Vulnerabilities > CVE-2008-0122 - Numeric Errors vulnerability in ISC Bind
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0300.NASL description Updated bind packages that fix two security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that the bind packages created the last seen 2020-06-01 modified 2020-06-02 plugin id 32424 published 2008-05-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32424 title RHEL 5 : bind (RHSA-2008:0300) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0300. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(32424); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-6283", "CVE-2008-0122"); script_bugtraq_id(27283); script_xref(name:"RHSA", value:"2008:0300"); script_name(english:"RHEL 5 : bind (RHSA-2008:0300)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated bind packages that fix two security issues, several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that the bind packages created the 'rndc.key' file with insecure file permissions. This allowed any local user to read the content of this file. A local user could use this flaw to control some aspects of the named daemon by using the rndc utility, for example, stopping the named daemon. This problem did not affect systems with the bind-chroot package installed. (CVE-2007-6283) A buffer overflow flaw was discovered in the 'inet_network()' function, as implemented by libbind. An attacker could use this flaw to crash an application calling this function, with an argument provided from an untrusted source. (CVE-2008-0122) As well, these updated packages fix the following bugs : * when using an LDAP backend, missing function declarations caused segmentation faults, due to stripped pointers on machines where pointers are longer than integers. * starting named may have resulted in named crashing, due to a race condition during D-BUS connection initialization. This has been resolved in these updated packages. * the named init script returned incorrect error codes, causing the 'status' command to return an incorrect status. In these updated packages, the named init script is Linux Standard Base (LSB) compliant. * in these updated packages, the 'rndc [command] [zone]' command, where [command] is an rndc command, and [zone] is the specified zone, will find the [zone] if the zone is unique to all views. * the default named log rotation script did not work correctly when using the bind-chroot package. In these updated packages, installing bind-chroot creates the symbolic link '/var/log/named.log', which points to '/var/named/chroot/var/log/named.log', which resolves this issue. * a previous bind update incorrectly changed the permissions on the '/etc/openldap/schema/dnszone.schema' file to mode 640, instead of mode 644, which resulted in OpenLDAP not being able to start. In these updated packages, the permissions are correctly set to mode 644. * the 'checkconfig' parameter was missing in the named usage report. For example, running the 'service named' command did not return 'checkconfig' in the list of available options. * due to a bug in the named init script not handling the rndc return value correctly, the 'service named stop' and 'service named restart' commands failed on certain systems. * the bind-chroot spec file printed errors when running the '%pre' and '%post' sections. Errors such as the following occurred : Locating //etc/named.conf failed: [FAILED] This has been resolved in these updated packages. * installing the bind-chroot package creates a '/dev/random' file in the chroot environment; however, the '/dev/random' file had an incorrect SELinux label. Starting named resulted in an 'avc: denied { getattr } for pid=[pid] comm='named' path='/dev/random'' error being logged. The '/dev/random' file has the correct SELinux label in these updated packages. * in certain situations, running the 'bind +trace' command resulted in random segmentation faults. As well, these updated packages add the following enhancements : * support has been added for GSS-TSIG (RFC 3645). * the 'named.root' file has been updated to reflect the new address for L.ROOT-SERVERS.NET. * updates BIND to the latest 9.3 maintenance release. All users of bind are advised to upgrade to these updated packages, which resolve these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-6283" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2008-0122" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0300" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:caching-nameserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/17"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0300"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"bind-devel-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"bind-libbind-devel-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"bind-libs-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind-utils-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind-utils-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind-utils-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libbind-devel / bind-libs / etc"); } }NASL family SuSE Local Security Checks NASL id SUSE_BIND-4931.NASL description Certain input data could trigger a buffer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 31449 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31449 title openSUSE 10 Security Update : bind (bind-4931) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update bind-4931. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(31449); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-0122"); script_name(english:"openSUSE 10 Security Update : bind (bind-4931)"); script_summary(english:"Check for the bind-4931 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Certain input data could trigger a buffer overflow in the 'inet_network' function of libbind. Applications that use this function could therefore potentially be crashed or exploited to execute arbitrary code. Bind itself is not affected though (CVE-2008-0122)." ); script_set_attribute(attribute:"solution", value:"Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-chrootenv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-lwresd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2|SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2 / 10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"bind-9.3.2-17.20") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"bind-chrootenv-9.3.2-17.20") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"bind-devel-9.3.2-17.20") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"bind-libs-9.3.2-17.20") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"bind-lwresd-9.3.2-17.20") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"bind-utils-9.3.2-17.20") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"bind-libs-32bit-9.3.2-17.20") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"bind-9.3.2-56.5") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"bind-chrootenv-9.3.2-56.5") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"bind-devel-9.3.2-56.5") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"bind-libs-9.3.2-56.5") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"bind-utils-9.3.2-56.5") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"bind-libs-32bit-9.3.2-56.5") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"bind-9.4.1.P1-12.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"bind-chrootenv-9.4.1.P1-12.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"bind-devel-9.4.1.P1-12.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"bind-libs-9.4.1.P1-12.2") ) flag++; if ( rpm_check(release:"SUSE10.3", reference:"bind-utils-9.4.1.P1-12.2") ) flag++; if ( rpm_check(release:"SUSE10.3", cpu:"x86_64", reference:"bind-libs-32bit-9.4.1.P1-12.2") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chrootenv / bind-devel / bind-libs / bind-libs-32bit / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20080521_BIND_ON_SL5_X.NASL description It was discovered that the bind packages created the last seen 2020-06-01 modified 2020-06-02 plugin id 60402 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60402 title Scientific Linux Security Update : bind on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60402); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-6283", "CVE-2008-0122"); script_name(english:"Scientific Linux Security Update : bind on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was discovered that the bind packages created the 'rndc.key' file with insecure file permissions. This allowed any local user to read the content of this file. A local user could use this flaw to control some aspects of the named daemon by using the rndc utility, for example, stopping the named daemon. This problem did not affect systems with the bind-chroot package installed. (CVE-2007-6283) A buffer overflow flaw was discovered in the 'inet_network()' function, as implemented by libbind. An attacker could use this flaw to crash an application calling this function, with an argument provided from an untrusted source. (CVE-2008-0122) As well, these updated packages fix the following bugs : - when using an LDAP backend, missing function declarations caused segmentation faults, due to stripped pointers on machines where pointers are longer than integers. - starting named may have resulted in named crashing, due to a race condition during D-BUS connection initialization. This has been resolved in these updated packages. - the named init script returned incorrect error codes, causing the 'status' command to return an incorrect status. In these updated packages, the named init script is Linux Standard Base (LSB) compliant. - in these updated packages, the 'rndc [command] [zone]' command, where [command] is an rndc command, and [zone] is the specified zone, will find the [zone] if the zone is unique to all views. - the default named log rotation script did not work correctly when using the bind-chroot package. In these updated packages, installing bind-chroot creates the symbolic link '/var/log/named.log', which points to '/var/named/chroot/var/log/named.log', which resolves this issue. - a previous bind update incorrectly changed the permissions