RRsets. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 22356 published 2006-09-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22356 title GLSA-200609-11 : BIND: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200609-11. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(22356); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-4095", "CVE-2006-4096"); script_xref(name:"GLSA", value:"200609-11"); script_name(english:"GLSA-200609-11 : BIND: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200609-11 (BIND: Denial of Service) Queries for SIG records will cause an assertion error if more than one SIG RRset is returned. Additionally, an INSIST failure can be triggered by sending multiple recursive queries if the response to the query arrives after all the clients looking for the response have left the recursion queue. Impact : An attacker having access to a recursive server can crash the server by querying the SIG records where there are multiple SIG RRsets, or by sending many recursive queries in a short time. The exposure can be lowered by restricting the clients that can ask for recursion. An attacker can also crash an authoritative server serving a DNSSEC zone in which there are multiple SIG RRsets. Workaround : There are no known workarounds at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200609-11" ); script_set_attribute( attribute:"solution", value: "All BIND 9.3 users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/bind-9.3.2-r4' All BIND 9.2 users should update to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/bind-9.2.6-r4'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/15"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-dns/bind", unaffected:make_list("ge 9.3.2-r4", "rge 9.2.6-r4"), vulnerable:make_list("lt 9.3.2-r4"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BIND"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_EF3306FC8F9B11DBAB33000E0C2E438A.NASL description Problem Description For a recursive DNS server, a remote attacker sending enough recursive queries for the replies to arrive after all the interested clients have left the recursion queue will trigger an INSIST failure in the named(8) daemon. Also for a recursive DNS server, an assertion failure can occur when processing a query whose reply will contain more than one SIG(covered) RRset. For an authoritative DNS server serving a RFC 2535 DNSSEC zone which is queried for the SIG records where there are multiple SIG(covered) RRsets (e.g. a zone apex), named(8) will trigger an assertion failure when it tries to construct the response. Impact An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service. An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server. Workaround A possible workaround is to only allow trusted clients to perform recursive queries. last seen 2020-06-01 modified 2020-06-02 plugin id 23953 published 2006-12-30 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23953 title FreeBSD : bind9 -- Denial of Service in named(8) (ef3306fc-8f9b-11db-ab33-000e0c2e438a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(23953); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-4095", "CVE-2006-4096"); script_bugtraq_id(19859); script_xref(name:"FreeBSD", value:"SA-06:20.bind"); script_name(english:"FreeBSD : bind9 -- Denial of Service in named(8) (ef3306fc-8f9b-11db-ab33-000e0c2e438a)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Problem Description For a recursive DNS server, a remote attacker sending enough recursive queries for the replies to arrive after all the interested clients have left the recursion queue will trigger an INSIST failure in the named(8) daemon. Also for a recursive DNS server, an assertion failure can occur when processing a query whose reply will contain more than one SIG(covered) RRset. For an authoritative DNS server serving a RFC 2535 DNSSEC zone which is queried for the SIG records where there are multiple SIG(covered) RRsets (e.g. a zone apex), named(8) will trigger an assertion failure when it tries to construct the response. Impact An attacker who can perform recursive lookups on a DNS server and is able to send a sufficiently large number of recursive queries, or is able to get the DNS server to return more than one SIG(covered) RRsets can stop the functionality of the DNS service. An attacker querying an authoritative DNS server serving a RFC 2535 DNSSEC zone may be able to crash the DNS server. Workaround A possible workaround is to only allow trusted clients to perform recursive queries." ); # https://vuxml.freebsd.org/freebsd/ef3306fc-8f9b-11db-ab33-000e0c2e438a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?911334f1" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bind9"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/06"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"bind9>=9.0<9.3.2.