Vulnerabilities > CVE-2008-0122 - Numeric Errors vulnerability in ISC Bind

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
isc
CWE-189
nessus
NVD
Published: 2008-01-16
Updated: 2024-11-21

Summary

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

Vulnerable Configurations

Part Description Count
Application
Isc
536
OS
Freebsd
42

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0300.NASL
    descriptionUpdated bind packages that fix two security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that the bind packages created the
    last seen2020-06-01
    modified2020-06-02
    plugin id32424
    published2008-05-22
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32424
    titleRHEL 5 : bind (RHSA-2008:0300)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2008:0300. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(32424);
  script_version ("1.24");
  script_cvs_date("Date: 2019/10/25 13:36:13");

  script_cve_id("CVE-2007-6283", "CVE-2008-0122");
  script_bugtraq_id(27283);
  script_xref(name:"RHSA", value:"2008:0300");

  script_name(english:"RHEL 5 : bind (RHSA-2008:0300)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated bind packages that fix two security issues, several bugs, and
add enhancements are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
(named); a resolver library (routines for applications to use when
interfacing with DNS); and tools for verifying that the DNS server is
operating correctly.

It was discovered that the bind packages created the 'rndc.key' file
with insecure file permissions. This allowed any local user to read
the content of this file. A local user could use this flaw to control
some aspects of the named daemon by using the rndc utility, for
example, stopping the named daemon. This problem did not affect
systems with the bind-chroot package installed. (CVE-2007-6283)

A buffer overflow flaw was discovered in the 'inet_network()'
function, as implemented by libbind. An attacker could use this flaw
to crash an application calling this function, with an argument
provided from an untrusted source. (CVE-2008-0122)

As well, these updated packages fix the following bugs :

* when using an LDAP backend, missing function declarations caused
segmentation faults, due to stripped pointers on machines where
pointers are longer than integers.

* starting named may have resulted in named crashing, due to a race
condition during D-BUS connection initialization. This has been
resolved in these updated packages.

* the named init script returned incorrect error codes, causing the
'status' command to return an incorrect status. In these updated
packages, the named init script is Linux Standard Base (LSB)
compliant.

* in these updated packages, the 'rndc [command] [zone]' command,
where [command] is an rndc command, and [zone] is the specified zone,
will find the [zone] if the zone is unique to all views.

* the default named log rotation script did not work correctly when
using the bind-chroot package. In these updated packages, installing
bind-chroot creates the symbolic link '/var/log/named.log', which
points to '/var/named/chroot/var/log/named.log', which resolves this
issue.

* a previous bind update incorrectly changed the permissions on the
'/etc/openldap/schema/dnszone.schema' file to mode 640, instead of
mode 644, which resulted in OpenLDAP not being able to start. In these
updated packages, the permissions are correctly set to mode 644.

* the 'checkconfig' parameter was missing in the named usage report.
For example, running the 'service named' command did not return
'checkconfig' in the list of available options.

* due to a bug in the named init script not handling the rndc return
value correctly, the 'service named stop' and 'service named restart'
commands failed on certain systems.

* the bind-chroot spec file printed errors when running the '%pre' and
'%post' sections. Errors such as the following occurred :

Locating //etc/named.conf failed: [FAILED]

This has been resolved in these updated packages.

* installing the bind-chroot package creates a '/dev/random' file in
the chroot environment; however, the '/dev/random' file had an
incorrect SELinux label. Starting named resulted in an 'avc: denied {
getattr } for pid=[pid] comm='named' path='/dev/random'' error being
logged. The '/dev/random' file has the correct SELinux label in these
updated packages.

* in certain situations, running the 'bind +trace' command resulted in
random segmentation faults.

As well, these updated packages add the following enhancements :

* support has been added for GSS-TSIG (RFC 3645).

* the 'named.root' file has been updated to reflect the new address
for L.ROOT-SERVERS.NET.

* updates BIND to the latest 9.3 maintenance release.

