Vulnerabilities > CVE-2009-4022 - Remote Cache Poisoning vulnerability in ISC BIND 9 DNSSEC Query Response Additional Section

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL15787.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(78835);
  script_version("1.6");
  script_cvs_date("Date: 2019/01/04 10:03:40");

  script_cve_id("CVE-2009-4022", "CVE-2010-0382");
  script_bugtraq_id(37118);

  script_name(english:"F5 Networks BIG-IP : BIND vulnerability (SOL15787)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick
data accompanying a secure response without re-fetching from the
original source, which allows remote attackers to have an unspecified
impact via a crafted response, aka Bug 20819. NOTE: this vulnerability
exists because of a regression during the fix for CVE-2009-4022."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K15787"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL15787."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "SOL15787";
vmatrix = make_array();

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("10.1.0");
vmatrix["APM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["ASM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["GTM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["LC"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["LTM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# PSM
vmatrix["PSM"] = make_array();
vmatrix["PSM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["PSM"]["unaffected"] = make_list("11.0.0-11.4.1","10.2.0-10.2.4");

# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["WAM"]["unaffected"] = make_list("11.0.0-11.3.0","10.2.0-10.2.4");

# WOM
vmatrix["WOM"] = make_array();
vmatrix["WOM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["WOM"]["unaffected"] = make_list("11.0.0-11.3.0","10.2.0-10.2.4");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(42983);
  script_version("1.19");
  script_cvs_date("Date: 2018/06/27 18:42:25");

  script_cve_id("CVE-2009-4022", "CVE-2010-0382");
  script_bugtraq_id(37118);
  script_xref(name:"CERT", value:"418861");

  script_name(english:"ISC BIND 9 DNSSEC Cache Poisoning");
  script_summary(english:"Checks version of BIND");

  script_set_attribute(attribute:"synopsis", value:"The remote name server is affected by a cache poisoning vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the remote installation of BIND
suffers from a cache poisoning vulnerability. This issue affects all
versions prior to 9.4.3-P5, 9.5.2-P2 or 9.6.1-P3.

Note that only nameservers that allow recursive queries and validate
DNSSEC records are affected. Nessus has not attempted to verify if
this configuration applies to the remote service, though, so this
could be a false positive.");
  script_set_attribute(attribute:"see_also", value:"https://www.isc.org/advisories/CVE2009-4022");
  script_set_attribute(attribute:"see_also", value:"http://www.vupen.com/english/advisories/2010/1352");
  script_set_attribute(attribute:"see_also", value:"http://www.vupen.com/english/advisories/2010/0622");
  script_set_attribute(attribute:"see_also", value:"http://www.vupen.com/english/advisories/2009/3335");
  script_set_attribute(attribute:"solution", value:"Upgrade to BIND 9.4.3-P5 / 9.5.2-P2 / 9.6.1-P3 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/02");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"DNS");
  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("bind_version.nasl", "dnssec_resolver.nasl");
  script_require_keys("bind/version", "Settings/ParanoidReport");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

ver = get_kb_item("bind/version");
if (!ver) exit(1, "BIND version is unknown or DNS is not running.");

# Versions affected:
# 9.0.x, 9.1.x, 9.2.x, 9.3.x, 9.4.0-9.4.3-P3, 9.5.0, 9.5.1, 9.5.2, 9.6.0, 9.6.1-P1

pattern = "^(" +
          "9\.4-ESVb1|" +
          "9\.4\.([0-2]([^0-9]|$)|3(-P[1-4]$|[^0-9\-]|$))|"+
          "9\.5\.([01]([^0-9]|$)|2(-P1$|[^0-9\-]|$))|" +
          "9\.6\.(0([^0-9]|$)|1(-P[1-2]$|[^0-9\-]|$)|2b1$)|" +
          "9\.7\.0([ab][0-3]$|rc1$)" + ")";

if (ver =~ "^9\.[0-3]\.")
{
  security_note(port:53, proto:"udp", extra:
'\nNo fix is available on branches 9.0 to 9.3 (end of life).');
  exit(0);
}
if (ereg(pattern:pattern, string:ver) )
  security_note(port:53, proto:"udp");
else
  exit(0, "BIND version "+ ver + " is running on port 53 and is not vulnerable.");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update bind-1845.
#
# The text description of this plugin is (C) SUSE LLC.
#

include("compat.inc");