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-163.NASL description A vulnerability in BIND was discovered where it did not sufficiently verify particular requests and responses from other name servers and users. This could be exploited by sending a specially crafted packet to crash the name server. Updated packages have been patched to address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 23907 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23907 title Mandrake Linux Security Advisory : bind (MDKSA-2006:163) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:163. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(23907); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-4095", "CVE-2006-4096"); script_bugtraq_id(19859); script_xref(name:"MDKSA", value:"2006:163"); script_name(english:"Mandrake Linux Security Advisory : bind (MDKSA-2006:163)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in BIND was discovered where it did not sufficiently verify particular requests and responses from other name servers and users. This could be exploited by sending a specially crafted packet to crash the name server. Updated packages have been patched to address these issues." ); script_set_attribute( attribute:"solution", value:"Update the affected bind, bind-devel and / or bind-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/12/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"bind-9.3.1-4.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"bind-devel-9.3.1-4.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"bind-utils-9.3.1-4.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_BIND-2041.NASL description This update fixes two vulnerabilities in bind that allow a remote attacker to trigger a denial-of-service attack. (VU#697164 - BIND INSIST failure due to excessive recursive queries, VU#915404 - BIND assertion failure during SIG query processing) last seen 2020-06-01 modified 2020-06-02 plugin id 29384 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29384 title SuSE 10 Security Update : bind (ZYPP Patch Number 2041) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29384); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-4095", "CVE-2006-4096"); script_xref(name:"CERT", value:"697164"); script_xref(name:"CERT", value:"915404"); script_name(english:"SuSE 10 Security Update : bind (ZYPP Patch Number 2041)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update fixes two vulnerabilities in bind that allow a remote attacker to trigger a denial-of-service attack. (VU#697164 - BIND INSIST failure due to excessive recursive queries, VU#915404 - BIND assertion failure during SIG query processing)" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 2041."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLES10", sp:0, reference:"bind-9.3.2-17.7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
NASL family Fedora Local Security Checks NASL id FEDORA_2006-966.NASL description - Mon Sep 11 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.2-33 - added fix for CVE-2006-4095 - added bind to PreReq (#202542) - Fri Jul 21 2006 Jason Vas Dias <jvdias at redhat.com> - 30:9.3.2-32 - fix addenda to bug 189789: determination of selinux enabled was still not 100% correct in bind-chroot-admin - fix addenda to bug 196398: make named.init test for NetworkManager being enabled AFTER testing for -D absence; named.init now supports a last seen 2020-06-01 modified 2020-06-02 plugin id 24177 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24177 title Fedora Core 5 : bind-9.3.2-33.fc5 (2006-966) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-966. # include("compat.inc"); if (description) { script_id(24177); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_xref(name:"FEDORA", value:"2006-966"); script_name(english:"Fedora Core 5 : bind-9.3.2-33.fc5 (2006-966)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Sep 11 2006 Martin Stransky <stransky at redhat.com> - 30:9.3.2-33 - added fix for CVE-2006-4095 - added bind to PreReq (#202542) - Fri Jul 21 2006 Jason Vas Dias <jvdias at redhat.com> - 30:9.3.2-32 - fix addenda to bug 189789: determination of selinux enabled was still not 100% correct in bind-chroot-admin - fix addenda to bug 196398: make named.init test for NetworkManager being enabled AFTER testing for -D absence; named.init now supports a 'DISABLE_NAMED_DBUS' /etc/sysconfig/named setting to disable auto-enable of named dbus support if NetworkManager enabled. - Wed Jul 19 2006 Jason Vas Dias <jvdias at redhat.com> - 30:9.3.2-30 - fix bug 196398 - Enable -D option automatically in initscript if NetworkManager enabled in any runlevel. - fix bugs 191093, 189789 - fix bug 196962 (fixed by backported 9.3.3b1 fixes