on the '/etc/openldap/schema/dnszone.schema' file to mode 640, instead of mode 644, which resulted in OpenLDAP not being able to start. In these updated packages, the permissions are correctly set to mode 644. - the 'checkconfig' parameter was missing in the named usage report. For example, running the 'service named' command did not return 'checkconfig' in the list of available options. - due to a bug in the named init script not handling the rndc return value correctly, the 'service named stop' and 'service named restart' commands failed on certain systems. - the bind-chroot spec file printed errors when running the '%pre' and '%post' sections. Errors such as the following occurred : Locating //etc/named.conf failed: [FAILED] This has been resolved in these updated packages. - installing the bind-chroot package creates a '/dev/random' file in the chroot environment; however, the '/dev/random' file had an incorrect SELinux label. Starting named resulted in an 'avc: denied { getattr } for pid=[pid] comm='named' path='/dev/random'' error being logged. The '/dev/random' file has the correct SELinux label in these updated packages. - in certain situations, running the 'bind +trace' command resulted in random segmentation faults. As well, these updated packages add the following enhancements : - support has been added for GSS-TSIG (RFC 3645). - the 'named.root' file has been updated to reflect the new address for L.ROOT-SERVERS.NET. - updates BIND to the latest 9.3 maintenance release." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0805&L=scientific-linux-errata&T=0&P=1821 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7b2d3a59" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(189, 200); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/12/17"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"bind-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"SL5", reference:"bind-chroot-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"SL5", reference:"bind-devel-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"SL5", reference:"bind-libbind-devel-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"SL5", reference:"bind-libs-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"SL5", reference:"bind-sdb-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"SL5", reference:"bind-utils-9.3.4-6.P1.el5")) flag++; if (rpm_check(release:"SL5", reference:"caching-nameserver-9.3.4-6.P1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Solaris Local Security Checks NASL id SOLARIS8_109152.NASL description SunOS 5.8: /usr/4lib/libc.so.x.9 and libdb. Date this patch was last updated by Sun : Jun/04/08 last seen 2020-06-01 modified 2020-06-02 plugin id 13315 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13315 title Solaris 8 (sparc) : 109152-03 NASL family Solaris Local Security Checks NASL id SOLARIS8_111327.NASL description SunOS 5.8: libsocket patch. Date this patch was last updated by Sun : Jun/06/08 last seen 2020-06-01 modified 2020-06-02 plugin id 33211 published 2008-06-18 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33211 title Solaris 8 (sparc) : 111327-06 NASL family Fedora Local Security Checks NASL id FEDORA_2008-6281.NASL description 9.5.0-P1 release which contains fix for CVE-2008-1447. This update also fixes parsing of inner ACLs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33470 published 2008-07-10 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33470 title Fedora 8 : bind-9.5.0-28.P1.fc8 (2008-6281) NASL family Fedora Local Security Checks NASL id FEDORA_2008-0904.NASL description - CVE-2008-0122, libbind.so off-by-one buffer overflow, very low severity Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30081 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30081 title Fedora 7 : bind-9.4.2-3.fc7 (2008-0904) NASL family Fedora Local Security Checks NASL id FEDORA_2008-0903.NASL description - CVE-2008-0122, libbind.so off-by-one buffer overflow, very low severity Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30080 published 2008-01-27 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30080 title Fedora 8 : bind-9.5.0-23.b1.fc8 (2008-0903) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_109327.NASL description SunOS 5.8_x86: libresolv.so.2, in.named an. Date this patch was last updated by Sun : Mar/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13429 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13429 title Solaris 8 (x86) : 109327-24 NASL family Solaris Local Security Checks NASL id SOLARIS10_136892-01.NASL description SunOS 5.10: libc.so.1.9 patch. Date this patch was last updated by Sun : Jun/06/08 last seen 2020-06-01 modified 2020-06-02 plugin id 107478 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107478 title Solaris 10 (sparc) : 136892-01 NASL family Solaris Local Security Checks NASL id SOLARIS8_109326.NASL description SunOS 5.8: libresolv.so.2, in.named and BI. Date this patch was last updated by Sun : Mar/09/09 last seen 2020-06-01 modified 2020-06-02 plugin id 13321 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13321 title Solaris 8 (sparc) : 109326-24 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_111328.NASL description SunOS 5.8_x86: libsocket patch. Date this patch was last updated by Sun : Jun/06/08 last seen 2020-06-01 modified 2020-06-02 plugin id 33212 published 2008-06-18 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33212 title Solaris 8 (x86) : 111328-05 NASL family SuSE Local Security Checks NASL id SUSE_BIND-4932.NASL description Certain input data could trigger a buffer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 31450 published 2008-03-13 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31450 title SuSE 10 Security Update : bind (ZYPP Patch Number 4932) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family Solaris Local Security Checks NASL id SOLARIS10_136892.NASL description SunOS 5.10: libc.so.1.9 patch. Date this patch was last updated by Sun : Jun/06/08 last seen 2018-09-01 modified 2018-08-13 plugin id 33205 published 2008-06-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=33205 title Solaris 10 (sparc) : 136892-01 NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family SuSE Local Security Checks NASL id SUSE9_12060.NASL description Certain input data could trigger a buffer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 41191 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41191 title SuSE9 Security Update : bind (YOU Patch Number 12060)
Oval
| accepted | 2013-04-29T04:03:09.459-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10190 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 27283 CVE(CAN) ID: CVE-2008-0122 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD的inet_network()函数中的单字节溢出可能由某些输入导致内存破坏,本地攻击者可能利用此漏洞提升权限或导致拒绝服务。 如果程序向inet_network()传送不可信任数据的话,攻击者就可以通过向inet_network()传送特制输入导致用用户定义的数据覆盖内存区域。攻击者可以在使用inet_network()的程序中导致拒绝服务或执行代码,具体取决于所覆盖的内存区域。 FreeBSD FreeBSD 7.0 FreeBSD FreeBSD 6.3 FreeBSD FreeBSD 6.2 厂商补丁: FreeBSD ------- FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-08:02)以及相应补丁: FreeBSD-SA-08:02:inet_network() buffer overflow 链接:<a href=ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:02.libc.asc target=_blank>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:02.libc.asc</a> 补丁下载: 执行以下步骤之一: 1) 将有漏洞的系统升级到7.0-PRERELEASE或6-STABLE,或修改日期之后的RELENG_7_0、 RELENG_6_3或RELENG_6_2安全版本。 2) 为当前系统打补丁: 以下补丁确认可应用于FreeBSD 7.0、6.3或6.2系统。 a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。 # fetch <a href=http://security.FreeBSD.org/patches/SA-08:02/libc.patch target=_blank>http://security.FreeBSD.org/patches/SA-08:02/libc.patch</a> # fetch <a href=http://security.FreeBSD.org/patches/SA-08:02/libc.patch.asc target=_blank>http://security.FreeBSD.org/patches/SA-08:02/libc.patch.asc</a> b) 以root执行以下命令: # cd /usr/src # patch < /path/to/patch |
| id | SSV:2853 |
| last seen | 2017-11-19 |
| modified | 2008-01-23 |
| published | 2008-01-23 |
| reporter | Root |
| title | FreeBSD inet_network()函数单字节溢出漏洞 |
Statements
| contributor | Mark J Cox |
| lastmodified | 2008-05-21 |
| organization | Red Hat |
| statement | This issue did not affect the versions of GNU libc as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue affects the versions of libbind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, however the vulnerable function is not used by any shipped applications. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0122 An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0300.html |
References
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
- http://secunia.com/advisories/28367
- http://secunia.com/advisories/28429
- http://secunia.com/advisories/28487
- http://secunia.com/advisories/28579
- http://secunia.com/advisories/29161
- http://secunia.com/advisories/29323
- http://secunia.com/advisories/30313
- http://secunia.com/advisories/30538
- http://secunia.com/advisories/30718
- http://security.freebsd.org/advisories/FreeBSD-SA-08:02.libc.asc
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238493-1
- http://support.avaya.com/elmodocs2/security/ASA-2008-244.htm
- http://www.isc.org/index.pl?/sw/bind/bind-security.php
- http://www.kb.cert.org/vuls/id/203611
- http://www.redhat.com/support/errata/RHSA-2008-0300.html
- http://www.securityfocus.com/archive/1/487000/100/0/threaded
- http://www.securityfocus.com/bid/27283
- http://www.securitytracker.com/id?1019189
- http://www.vupen.com/english/advisories/2008/0193
- http://www.vupen.com/english/advisories/2008/0703
- http://www.vupen.com/english/advisories/2008/1743/references
- http://www14.software.ibm.com/webapp/set2/subscriptions/ijhifoeblist?mode=7&heading=AIX61&path=/200802/SECURITY/20080227/datafile123640&label=AIX%20libc%20inet_network%20buffer%20overflow
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4167
- https://bugzilla.redhat.com/show_bug.cgi?id=429149
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39670
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
- https://issues.rpath.com/browse/RPL-2169
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10190
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00781.html
- https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00782.html