if (description)
{
  script_id(44309);
  script_version("1.9");
  script_cvs_date("Date: 2019/10/25 13:36:38");

  script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290");

  script_name(english:"openSUSE Security Update : bind (bind-1845)");
  script_summary(english:"Check for the bind-1845 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"bind when configured for DNSSEC could incorrectly cache NXDOMAIN
responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was
incomplete. Despite the previous fix CNAME and DNAME responses could
be incorrectly cached (CVE-2010-0290)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=570912"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected bind packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-chrootenv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.2", reference:"bind-9.6.1P3-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"bind-chrootenv-9.6.1P3-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"bind-devel-9.6.1P3-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"bind-libs-9.6.1P3-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", reference:"bind-utils-9.6.1P3-1.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"bind-libs-32bit-9.6.1P3-1.1.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chrootenv / bind-devel / bind-libs / bind-libs-32bit / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from VMware Security Advisory 2010-0004. 
# The text itself is copyright (C) VMware Inc.
#

include("compat.inc");

if (description)
{
  script_id(44993);
  script_version("1.31");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id("CVE-2008-3916", "CVE-2008-4316", "CVE-2008-4552", "CVE-2009-0115", "CVE-2009-0590", "CVE-2009-1189", "CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-1386", "CVE-2009-1387", "CVE-2009-2695", "CVE-2009-2849", "CVE-2009-2904", "CVE-2009-2905", "CVE-2009-2908", "CVE-2009-3228", "CVE-2009-3286", "CVE-2009-3547", "CVE-2009-3560", "CVE-2009-3563", "CVE-2009-3612", "CVE-2009-3613", "CVE-2009-3620", "CVE-2009-3621", "CVE-2009-3720", "CVE-2009-3726", "CVE-2009-4022");
  script_bugtraq_id(30815, 31602, 31823, 34100, 34256, 35001, 35138, 35174, 36304, 36515, 36552, 36639, 36706, 36723, 36824, 36827, 36901, 36936, 37118, 37203, 37255);
  script_xref(name:"VMSA", value:"2010-0004");

  script_name(english:"VMSA-2010-0004 : ESX Service Console and vMA third-party updates");
  script_summary(english:"Checks esxupdate output for the patches");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote VMware ESX host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"a. vMA and Service Console update for newt to 0.52.2-12.el5_4.1

   Newt is a programming library for color text mode, widget based
   user interfaces. Newt can be used to add stacked windows, entry
   widgets, checkboxes, radio buttons, labels, plain text fields,
   scrollbars, etc., to text mode user interfaces.

   A heap-based buffer overflow flaw was found in the way newt
   processes content that is to be displayed in a text dialog box.
   A local attacker could issue a specially crafted text dialog box
   display request (direct or via a custom application), leading to a
   denial of service (application crash) or, potentially, arbitrary
   code execution with the privileges of the user running the
   application using the newt library.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-2905 to this issue.

b. vMA and Service Console update for vMA package nfs-utils to
   1.0.9-42.el5

   The nfs-utils package provides a daemon for the kernel NFS server
   and related tools.

   It was discovered that nfs-utils did not use tcp_wrappers
   correctly.  Certain hosts access rules defined in '/etc/hosts.allow'
   and '/etc/hosts.deny' may not have been honored, possibly allowing
   remote attackers to bypass intended access restrictions.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2008-4552 to this issue.

c. vMA and Service Console package glib2 updated to 2.12.3-4.el5_3.1

   GLib is the low-level core library that forms the basis for
   projects such as GTK+ and GNOME. It provides data structure
   handling for C, portability wrappers, and interfaces for such
   runtime functionality as an event loop, threads, dynamic loading,
   and an object system.

   Multiple integer overflows in glib/gbase64.c in GLib before 2.20
   allow context-dependent attackers to execute arbitrary code via a
   long string that is converted either from or to a base64
   representation.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2008-4316 to this issue.

d. vMA and Service Console update for openssl to 0.9.8e-12.el5

   SSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-
   strength cryptography world-wide.

   Multiple denial of service flaws were discovered in OpenSSL's DTLS
   implementation. A remote attacker could use these flaws to cause a
   DTLS server to use excessive amounts of memory, or crash on an
   invalid memory access or NULL pointer dereference.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the names CVE-2009-1377, CVE-2009-1378,
   CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 to these issues.