All users of bind are advised to upgrade to these updated packages,
which resolve these issues and add these enhancements."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2007-6283"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2008-0122"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2008:0300"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(189, 200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-chroot");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libbind-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-sdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:caching-nameserver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2008:0300";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", reference:"bind-devel-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", reference:"bind-libbind-devel-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", reference:"bind-libs-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-utils-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-utils-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-utils-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++;
  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libbind-devel / bind-libs / etc");
  }
}
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BIND-4931.NASL
    descriptionCertain input data could trigger a buffer overflow in the
    last seen2020-06-01
    modified2020-06-02
    plugin id31449
    published2008-03-13
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31449
    titleopenSUSE 10 Security Update : bind (bind-4931)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update bind-4931.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(31449);
  script_version ("1.8");
  script_cvs_date("Date: 2019/10/25 13:36:32");

  script_cve_id("CVE-2008-0122");

  script_name(english:"openSUSE 10 Security Update : bind (bind-4931)");
  script_summary(english:"Check for the bind-4931 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Certain input data could trigger a buffer overflow in the
'inet_network' function of libbind. Applications that use this
function could therefore potentially be crashed or exploited to
execute arbitrary code. Bind itself is not affected though
(CVE-2008-0122)."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected bind packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(189);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-chrootenv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-lwresd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE10.1", reference:"bind-9.3.2-17.20") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"bind-chrootenv-9.3.2-17.20") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"bind-devel-9.3.2-17.20") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"bind-libs-9.3.2-17.20") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"bind-lwresd-9.3.2-17.20") ) flag++;
if ( rpm_check(release:"SUSE10.1", reference:"bind-utils-9.3.2-17.20") ) flag++;
if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"bind-libs-32bit-9.3.2-17.20") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"bind-9.3.2-56.5") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"bind-chrootenv-9.3.2-56.5") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"bind-devel-9.3.2-56.5") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"bind-libs-9.3.2-56.5") ) flag++;
if ( rpm_check(release:"SUSE10.2", reference:"bind-utils-9.3.2-56.5") ) flag++;
if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"bind-libs-32bit-9.3.2-56.5") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"bind-9.4.1.P1-12.2") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"bind-chrootenv-9.4.1.P1-12.2") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"bind-devel-9.4.1.P1-12.2") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"bind-libs-9.4.1.P1-12.2") ) flag++;
if ( rpm_check(release:"SUSE10.3", reference:"bind-utils-9.4.1.P1-12.2") ) flag++;
if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"bind-libs-32bit-9.4.1.P1-12.2") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chrootenv / bind-devel / bind-libs / bind-libs-32bit / etc");
}
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080521_BIND_ON_SL5_X.NASL
    descriptionIt was discovered that the bind packages created the
    last seen2020-06-01
    modified2020-06-02
    plugin id60402
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60402
    titleScientific Linux Security Update : bind on SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60402);
  script_version("1.6");
  script_cvs_date("Date: 2019/10/25 13:36:17");

  script_cve_id("CVE-2007-6283", "CVE-2008-0122");

  script_name(english:"Scientific Linux Security Update : bind on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the bind packages created the 'rndc.key' file
with insecure file permissions. This allowed any local user to read
the content of this file. A local user could use this flaw to control
some aspects of the named daemon by using the rndc utility, for
example, stopping the named daemon. This problem did not affect
systems with the bind-chroot package installed. (CVE-2007-6283)

A buffer overflow flaw was discovered in the 'inet_network()'
function, as implemented by libbind. An attacker could use this flaw
to crash an application calling this function, with an argument
provided from an untrusted source. (CVE-2008-0122)

As well, these updated packages fix the following bugs :

  - when using an LDAP backend, missing function
    declarations caused segmentation faults, due to stripped
    pointers on machines where pointers are longer than
    integers.

  - starting named may have resulted in named crashing, due
    to a race condition during D-BUS connection
    initialization. This has been resolved in these updated
    packages.

  - the named init script returned incorrect error codes,
    causing the 'status' command to return an incorrect
    status. In these updated packages, the named init script
    is Linux Standard Base (LSB) compliant.

  - in these updated packages, the 'rndc [command] [zone]'
    command, where [command] is an rndc command, and [zone]
    is the specified zone, will find the [zone] if the zone
    is unique to all views.

  - the default named log rotation script did not work
    correctly when using the bind-chroot package. In these
    updated packages, installing bind-chroot creates the
    symbolic link '/var/log/named.log', which points to
    '/var/named/chroot/var/log/named.log', which resolves
    this issue.

  - a previous bind update incorrectly changed the
    permissions on the '/etc/openldap/schema/dnszone.schema'
    file to mode 640, instead of mode 644, which resulted in
    OpenLDAP not being able to start. In these updated
    packages, the permissions are correctly set to mode 644.

