Vulnerabilities > CVE-2009-0025 - Improper Authentication vulnerability in ISC Bind

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
isc
CWE-287
nessus

Summary

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Authentication Abuse
    An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Utilizing REST's Trust in the System Resource to Register Man in the Middle
    This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
  • Man in the Middle Attack
    This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.

Nessus

  • NASL familyAIX Local Security Checks
    NASL idAIX_IV10049.NASL
    descriptionAn as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.
    last seen2020-06-01
    modified2020-06-02
    plugin id63701
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63701
    titleAIX 7.1 TL 1 : bind9 (IV10049)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text in the description was extracted from AIX Security
    # Advisory bind9_advisory3.asc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(63701);
      script_version("1.4");
      script_cvs_date("Date: 2019/09/16 14:13:03");
    
      script_cve_id("CVE-2009-0025", "CVE-2010-0097", "CVE-2010-0382", "CVE-2011-4313");
    
      script_name(english:"AIX 7.1 TL 1 : bind9 (IV10049)");
      script_summary(english:"Check for APAR IV10049");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote AIX host is missing a security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An as-yet unidentified network event caused BIND 9 resolvers to cache
    an invalid record, subsequent queries for which could crash the
    resolvers with an assertion failure.
    
    Furthermore, AIX BIND 9.4.1 is affected by the following three
    security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick
    Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and
    NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and
    EVP_VerifyFinal."
      );
      # http://www.isc.org/software/bind/advisories/cve-2011-4313
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f77e2a75"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory3.asc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install the appropriate interim fix."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_cwe_id(287);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"AIX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
    
      exit(0);
    }
    
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("aix.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
    if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
    
    flag = 0;
    