   An input validation flaw was found in the handling of the BMPString
   and UniversalString ASN1 string types in OpenSSL's
   ASN1_STRING_print_ex() function. An attacker could use this flaw to
   create a specially crafted X.509 certificate that could cause
   applications using the affected function to crash when printing
   certificate contents.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-0590 to this issue.

e. vMA and Service Console package bind updated to 9.3.6-4.P1.el5_4.1

   It was discovered that BIND was incorrectly caching responses
   without performing proper DNSSEC validation, when those responses
   were received during the resolution of a recursive client query
   that requested DNSSEC records but indicated that checking should be
   disabled. A remote attacker could use this flaw to bypass the DNSSEC
   validation check and perform a cache poisoning attack if the target
   BIND server was receiving such client queries.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-4022 to this issue.

f. vMA and Service Console package expat updated to 1.95.8-8.3.el5_4.2.

   Two buffer over-read flaws were found in the way Expat handled
   malformed UTF-8 sequences when processing XML files. A specially-
   crafted XML file could cause applications using Expat to fail while
   parsing the file.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the names CVE-2009-3560 and CVE-2009-3720 to these
   issues.

g. vMA and Service Console package openssh update to 4.3p2-36.el5_4.2

   A Red Hat specific patch used in the openssh packages as shipped in
   Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain
   ownership requirements for directories used as arguments for the
   ChrootDirectory configuration options. A malicious user that also
   has or previously had non-chroot shell access to a system could
   possibly use this flaw to escalate their privileges and run
   commands as any system user.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-2904 to this issue.

h. vMA and Service Console package ntp updated to
   ntp-4.2.2p1-9.el5_4.1.i386.rpm

   A flaw was discovered in the way ntpd handled certain malformed NTP
   packets. ntpd logged information about all such packets and replied
   with an NTP packet that was treated as malformed when received by
   another ntpd. A remote attacker could use this flaw to create an NTP
   packet reply loop between two ntpd servers through a malformed packet
   with a spoofed source IP address and port, causing ntpd on those
   servers to use excessive amounts of CPU time and fill disk space with
   log messages.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2009-3563 to this issue.   

i. vMA update for package kernel to 2.6.18-164.9.1.el5

   Updated vMA package kernel addresses the security issues listed
   below.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the name CVE-2009-2849 to the security issue fixed in
   kernel 2.6.18-128.2.1

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,
   CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues
   fixed in kernel 2.6.18-128.6.1

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,
   CVE-2009-3726 to the security issues fixed in kernel
   2.6.18-128.9.1

j. vMA 4.0 updates for the packages kpartx, libvolume-id,
   device-mapper-multipath, fipscheck, dbus, dbus-libs, and ed

   kpartx updated to 0.4.7-23.el5_3.4, libvolume-id updated to
   095-14.20.el5 device-mapper-multipath package updated to
   0.4.7-23.el5_3.4, fipscheck updated to 1.0.3-1.el5, dbus
   updated to 1.1.2-12.el5, dbus-libs updated to 1.1.2-12.el5,
   and ed package updated to 0.2-39.el5_2.

   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the names CVE-2008-3916, CVE-2009-1189 and
   CVE-2009-0115 to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.vmware.com/pipermail/security-announce/2010/000104.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/05");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
  script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");

  exit(0);
}


include("audit.inc");
include("vmware_esx_packages.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
  !get_kb_item("Host/VMware/esxcli_software_vibs") &&
  !get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);


init_esx_check(date:"2010-03-03");
flag = 0;


if (esx_check(ver:"ESX 3.5.0", patch:"ESX350-201006407-SG")) flag++;
if (esx_check(ver:"ESX 3.5.0", patch:"ESX350-201008406-SG")) flag++;

if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201002404-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201002406-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201002407-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005403-SG",
    patch_updates : make_list("ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;
if (
  esx_check(
    ver           : "ESX 4.0.0",
    patch         : "ESX400-201005404-SG",
    patch_updates : make_list("ESX400-201404402-SG", "ESX400-Update02", "ESX400-Update03", "ESX400-Update04")
  )
) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if (description)
{
  script_id(44311);
  script_version("1.12");
  script_cvs_date("Date: 2019/10/25 13:36:39");

  script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290");