  - the 'checkconfig' parameter was missing in the named
    usage report. For example, running the 'service named'
    command did not return 'checkconfig' in the list of
    available options.

  - due to a bug in the named init script not handling the
    rndc return value correctly, the 'service named stop'
    and 'service named restart' commands failed on certain
    systems.

  - the bind-chroot spec file printed errors when running
    the '%pre' and '%post' sections. Errors such as the
    following occurred :

Locating //etc/named.conf failed: [FAILED]

This has been resolved in these updated packages.

  - installing the bind-chroot package creates a
    '/dev/random' file in the chroot environment; however,
    the '/dev/random' file had an incorrect SELinux label.
    Starting named resulted in an 'avc: denied { getattr }
    for pid=[pid] comm='named' path='/dev/random'' error
    being logged. The '/dev/random' file has the correct
    SELinux label in these updated packages.

  - in certain situations, running the 'bind +trace' command
    resulted in random segmentation faults.

As well, these updated packages add the following enhancements :

  - support has been added for GSS-TSIG (RFC 3645).

  - the 'named.root' file has been updated to reflect the
    new address for L.ROOT-SERVERS.NET.

  - updates BIND to the latest 9.3 maintenance release."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0805&L=scientific-linux-errata&T=0&P=1821
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7b2d3a59"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_cwe_id(189, 200);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"bind-9.3.4-6.P1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"bind-devel-9.3.4-6.P1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"bind-libbind-devel-9.3.4-6.P1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"bind-libs-9.3.4-6.P1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"bind-utils-9.3.4-6.P1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_109152.NASL
    descriptionSunOS 5.8: /usr/4lib/libc.so.x.9 and libdb. Date this patch was last updated by Sun : Jun/04/08
    last seen2020-06-01
    modified2020-06-02
    plugin id13315
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13315
    titleSolaris 8 (sparc) : 109152-03
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_111327.NASL
    descriptionSunOS 5.8: libsocket patch. Date this patch was last updated by Sun : Jun/06/08
    last seen2020-06-01
    modified2020-06-02
    plugin id33211
    published2008-06-18
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33211
    titleSolaris 8 (sparc) : 111327-06
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-6281.NASL
    description9.5.0-P1 release which contains fix for CVE-2008-1447. This update also fixes parsing of inner ACLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id33470
    published2008-07-10
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33470
    titleFedora 8 : bind-9.5.0-28.P1.fc8 (2008-6281)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-0904.NASL
    description - CVE-2008-0122, libbind.so off-by-one buffer overflow, very low severity Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30081
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30081
    titleFedora 7 : bind-9.4.2-3.fc7 (2008-0904)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-0903.NASL
    description - CVE-2008-0122, libbind.so off-by-one buffer overflow, very low severity Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30080
    published2008-01-27
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30080
    titleFedora 8 : bind-9.5.0-23.b1.fc8 (2008-0903)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_109327.NASL
    descriptionSunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09
    last seen2020-06-01
    modified2020-06-02
    plugin id13429
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13429
    titleSolaris 8 (x86) : 109327-24
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_136892-01.NASL
    descriptionSunOS 5.10: libc.so.1.9 patch. Date this patch was last updated by Sun : Jun/06/08
    last seen2020-06-01
    modified2020-06-02
    plugin id107478
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107478
    titleSolaris 10 (sparc) : 136892-01
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_109326.NASL
    descriptionSunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09
    last seen2020-06-01
    modified2020-06-02
    plugin id13321
    published2004-07-12
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13321
    titleSolaris 8 (sparc) : 109326-24
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_X86_111328.NASL
    descriptionSunOS 5.8_x86: libsocket patch. Date this patch was last updated by Sun : Jun/06/08
    last seen2020-06-01
    modified2020-06-02
    plugin id33212
    published2008-06-18
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33212
    titleSolaris 8 (x86) : 111328-05
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BIND-4932.NASL
    descriptionCertain input data could trigger a buffer overflow in the
    last seen2020-06-01
    modified2020-06-02
    plugin id31450
    published2008-03-13
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31450
    titleSuSE 10 Security Update : bind (ZYPP Patch Number 4932)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2020-0021.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.
    last seen2020-06-10
    modified2020-06-05
    plugin id137170
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137170
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_136892.NASL
    descriptionSunOS 5.10: libc.so.1.9 patch. Date this patch was last updated by Sun : Jun/06/08
    last seen2018-09-01
    modified2018-08-13
    plugin id33205
    published2008-06-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=33205
    titleSolaris 10 (sparc) : 136892-01
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0066.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen2020-06-01
    modified2020-06-02
    plugin id99569
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99569
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12060.NASL
    descriptionCertain input data could trigger a buffer overflow in the
    last seen2020-06-01
    modified2020-06-02
    plugin id41191
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41191
    titleSuSE9 Security Update : bind (YOU Patch Number 12060)