    if (aix_check_ifix(release:"7.1", ml:"01", sp:"01", patch:"IV10049m01", package:"bos.net.tcp.client", minfilesetver:"7.1.1.0", maxfilesetver:"7.1.1.1") < 0) flag++;
    if (aix_check_ifix(release:"7.1", ml:"01", sp:"01", patch:"IV10049m01", package:"bos.net.tcp.server", minfilesetver:"7.1.1.0", maxfilesetver:"7.1.1.0") < 0) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-037.NASL
    descriptionInternet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. In this particular case the DSA_verify function was fixed with MDVSA-2009:002, this update does however address the RSA_verify function (CVE-2009-0265).
    last seen2020-06-01
    modified2020-06-02
    plugin id36346
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36346
    titleMandriva Linux Security Advisory : bind (MDVSA-2009:037)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0004.NASL
    descriptiona. Updated OpenSSL package for the Service Console fixes a security issue. OpenSSL 0.9.7a-33.24 and earlier does not properly check the return value from the EVP_VerifyFinal function, which could allow a remote attacker to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved
    last seen2020-06-01
    modified2020-06-02
    plugin id40389
    published2009-07-27
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40389
    titleVMSA-2009-0004 : ESX Service Console updates for openssl, bind, and vim
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-0350.NASL
    descriptionUpdate to 9.5.1-P1 maintenance release which includes fix for CVE-2009-0025. This update also fixes rare crash of host utility. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id35398
    published2009-01-16
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35398
    titleFedora 9 : bind-9.5.1-1.P1.fc9 (2009-0350)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_BIND-090126.NASL
    descriptionThis update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025)
    last seen2020-06-01
    modified2020-06-02
    plugin id40193
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40193
    titleopenSUSE Security Update : bind (bind-426)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-014-02.NASL
    descriptionNew bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id54870
    published2011-05-28
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/54870
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2009-014-02)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_BIND-090112.NASL
    descriptionThis update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025)
    last seen2020-06-01
    modified2020-06-02
    plugin id39921
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39921
    titleopenSUSE Security Update : bind (bind-426)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV09978.NASL
    descriptionAn as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.
    last seen2020-06-01
    modified2020-06-02
    plugin id63700
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63700
    titleAIX 6.1 TL 7 : bind9 (IV09978)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV09491.NASL
    descriptionAn as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.
    last seen2020-06-01
    modified2020-06-02
    plugin id63699
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63699
    titleAIX 5.3 TL 12 : bind9 (IV09491)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL11503.NASL
    descriptionThe remote BIG-IP device is missing a patch required by a security advisory.
    last seen2020-06-01
    modified2020-06-02
    plugin id78125
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78125
    titleF5 Networks BIG-IP : BIND 9 vulnerability (SOL11503)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-0020.NASL
    descriptionFrom Red Hat Security Advisory 2009:0020 : Updated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id67792
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67792
    titleOracle Linux 3 / 4 / 5 : bind (ELSA-2009-0020)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BIND-5905.NASL
    descriptionThis update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025)
    last seen2020-06-01
    modified2020-06-02
    plugin id41479
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41479
    titleSuSE 10 Security Update : bind (ZYPP Patch Number 5905)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-0020.NASL
    descriptionUpdated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id35589
    published2009-02-05
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35589
    titleCentOS 3 / 4 / 5 : bind (CESA-2009:0020)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_X86_114265.NASL
    descriptionSunOS 5.9_x86: in.dhcpd libresolv and BIND. Date this patch was last updated by Sun : Jul/21/11
    last seen2020-06-01
    modified2020-06-02
    plugin id27094
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27094
    titleSolaris 9 (x86) : 114265-23
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV11743.NASL
    descriptionAn as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.
    last seen2020-06-01
    modified2020-06-02
    plugin id63706
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63706
    titleAIX 6.1 TL 6 : bind9 (IV11743)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200903-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200903-14 (BIND: Incorrect signature verification) BIND does not properly check the return value from the OpenSSL functions to verify DSA (CVE-2009-0025) and RSA (CVE-2009-0265) certificates. Impact : A remote attacker could bypass validation of the certificate chain to spoof DNSSEC-authenticated records. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id35812
    published2009-03-10
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35812
    titleGLSA-200903-14 : BIND: Incorrect signature verification
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1703.NASL
    descriptionIt was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine.
    last seen2020-06-01
    modified2020-06-02
    plugin id35366
    published2009-01-14
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35366
    titleDebian DSA-1703-1 : bind9 - interpretation conflict
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-0451.NASL
    descriptionUpdate to 9.5.1-P1 maintenance release which fixes CVE-2009-0025. This update also address following issues : - sample config file was outdated. - specifying a fixed query source was broken Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36411
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/36411
    titleFedora 10 : bind-9.5.1-1.P1.fc10 (2009-0451)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_112837.NASL
    descriptionSunOS 5.9: in.dhcpd libresolv and BIND9 pa. Date this patch was last updated by Sun : Jul/21/11
    last seen2020-06-01
    modified2020-06-02
    plugin id26165
    published2007-09-25
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26165
    titleSolaris 9 (sparc) : 112837-24
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-706-1.NASL
    descriptionIt was discovered that Bind did not properly perform signature verification. When DNSSEC with DSA signatures are in use, a remote attacker could exploit this to bypass signature validation to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id36220
    published2009-04-23
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/36220
    titleUbuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : bind9 vulnerability (USN-706-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2020-0021.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.
    last seen2020-06-10
    modified2020-06-05
    plugin id137170
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137170
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-002.NASL
    descriptionA flaw was found in how BIND checked the return value of the OpenSSL DSA_do_verify() function. On systems that use DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, which would allow for spoofing attacks (CVE-2009-0025). The updated packages have been patched to prevent this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id37473
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37473
    titleMandriva Linux Security Advisory : bind (MDVSA-2009:002)
  • NASL familyDNS
    NASL idBIND_SIG_RETURN_CHECKS.NASL
    descriptionAccording to its version number, the remote installation of BIND does not properly check the return value from the OpenSSL library functions
    last seen2020-06-01
    modified2020-06-02
    plugin id38735
    published2009-05-12
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38735
    titleISC BIND 9 EVP_VerifyFinal() / DSA_do_verify() SSL/TLS Signature Validation Weakness
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV11744.NASL
    descriptionAn as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.
    last seen2020-06-01
    modified2020-06-02
    plugin id63707
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63707
    titleAIX 7.1 TL 0 : bind9 (IV11744)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_5_7.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id38744
    published2009-05-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38744
    titleMac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-0020.NASL
    descriptionUpdated Bind packages to correct a security issue are now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id35324
    published2009-01-09
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35324
    titleRHEL 2.1 / 3 / 4 / 5 : bind (RHSA-2009:0020)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0066.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen2020-06-01
    modified2020-06-02
    plugin id99569
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99569
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL familyAIX Local Security Checks
    NASL idAIX_IV11742.NASL
    descriptionAn as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal.
    last seen2020-06-01
    modified2020-06-02
    plugin id63705
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63705
    titleAIX 6.1 TL 5 : bind9 (IV11742)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_BIND-5915.NASL
    descriptionThis update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025)
    last seen2020-06-01
    modified2020-06-02
    plugin id35445
    published2009-01-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35445
    titleopenSUSE 10 Security Update : bind (bind-5915)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12328.NASL
    descriptionThis update improves the verification of return values of openssl functions. Prior this update it was possible to spoof answers signed with DSA and NSEC3DSA. (CVE-2009-0025)
    last seen2020-06-01
    modified2020-06-02
    plugin id41266
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41266
    titleSuSE9 Security Update : bind (YOU Patch Number 12328)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090108_BIND_ON_SL3_X.NASL
    descriptionA flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. After installing theupdate, BIND daemon will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id60517
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60517
    titleScientific Linux Security Update : bind on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0004_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, is affected by multiple vulnerabilities : - A format string flaw exists in the Vim help tag processor in the helptags_one() function that allows a remote attacker to execute arbitrary code by tricking a user into executing the
    last seen2020-06-01
    modified2020-06-02
    plugin id89112
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89112
    titleVMware ESX Multiple Vulnerabilities (VMSA-2009-0004) (remote check)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL9754.NASL
    descriptionThe remote BIG-IP device is missing a patch required by a security advisory.
    last seen2020-06-01
    modified2020-06-02
    plugin id78228
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78228
    titleF5 Networks BIG-IP : BIND 9 vulnerability (SOL9754)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-002 applied. This security update contains fixes for the following products : - Apache - ATS - BIND - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - IPSec - Kerberos - Launch Services - libxml - Net-SNMP - Network Time - OpenSSL - QuickDraw Manager - Spotlight - system_cmds - telnet - Terminal - X11
    last seen2020-06-01
    modified2020-06-02
    plugin id38743
    published2009-05-13
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38743
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-002)