  script_name(english:"SuSE 11 Security Update : bind (SAT Patch Number 1844)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"When bind is configured for DNSSEC it could incorrectly cache NXDOMAIN
responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was
incomplete. Despite the previous fix CNAME and DNAME responses could
be incorrectly cached (CVE-2010-0290). All these bugs have been fixed."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=570912"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-4022.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-0097.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-0290.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1844.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-chrootenv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/26");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");


flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"bind-libs-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"bind-utils-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"bind-libs-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"bind-libs-32bit-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"bind-utils-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"bind-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"bind-chrootenv-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"bind-doc-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"bind-libs-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"bind-utils-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"bind-libs-32bit-9.5.0P2-20.7.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"bind-libs-32bit-9.5.0P2-20.7.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201006-11.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(46778);
  script_version("1.12");
  script_cvs_date("Date: 2019/08/02 13:32:45");

  script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382");
  script_xref(name:"GLSA", value:"201006-11");

  script_name(english:"GLSA-201006-11 : BIND: Multiple vulnerabilities");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201006-11
(BIND: Multiple vulnerabilities)

    Multiple cache poisoning vulnerabilities were discovered in BIND. For
    further information please consult the CVE entries and the ISC Security
    Bulletin referenced below.
    Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete
    fix and a regression for CVE-2009-4022.
  
Impact :

    An attacker could exploit this weakness to poison the cache of a
    recursive resolver and thus spoof DNS traffic, which could e.g. lead to
    the redirection of web or mail traffic to malicious sites.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.isc.org/advisories/CVE2009-4022"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201006-11"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All BIND users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=net-dns/bind-9.4.3_p5'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"net-dns/bind", unaffected:make_list("ge 9.4.3_p5"), vulnerable:make_list("lt 9.4.3_p5"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BIND");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(60726);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/25 13:36:18");

  script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290");

  script_name(english:"Scientific Linux Security Update : bind on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"CVE-2010-0097 BIND DNSSEC NSEC/NSEC3 validation code could cause bogus
NXDOMAIN responses

CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete

A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If
BIND was running as a DNSSEC-validating resolver, it could incorrectly
cache NXDOMAIN responses, as if they were valid, for records proven by
NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause
a BIND server to return the bogus, cached NXDOMAIN responses for valid
records and prevent users from retrieving those records (denial of
service). (CVE-2010-0097)

The original fix for CVE-2009-4022 was found to be incomplete. BIND
was incorrectly caching certain responses without performing proper
DNSSEC validation. CNAME and DNAME records could be cached, without
proper DNSSEC validation, when received from processing recursive
client queries that requested DNSSEC records but indicated that
checking should be disabled. A remote attacker could use this flaw to
bypass the DNSSEC validation check and perform a cache poisoning
attack if the target BIND server was receiving such client queries.
(CVE-2010-0290)

After installing the update, the BIND daemon (named) will be restarted
automatically."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1001&L=scientific-linux-errata&T=0&P=1792
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?137641e1"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"bind-9.3.6-4.P1.el5_4.2")) flag++;
if (rpm_check(release:"SL5", reference:"bind-chroot-9.3.6-4.P1.el5_4.2")) flag++;
if (rpm_check(release:"SL5", reference:"bind-devel-9.3.6-4.P1.el5_4.2")) flag++;
if (rpm_check(release:"SL5", reference:"bind-libbind-devel-9.3.6-4.P1.el5_4.2")) flag++;
if (rpm_check(release:"SL5", reference:"bind-libs-9.3.6-4.P1.el5_4.2")) flag++;
if (rpm_check(release:"SL5", reference:"bind-sdb-9.3.6-4.P1.el5_4.2")) flag++;
if (rpm_check(release:"SL5", reference:"bind-utils-9.3.6-4.P1.el5_4.2")) flag++;
if (rpm_check(release:"SL5", reference:"caching-nameserver-9.3.6-4.P1.el5_4.2")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(89737);
  script_version("1.5");
  script_cvs_date("Date: 2018/08/06 14:03:16");