Oval

accepted2013-04-29T04:03:09.459-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionOff-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
familyunix
idoval:org.mitre.oval:def:10190
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleOff-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
version18

Redhat

advisories
bugzilla
id429149
titleCVE-2008-0122 libbind off-by-one buffer overflow
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentbind-libs is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300001
        • commentbind-libs is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057002
      • AND
        • commentbind-libbind-devel is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300003
        • commentbind-libbind-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057006
      • AND
        • commentbind-sdb is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300005
        • commentbind-sdb is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057010
      • AND
        • commentbind-chroot is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300007
        • commentbind-chroot is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057008
      • AND
        • commentbind-devel is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300009
        • commentbind-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057012
      • AND
        • commentbind-utils is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300011
        • commentbind-utils is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057014
      • AND
        • commentcaching-nameserver is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300013
        • commentcaching-nameserver is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057004
      • AND
        • commentbind is earlier than 30:9.3.4-6.P1.el5
          ovaloval:com.redhat.rhsa:tst:20080300015
        • commentbind is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057016
rhsa
idRHSA-2008:0300
released2008-05-21
severityModerate
titleRHSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)
rpms
  • bind-30:9.3.4-6.P1.el5
  • bind-chroot-30:9.3.4-6.P1.el5
  • bind-debuginfo-30:9.3.4-6.P1.el5
  • bind-devel-30:9.3.4-6.P1.el5
  • bind-libbind-devel-30:9.3.4-6.P1.el5
  • bind-libs-30:9.3.4-6.P1.el5
  • bind-sdb-30:9.3.4-6.P1.el5
  • bind-utils-30:9.3.4-6.P1.el5
  • caching-nameserver-30:9.3.4-6.P1.el5

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 27283 CVE(CAN) ID: CVE-2008-0122 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD的inet_network()函数中的单字节溢出可能由某些输入导致内存破坏,本地攻击者可能利用此漏洞提升权限或导致拒绝服务。 如果程序向inet_network()传送不可信任数据的话,攻击者就可以通过向inet_network()传送特制输入导致用用户定义的数据覆盖内存区域。攻击者可以在使用inet_network()的程序中导致拒绝服务或执行代码,具体取决于所覆盖的内存区域。 FreeBSD FreeBSD 7.0 FreeBSD FreeBSD 6.3 FreeBSD FreeBSD 6.2 厂商补丁: FreeBSD ------- FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-08:02)以及相应补丁: FreeBSD-SA-08:02:inet_network() buffer overflow 链接:<a href=ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:02.libc.asc target=_blank>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:02.libc.asc</a> 补丁下载: 执行以下步骤之一: 1) 将有漏洞的系统升级到7.0-PRERELEASE或6-STABLE,或修改日期之后的RELENG_7_0、 RELENG_6_3或RELENG_6_2安全版本。 2) 为当前系统打补丁: 以下补丁确认可应用于FreeBSD 7.0、6.3或6.2系统。 a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。 # fetch <a href=http://security.FreeBSD.org/patches/SA-08:02/libc.patch target=_blank>http://security.FreeBSD.org/patches/SA-08:02/libc.patch</a> # fetch <a href=http://security.FreeBSD.org/patches/SA-08:02/libc.patch.asc target=_blank>http://security.FreeBSD.org/patches/SA-08:02/libc.patch.asc</a> b) 以root执行以下命令: # cd /usr/src # patch &lt; /path/to/patch
idSSV:2853
last seen2017-11-19
modified2008-01-23
published2008-01-23
reporterRoot
titleFreeBSD inet_network()函数单字节溢出漏洞

Statements

contributorMark J Cox
lastmodified2008-05-21
organizationRed Hat
statementThis issue did not affect the versions of GNU libc as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue affects the versions of libbind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, however the vulnerable function is not used by any shipped applications. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0122 An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0300.html

References