Oval

  • accepted2013-04-29T04:09:35.806-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionBIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
    familyunix
    idoval:org.mitre.oval:def:10879
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleBIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
    version27
  • accepted2009-11-30T04:00:05.406-05:00
    classvulnerability
    contributors
    • nameMichael Wood
      organizationHewlett-Packard
    • nameMichael Wood
      organizationHewlett-Packard
    definition_extensions
    • commentVMWare ESX Server 3.0.3 is installed
      ovaloval:org.mitre.oval:def:6026
    • commentVMWare ESX Server 3.0.2 is installed
      ovaloval:org.mitre.oval:def:5613
    • commentVMware ESX Server 3.5.0 is installed
      ovaloval:org.mitre.oval:def:5887
    descriptionBIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
    familyunix
    idoval:org.mitre.oval:def:5569
    statusaccepted
    submitted2009-09-23T15:39:02.000-04:00
    titleAvaya Solaris BIND "EVP_VerifyFinal()" Signature Spoofing Vulnerability
    version3

Redhat

advisories
bugzilla
id478984
titleCVE-2009-0025 bind: DSA_do_verify() returns check issue
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentbind-libs is earlier than 20:9.2.4-30.el4_7.1
          ovaloval:com.redhat.rhsa:tst:20090020001
        • commentbind-libs is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070044006
      • AND
        • commentbind is earlier than 20:9.2.4-30.el4_7.1
          ovaloval:com.redhat.rhsa:tst:20090020003
        • commentbind is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070044002
      • AND
        • commentbind-utils is earlier than 20:9.2.4-30.el4_7.1
          ovaloval:com.redhat.rhsa:tst:20090020005
        • commentbind-utils is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070044010
      • AND
        • commentbind-devel is earlier than 20:9.2.4-30.el4_7.1
          ovaloval:com.redhat.rhsa:tst:20090020007
        • commentbind-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070044004
      • AND
        • commentbind-chroot is earlier than 20:9.2.4-30.el4_7.1
          ovaloval:com.redhat.rhsa:tst:20090020009
        • commentbind-chroot is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20070044008
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • commentbind is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020012
        • commentbind is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057016
      • AND
        • commentbind-utils is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020014
        • commentbind-utils is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057014
      • AND
        • commentbind-libs is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020016
        • commentbind-libs is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057002
      • AND
        • commentbind-chroot is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020018
        • commentbind-chroot is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057008
      • AND
        • commentbind-sdb is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020020
        • commentbind-sdb is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057010
      • AND
        • commentbind-devel is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020022
        • commentbind-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057012
      • AND
        • commentbind-libbind-devel is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020024
        • commentbind-libbind-devel is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057006
      • AND
        • commentcaching-nameserver is earlier than 30:9.3.4-6.0.3.P1.el5_2
          ovaloval:com.redhat.rhsa:tst:20090020026
        • commentcaching-nameserver is signed with Red Hat redhatrelease key
          ovaloval:com.redhat.rhsa:tst:20070057004
rhsa
idRHSA-2009:0020
released2009-01-08
severityModerate
titleRHSA-2009:0020: bind security update (Moderate)
rpms
  • bind-0:9.2.1-11.el2
  • bind-20:9.2.4-23.el3
  • bind-20:9.2.4-30.el4_7.1
  • bind-30:9.3.4-6.0.3.P1.el5_2
  • bind-chroot-20:9.2.4-23.el3
  • bind-chroot-20:9.2.4-30.el4_7.1
  • bind-chroot-30:9.3.4-6.0.3.P1.el5_2
  • bind-debuginfo-20:9.2.4-23.el3
  • bind-debuginfo-20:9.2.4-30.el4_7.1
  • bind-debuginfo-30:9.3.4-6.0.3.P1.el5_2
  • bind-devel-0:9.2.1-11.el2
  • bind-devel-20:9.2.4-23.el3
  • bind-devel-20:9.2.4-30.el4_7.1
  • bind-devel-30:9.3.4-6.0.3.P1.el5_2
  • bind-libbind-devel-30:9.3.4-6.0.3.P1.el5_2
  • bind-libs-20:9.2.4-23.el3
  • bind-libs-20:9.2.4-30.el4_7.1
  • bind-libs-30:9.3.4-6.0.3.P1.el5_2
  • bind-sdb-30:9.3.4-6.0.3.P1.el5_2
  • bind-utils-0:9.2.1-11.el2
  • bind-utils-20:9.2.4-23.el3
  • bind-utils-20:9.2.4-30.el4_7.1
  • bind-utils-30:9.3.4-6.0.3.P1.el5_2
  • caching-nameserver-30:9.3.4-6.0.3.P1.el5_2

References