  script_cve_id(
    "CVE-2008-3916",
    "CVE-2008-4316",
    "CVE-2008-4552",
    "CVE-2009-0115",
    "CVE-2009-0590",
    "CVE-2009-1189",
    "CVE-2009-1377",
    "CVE-2009-1378",
    "CVE-2009-1379",
    "CVE-2009-1386",
    "CVE-2009-1387",
    "CVE-2009-2695",
    "CVE-2009-2849",
    "CVE-2009-2904",
    "CVE-2009-2905",
    "CVE-2009-2908",
    "CVE-2009-3228",
    "CVE-2009-3286",
    "CVE-2009-3547",
    "CVE-2009-3560",
    "CVE-2009-3563",
    "CVE-2009-3612",
    "CVE-2009-3613",
    "CVE-2009-3620",
    "CVE-2009-3621",
    "CVE-2009-3720",
    "CVE-2009-3726",
    "CVE-2009-4022"
  );
  script_bugtraq_id(
    30815,
    31602,
    31823,
    34100,
    34256,
    35001,
    35138,
    35174,
    36304,
    36515,
    36552,
    36639,
    36706,
    36723,
    36824,
    36827,
    36901,
    36936,
    37118,
    37203,
    37255
  );
  script_xref(name:"VMSA", value:"2010-0004");

  script_name(english:"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2010-0004) (remote check)");
  script_summary(english:"Checks the ESX / ESXi version and build number.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX host is missing a security-related patch. It is,
therefore, affected by multiple vulnerabilities, including remote code
execution vulnerabilities, in several third-party components and
libraries :

  - bind
  - expat
  - glib2
  - Kernel
  - newt
  - nfs-utils
  - NTP
  - OpenSSH
  - OpenSSL");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2010-0004");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000104.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 3.5 / 4.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(16, 20, 119, 189, 200, 264, 362, 399);

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver = get_kb_item_or_exit("Host/VMware/version");
rel = get_kb_item_or_exit("Host/VMware/release");
port = get_kb_item_or_exit("Host/VMware/vsphere");
esx = '';

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
else
{
  esx = extract[1];
  ver = extract[2];
}

# fixed build numbers are the same for ESX and ESXi
fixes = make_array(
          "4.0", "236512",
          "3.5", "283373"
        );

fix = FALSE;
fix = fixes[ver];

# get the build before checking the fix for the most complete audit trail
extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

# if there is no fix in the array, fix is FALSE
if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

if (build < fix)
{

  report = '\n  Version         : ' + esx + " " + ver +
           '\n  Installed build : ' + build +
           '\n  Fixed build     : ' + fix +
           '\n';
  security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and patch checks in this plugin were 
# extracted from HP patch PHNE_40339. The text itself is
# copyright (C) Hewlett-Packard Development Company, L.P.
#

include("compat.inc");

if (description)
{
  script_id(46813);
  script_version("1.20");
  script_cvs_date("Date: 2018/07/12 19:01:15");

  script_cve_id("CVE-2009-0696", "CVE-2009-4022", "CVE-2010-0290", "CVE-2010-0382");
  script_bugtraq_id(35848, 37118);
  script_xref(name:"HP", value:"emr_na-c01835108");
  script_xref(name:"HP", value:"emr_na-c02263226");
  script_xref(name:"HP", value:"HPSBUX02451");
  script_xref(name:"HP", value:"HPSBUX02546");
  script_xref(name:"HP", value:"SSRT090137");
  script_xref(name:"HP", value:"SSRT100159");

  script_name(english:"HP-UX PHNE_40339 : s700_800 11.23 BIND 9.2.0 Revision 5.0");
  script_summary(english:"Checks for the patch in the swlist output");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote HP-UX host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"s700_800 11.23 BIND 9.2.0 Revision 5.0 : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified
    with HP-UX running BIND. The vulnerability could be
    exploited remotely to create a Denial of Service (DoS)
    and permit unauthorized disclosure of information.
    (HPSBUX02546 SSRT100159)

  - A potential security vulnerability has been identified
    with HP-UX running BIND. The vulnerability could be
    exploited remotely to create a Denial of Service (DoS).
    (HPSBUX02451 SSRT090137)"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01835108
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?937b96ed"
  );
  # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02263226
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?237e5744"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install patch PHNE_40339 or subsequent."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(16);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/05/28");
  script_set_attribute(attribute:"patch_modification_date", value:"2010/09/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");
  script_family(english:"HP-UX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("hpux.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX");
if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING);

if (!hpux_check_ctx(ctx:"11.23"))
{
  exit(0, "The host is not affected since PHNE_40339 applies to a different OS release.");
}

patches = make_list("PHNE_40339", "PHNE_41721", "PHNE_42727", "PHNE_43096", "PHNE_43278", "PHNE_43369");
foreach patch (patches)
{
  if (hpux_installed(app:patch))
  {
    exit(0, "The host is not affected because patch "+patch+" is installed.");
  }
}