to lib/isc/unix/ifiter_ioctl.c) - backport selected fixes from upstream bind9 'v9_3_3b1' CVS version: ( see http://www.isc.org/sw/bind9.3.php 'Fixes' ): o change 2024 / bug 16027: named emitted spurious 'zone serial unchanged' messages on reload o change 2013 / bug 15941: handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully o change 2009 / bug 15808: coverity fixes o change 1997 / bug 15818: named was failing to replace negative cache entries when a positive one for the type was learnt o change 1994 / bug 15694: OpenSSL 0.9.8 support o change 1991 / bug 15813: The configuration data, once read, should be treated as readonly. o misc. validator fixes o misc. resolver fixes o misc. dns fixes o misc. isc fixes o misc. libbind fixes o misc. isccfg fix o misc. lwres fix o misc. named fixes o misc. dig fixes o misc. nsupdate fix o misc. tests fixes - Wed Jun 7 2006 Jeremy Katz <katzj at redhat.com> - 30:9.3.2-24.FC6 - and actually put the devel symlinks in the right subpackage - Thu May 25 2006 Jeremy Katz <katzj at redhat.com> - 30:9.3.2-23.FC6 - rebuild for -devel deps Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"http://www.isc.org/sw/bind9.3.php" ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-September/000598.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d12a9d2a" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-libbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:caching-nameserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"bind-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"bind-chroot-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"bind-debuginfo-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"bind-devel-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"bind-libbind-devel-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"bind-libs-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"bind-sdb-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"bind-utils-9.3.2-33.fc5")) flag++; if (rpm_check(release:"FC5", reference:"caching-nameserver-9.3.2-33.fc5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / etc"); }
NASL family DNS NASL id BIND9_DOS2.NASL description The version of BIND installed on the remote host suggests that it suffers from multiple denial of service vulnerabilities that could be triggered by either by sending a large volume of recursive queries or queries for SIG records where there are multiple SIG(covered) RRsets. Note that Nessus obtained the version by sending a special DNS request for the text last seen 2020-06-01 modified 2020-06-02 plugin id 22311 published 2006-09-07 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22311 title ISC BIND 9 Multiple Remote DoS NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1172.NASL description Two vulnerabilities have been discovered in BIND9, the Berkeley Internet Name Domain server. The first relates to SIG query processing and the second relates to a condition that can trigger an INSIST failure, both lead to a denial of service. last seen 2020-06-01 modified 2020-06-02 plugin id 22714 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22714 title Debian DSA-1172-1 : bind9 - programming error NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-257-01.NASL description New bind packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a Denial of Service issue. last seen 2020-06-01 modified 2020-06-02 plugin id 54866 published 2011-05-28 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/54866 title Slackware 10.0 / 10.1 / 10.2 / 9.0 / 9.1 / current : bind DoS (SSA:2006-257-01) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-343-1.NASL description bind did not sufficiently verify particular requests and responses from other name servers and users. By sending a specially crafted packet, a remote attacker could exploit this to crash the name server. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27922 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27922 title Ubuntu 5.04 / 5.10 / 6.06 LTS : bind9 vulnerabilities (USN-343-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2007-005.NASL description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. This update fixes security flaws in the following applications : Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN last seen 2020-06-01 modified 2020-06-02 plugin id 25297 published 2007-05-25 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25297 title Mac OS X Multiple Vulnerabilities (Security Update 2007-005)
Seebug
bulletinFamily | exploit |
