Vulnerabilities > CVE-2007-2241 - Denial Of Service vulnerability in ISC BIND Query_AddSOA
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. Successful exploitation requires that "recursion" is enabled.
Nessus
NASL family DNS NASL id BIND9_QUERY_ADDSOA_DOS.NASL description The version of BIND installed on the remote host reportedly is affected by a denial of service vulnerability that may be triggered when handling certain sequences of recursive queries. last seen 2020-06-01 modified 2020-06-02 plugin id 25121 published 2007-05-01 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25121 title ISC BIND < 9.4.1 / 9.5.0a4 query.c query_addsoa Function Recursive Query DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(25121); script_version("1.21"); script_cvs_date("Date: 2018/11/15 20:50:21"); script_cve_id("CVE-2007-2241"); script_bugtraq_id(23738); script_name(english:"ISC BIND < 9.4.1 / 9.5.0a4 query.c query_addsoa Function Recursive Query DoS"); script_summary(english:"Checks version of BIND"); script_set_attribute(attribute:"synopsis", value:"The remote name server is prone to a denial of service attack."); script_set_attribute(attribute:"description", value: "The version of BIND installed on the remote host reportedly is affected by a denial of service vulnerability that may be triggered when handling certain sequences of recursive queries."); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bind-users&m=117781099030155&w=2"); # https://kb.isc.org/article/AA-00919/0/CVE-2007-2241%3A-Sequence-of-queries-can-cause-a-recursive-nameserver-to-exit.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f6288c32"); script_set_attribute(attribute:"see_also", value:"https://marc.info/?l=bind-announce&m=117798912418849&w=2" ); script_set_attribute(attribute:"solution", value:"Either disable recursion or upgrade to BIND 9.4.1 / 9.5.0a4 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/01"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"DNS"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("bind_version.nasl"); script_require_keys("bind/version", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); ver = get_kb_item("bind/version"); if (ver && ver =~ "^9\.(4\.0[^0-9]?|5\.0a[1-3])") security_hole(port:53, proto:"udp");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-100.NASL description A vulnerability in ISC BIND 9.4.0, when recursion is enabled, could allow a remote attacker to cause a denial of service (daemon exit) via a certain sequence of queries. BIND 9.4.1, which corrects this issue, is provided with this update. last seen 2020-06-01 modified 2020-06-02 plugin id 37907 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37907 title Mandrake Linux Security Advisory : bind (MDKSA-2007:100) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:100. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(37907); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-2241"); script_xref(name:"MDKSA", value:"2007:100"); script_name(english:"Mandrake Linux Security Advisory : bind (MDKSA-2007:100)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in ISC BIND 9.4.0, when recursion is enabled, could allow a remote attacker to cause a denial of service (daemon exit) via a certain sequence of queries. BIND 9.4.1, which corrects this issue, is provided with this update." ); script_set_attribute( attribute:"solution", value:"Update the affected bind, bind-devel and / or bind-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.1", reference:"bind-9.4.1-0.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"bind-devel-9.4.1-0.1mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"bind-utils-9.4.1-0.1mdv2007.1", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2020-0021. # include("compat.inc"); if (description) { script_id(137170); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740", "CVE-2018-5743", "CVE-2020-8616", "CVE-2020-8617"); script_bugtraq_id(19859, 25037, 27283, 30131, 33151, 35848, 37118, 37865, 46491, 48007, 48566, 51898, 53772, 54658, 55522, 55852, 56817, 57556, 58736, 61479, 64801, 71590, 72673, 75588); script_name(english:"OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000984.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000981.