flag = 0;
if (hpux_check_patch(app:"InternetSrvcs.INET-ENG-A-MAN", version:"B.11.23")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INET-JPN-E-MAN", version:"B.11.23")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INET-JPN-S-MAN", version:"B.11.23")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-INETD", version:"B.11.23")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS-RUN", version:"B.11.23")) flag++;
if (hpux_check_patch(app:"InternetSrvcs.INETSVCS2-RUN", version:"B.11.23")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandriva Linux Security Advisory MDVSA-2010:021. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(44102);
  script_version("1.20");
  script_cvs_date("Date: 2019/08/02 13:32:53");

  script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382");
  script_bugtraq_id(37118, 37865);
  script_xref(name:"MDVSA", value:"2010:021");

  script_name(english:"Mandriva Linux Security Advisory : bind (MDVSA-2010:021)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandriva Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Some vulnerabilities were discovered and corrected in bind :

The original fix for CVE-2009-4022 was found to be incomplete. BIND
was incorrectly caching certain responses without performing proper
DNSSEC validation. CNAME and DNAME records could be cached, without
proper DNSSEC validation, when received from processing recursive
client queries that requested DNSSEC records but indicated that
checking should be disabled. A remote attacker could use this flaw to
bypass the DNSSEC validation check and perform a cache poisoning
attack if the target BIND server was receiving such client queries
(CVE-2010-0290).

There was an error in the DNSSEC NSEC/NSEC3 validation code that could
cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for
records proven by NSEC or NSEC3 to exist) to be cached as if they had
validated correctly, so that future queries to the resolver would
return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097).

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick
data accompanying a secure response without re-fetching from the
original source, which allows remote attackers to have an unspecified
impact via a crafted response, aka Bug 20819. NOTE: this vulnerability
exists because of a regression during the fix for CVE-2009-4022
(CVE-2010-0382).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Additionally BIND has been upgraded to the latest patch release
version."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=557121"
  );
  # https://www.isc.org/advisories/CVE-2009-4022v6
  script_set_attribute(
    attribute:"see_also",
    value:"https://marc.info/?l=bind-announce&m=126392310412888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.isc.org/advisories/CVE-2010-0097"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/01/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"bind-9.4.3-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"bind-devel-9.4.3-0.2mdv2008.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"bind-utils-9.4.3-0.2mdv2008.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.0", reference:"bind-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"bind-devel-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"bind-doc-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.0", reference:"bind-utils-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2009.1", reference:"bind-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"bind-devel-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"bind-doc-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2009.1", reference:"bind-utils-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++;

if (rpm_check(release:"MDK2010.0", reference:"bind-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"bind-devel-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"bind-doc-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2010.0", reference:"bind-utils-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1961. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(44826);
  script_version("1.16");
  script_cvs_date("Date: 2019/08/02 13:32:22");

  script_cve_id("CVE-2009-4022");
  script_bugtraq_id(37118);
  script_xref(name:"CERT", value:"418861");
  script_xref(name:"DSA", value:"1961");

  script_name(english:"Debian DSA-1961-1 : bind9 - DNS cache poisoning");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Michael Sinatra discovered that the DNS resolver component in BIND
does not properly check DNS records contained in additional sections
of DNS responses, leading to a cache poisoning vulnerability. This
vulnerability is only present in resolvers which have been configured
with DNSSEC trust anchors, which is still rare.

Note that this update contains an internal ABI change, which means
that all BIND-related packages (bind9, dnsutils and the library
packages) must be updated at the same time (preferably using 'apt-get
update' and 'apt-get upgrade'). In the unlikely event that you have
compiled your own software against libdns, you must recompile this
programs, too."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2009/dsa-1961"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the bind9 packages.

For the old stable distribution (etch), this problem has been fixed in
version 9.3.4-2etch6.