description | Apple Mac OS X是一款基于BSD的商业性质的操作系统。 Apple Mac OS X存在多个安全问题,远程攻击者可以利用漏洞进行拒绝服务,执行任意代码,提升特权等攻击。 CVE-ID: CVE-2007-0740 Alias Manager在部分条件可以使用户打开恶意文件,导致特权提升。 CVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096: BIND服务程序存在多个安全问题,可导致拒绝服务攻击。 CVE-ID: CVE-2007-0750 CoreGraphics在打开特殊构建的PDF文件时可触发溢出,导致任意代码执行。 CVE-ID: CVE-2007-0751 当每日清楚脚本执行时,/tmp目录中的挂接的文件系统可被删除。 CVE-ID: CVE-2007-1558 fetchmail加密存在安全问题,可导致泄露密码信息。 CVE-ID: CVE-2007-1536 运行file命令打开特殊构建的文件可导致任意代码执行或拒绝服务攻击。 CVE-ID: CVE-2007-2390 iChat用于在家用NAT网关上建立端口映射的UPnP IGD代码存在缓冲区溢出,构建恶意报文可导致任意代码执行。 CVE-ID: CVE-2007-0752 PPP守护进程在通过命令行装载插件时可导致特权提升。 CVE-ID: CVE-2006-5467, CVE-2006-6303 Ruby CGI库存在多个拒绝服务攻击。 CVE-ID: CVE-2006-4573 GNU Screen存在多个拒绝服务问题。 CVE-ID: CVE-2005-3011 texinfo存在漏洞允许任意文件被覆盖。 CVE-ID: CVE-2007-0753 vpnd存在格式串问题,可用于提升特权。 Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X Preview.app 3.0.8 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 升级程序: Apple Mac OS X Server 10.3.9 * Apple SecUpdSrvr2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&cat=</a> 1&platform=osx&method=sa/SecUpdSrvr2007-005Pan.dmg Apple Mac OS X 10.3.9 * Apple SecUpd2007-005Pan.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Pan.dmg Apple Mac OS X Server 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Univ.dmg Apple Mac OS X 10.4.9 * Apple SecUpd2007-005Ti.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Ti.dmg * Apple SecUpd2007-005Univ.dmg <a href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=" target="_blank">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Univ.dmg |
id | SSV:1795 |
last seen | 2017-11-19 |
modified | 2007-05-25 |
published | 2007-05-25 |
reporter | Root |
title | Apple Mac OS X 2007-005多个安全漏洞 |
Statements
contributor | Mark J Cox |
lastmodified | 2006-09-06 |
organization | Red Hat |
statement | Not Vulnerable. The version of BIND that ships with Red Hat Enterprise Linux is not vulnerable to this issue as it does not handle signed RR records. |
References
- http://docs.info.apple.com/article.html?artnum=305530
- http://docs.info.apple.com/article.html?artnum=305530
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://lists.apple.com/archives/security-announce/2007/May/msg00004.html
- http://secunia.com/advisories/21752
- http://secunia.com/advisories/21752
- http://secunia.com/advisories/21786
- http://secunia.com/advisories/21786
- http://secunia.com/advisories/21816
- http://secunia.com/advisories/21816
- http://secunia.com/advisories/21818
- http://secunia.com/advisories/21818
- http://secunia.com/advisories/21828
- http://secunia.com/advisories/21828
- http://secunia.com/advisories/21835
- http://secunia.com/advisories/21835
- http://secunia.com/advisories/21838
- http://secunia.com/advisories/21838
- http://secunia.com/advisories/21912
- http://secunia.com/advisories/21912
- http://secunia.com/advisories/21926
- http://secunia.com/advisories/21926
- http://secunia.com/advisories/22298
- http://secunia.com/advisories/22298
- http://secunia.com/advisories/24950
- http://secunia.com/advisories/24950
- http://secunia.com/advisories/25402
- http://secunia.com/advisories/25402
- http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc
- http://security.freebsd.org/advisories/FreeBSD-SA-06:20.bind.asc
- http://security.gentoo.org/glsa/glsa-200609-11.xml
- http://security.gentoo.org/glsa/glsa-200609-11.xml
- http://securitytracker.com/id?1016794
- http://securitytracker.com/id?1016794
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.481241
- http://www.kb.cert.org/vuls/id/915404
- http://www.kb.cert.org/vuls/id/915404
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:163
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:163
- http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
- http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://www.novell.com/linux/security/advisories/2006_24_sr.html
- http://www.novell.com/linux/security/advisories/2006_24_sr.html
- http://www.openbsd.org/errata.html
- http://www.openbsd.org/errata.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.019.html
- http://www.securityfocus.com/archive/1/445600/100/0/threaded
- http://www.securityfocus.com/archive/1/445600/100/0/threaded
- http://www.securityfocus.com/bid/19859
- http://www.securityfocus.com/bid/19859
- http://www.ubuntu.com/usn/usn-343-1
- http://www.ubuntu.com/usn/usn-343-1
- http://www.us.debian.org/security/2006/dsa-1172
- http://www.us.debian.org/security/2006/dsa-1172
- http://www.vupen.com/english/advisories/2006/3473
- http://www.vupen.com/english/advisories/2006/3473
- http://www.vupen.com/english/advisories/2007/1401
- http://www.vupen.com/english/advisories/2007/1401
- http://www.vupen.com/english/advisories/2007/1939
- http://www.vupen.com/english/advisories/2007/1939
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28745
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28745
- https://issues.rpath.com/browse/RPL-626
- https://issues.rpath.com/browse/RPL-626
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144
- https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144