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000982.html" ); script_set_attribute( attribute:"solution", value:"Update the affected bind-libs / bind-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(16, 189, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/06"); script_set_attribute(attribute:"patch_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"bind-libs-9.8.2-0.68.rc1.el6_10.7")) flag++; if (rpm_check(release:"OVS3.3", reference:"bind-utils-9.8.2-0.68.rc1.el6_10.7")) flag++; if (rpm_check(release:"OVS3.4", reference:"bind-libs-9.8.2-0.68.rc1.el6_10.7")) flag++; if (rpm_check(release:"OVS3.4", reference:"bind-utils-9.8.2-0.68.rc1.el6_10.7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind-libs / bind-utils"); }NASL family Fedora Local Security Checks NASL id FEDORA_2007-0300.NASL description #236426 - improved zone-finding on server side (rndc freeze works better) #235809 - fixed race-condition in dbus code #241103 - fixed typo in bind-chroot-admin #239802 - start using deprecated LDAP API #239149 - handle dynamic zone updates CVE-2007-2241 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27657 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27657 title Fedora 7 : bind-9.4.1-4.fc7 (2007-0300) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-0300. # include("compat.inc"); if (description) { script_id(27657); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-2241"); script_xref(name:"FEDORA", value:"2007-0300"); script_name(english:"Fedora 7 : bind-9.4.1-4.fc7 (2007-0300)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "#236426 - improved zone-finding on server side (rndc freeze works better) #235809 - fixed race-condition in dbus code #241103 - fixed typo in bind-chroot-admin #239802 - start using deprecated LDAP API #239149 - handle dynamic zone updates CVE-2007-2241 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-June/001893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1c322ae4" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:caching-nameserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"bind-9.4.1-4.fc7")) flag++; if (rpm_check(release:"FC7", reference:"bind-chroot-9.4.1-4.fc7")) flag++; if (rpm_check(release:"FC7", reference:"bind-debuginfo-9.4.1-4.fc7")) flag++; if (rpm_check(release:"FC7", reference:"bind-devel-9.4.1-4.fc7")) flag++; if (rpm_check(release:"FC7", reference:"bind-libs-9.4.1-4.fc7")) flag++; if (rpm_check(release:"FC7", reference:"bind-sdb-9.4.1-4.fc7")) flag++; if (rpm_check(release:"FC7", reference:"bind-utils-9.4.1-4.fc7")) flag++; if (rpm_check(release:"FC7", reference:"caching-nameserver-9.4.1-4.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc"); }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2017-0066. # include("compat.inc"); if (description) { script_id(99569); script_version("3.5"); script_cvs_date("Date: 2019/09/27 13:00:35"); script_cve_id("CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137"); script_bugtraq_id(19859, 25037, 27283, 30131, 33151, 35848, 37118, 37865, 46491, 48007, 48566, 51898, 53772, 54658, 55522, 55852, 56817, 57556, 58736, 61479, 64801, 71590, 72673, 75588); script_xref(name:"IAVA", value:"2008-A-0045"); script_xref(name:"IAVA", value:"2017-A-0004"); script_name(english:"OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000681.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cd826bc7" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000680.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?67f77036" ); script_set_attribute( attribute:"solution", value:"Update the affected bind-libs / bind-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(16, 189, 200, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "(3\.3|3\.4)" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3 / 3.4", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"bind-libs-9.8.2-0.62.rc1.el6_9.1")) flag++; if (rpm_check(release:"OVS3.3", reference:"bind-utils-9.8.2-0.62.rc1.el6_9.1")) flag++; if (rpm_check(release:"OVS3.4", reference:"bind-libs-9.8.2-0.62.rc1.el6_9.1")) flag++; if (rpm_check(release:"OVS3.4", reference:"bind-utils-9.8.2-0.62.rc1.el6_9.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind-libs / bind-utils"); }
Statements
| contributor | Mark J Cox |
| lastmodified | 2007-05-03 |
| organization | Red Hat |
| statement | Not vulnerable. These issues did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
References
- http://osvdb.org/34748
- http://secunia.com/advisories/25070
- http://www.isc.org/index.pl?/sw/bind/bind-security.php
- http://www.kb.cert.org/vuls/id/718460
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:100
- http://www.securityfocus.com/bid/23738
- http://www.securitytracker.com/id?1017985
- http://www.vupen.com/english/advisories/2007/1593
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33988