For the stable distribution (lenny), this problem has been fixed in
version 9.5.1.dfsg.P3-1+lenny1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"4.0", prefix:"bind9", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"bind9-doc", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"bind9-host", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"dnsutils", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"libbind-dev", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"libbind9-0", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"libdns22", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"libisc11", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"libisccc0", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"libisccfg1", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"liblwres9", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"4.0", prefix:"lwresd", reference:"9.3.4-2etch6")) flag++;
if (deb_check(release:"5.0", prefix:"bind9", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"bind9-doc", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"bind9-host", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"bind9utils", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"dnsutils", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libbind-dev", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libbind9-40", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libdns45", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libisc45", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libisccc40", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libisccfg40", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"liblwres40", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"lwresd", reference:"9.5.1.dfsg.P3-1+lenny1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from F5 Networks BIG-IP Solution SOL15748.
#
# The text description of this plugin is (C) F5 Networks.
#

include("compat.inc");

if (description)
{
  script_id(78697);
  script_version("1.4");
  script_cvs_date("Date: 2019/01/04 10:03:40");

  script_cve_id("CVE-2009-4022", "CVE-2010-0290");
  script_bugtraq_id(37118);

  script_name(english:"F5 Networks BIG-IP : BIND vulnerability (SOL15748)");
  script_summary(english:"Checks the BIG-IP version.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote device is missing a vendor-supplied security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before
9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta,
with DNSSEC validation enabled and checking disabled (CD), allows
remote attackers to conduct DNS cache poisoning attacks by receiving a
recursive client query and sending a response that contains (1) CNAME
or (2) DNAME records, which do not have the intended validation before
caching, aka Bug 20737. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2009-4022. (CVE-2010-0290)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.f5.com/csp/article/K15748"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL15748."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/10/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"F5 Networks Local Security Checks");

  script_dependencies("f5_bigip_detect.nbin");
  script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");

  exit(0);
}


include("f5_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
version = get_kb_item("Host/BIG-IP/version");
if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");

sol = "SOL15748";
vmatrix = make_array();

# APM
vmatrix["APM"] = make_array();
vmatrix["APM"]["affected"  ] = make_list("10.1.0");
vmatrix["APM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# ASM
vmatrix["ASM"] = make_array();
vmatrix["ASM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["ASM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# GTM
vmatrix["GTM"] = make_array();
vmatrix["GTM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["GTM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# LC
vmatrix["LC"] = make_array();
vmatrix["LC"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["LC"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# LTM
vmatrix["LTM"] = make_array();
vmatrix["LTM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["LTM"]["unaffected"] = make_list("11.0.0-11.6.0","10.2.0-10.2.4");

# PSM
vmatrix["PSM"] = make_array();
vmatrix["PSM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["PSM"]["unaffected"] = make_list("11.0.0-11.4.1","10.2.0-10.2.4");

# WAM
vmatrix["WAM"] = make_array();
vmatrix["WAM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["WAM"]["unaffected"] = make_list("11.0.0-11.3.0","10.2.0-10.2.4");

# WOM
vmatrix["WOM"] = make_array();
vmatrix["WOM"]["affected"  ] = make_list("10.0.0-10.1.0");
vmatrix["WOM"]["unaffected"] = make_list("11.0.0-11.3.0","10.2.0-10.2.4");


if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
{
  if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = bigip_get_tested_modules();
  audit_extra = "For BIG-IP module(s) " + tested + ",";
  if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
  else audit(AUDIT_HOST_NOT, "running any of the affected modules");
}

• name	Aharon Chernin
  organization	SCAP.com, LLC

• name	Dragos Prisaca
  organization	G2, Inc.

• comment	The operating system installed on the system is Red Hat Enterprise Linux 5
  oval	oval:org.mitre.oval:def:11414

• comment	The operating system installed on the system is CentOS Linux 5.x
  oval	oval:org.mitre.oval:def:15802

• comment	Oracle Linux 5.x
  oval	oval:org.mitre.oval:def:15459

• comment	IBM AIX 6100-02 is installed
  oval	oval:org.mitre.oval:def:5685

• comment	IBM AIX 6100-03 is installed
  oval	oval:org.mitre.oval:def:6736

• comment	IBM AIX 6100-04 is installed
  oval	oval:org.mitre.oval:def:7373

• name	Chandan M C
  organization	Hewlett-Packard

• name	Sushant Kumar Singh
  organization	Hewlett-Packard

• name	Sushant Kumar Singh
  organization	Hewlett-Packard

• comment	Solaris 9 (SPARC) is installed
  oval	oval:org.mitre.oval:def:1457

• comment	Solaris 10 (SPARC) is installed
  oval	oval:org.mitre.oval:def:1440

• comment	Solaris 9 (x86) is installed
  oval	oval:org.mitre.oval:def:1683

• comment	Solaris 10 (x86) is installed
  oval	oval:org.mitre.oval:def:1926