Vulnerabilities > CVE-2010-0097 - Improper Input Validation vulnerability in ISC Bind
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family AIX Local Security Checks NASL id AIX_IV10049.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63701 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63701 title AIX 7.1 TL 1 : bind9 (IV10049) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory3.asc. # include("compat.inc"); if (description) { script_id(63701); script_version("1.4"); script_cvs_date("Date: 2019/09/16 14:13:03"); script_cve_id("CVE-2009-0025", "CVE-2010-0097", "CVE-2010-0382", "CVE-2011-4313"); script_name(english:"AIX 7.1 TL 1 : bind9 (IV10049)"); script_summary(english:"Check for APAR IV10049"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal." ); # http://www.isc.org/software/bind/advisories/cve-2011-4313 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f77e2a75" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory3.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_cwe_id(287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.1", ml:"01", sp:"01", patch:"IV10049m01", package:"bos.net.tcp.client", minfilesetver:"7.1.1.0", maxfilesetver:"7.1.1.1") < 0) flag++; if (aix_check_ifix(release:"7.1", ml:"01", sp:"01", patch:"IV10049m01", package:"bos.net.tcp.server", minfilesetver:"7.1.1.0", maxfilesetver:"7.1.1.0") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2054.NASL description Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. - CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. - CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the last seen 2020-06-01 modified 2020-06-02 plugin id 46829 published 2010-06-08 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46829 title Debian DSA-2054-1 : bind9 - DNS cache poisoning code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2054. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(46829); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382"); script_bugtraq_id(37118, 37865); script_xref(name:"DSA", value:"2054"); script_name(english:"Debian DSA-2054-1 : bind9 - DNS cache poisoning"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. - CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. - CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed. In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the 'roll over and die' phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root (RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence algorithm used by some signed top-level domains. This update is based on a new upstream version of BIND 9, 9.6-ESV-R1. Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using 'apt-get dist-upgrade' (or an equivalent aptitude command)." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0097" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0290" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0382" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2054" ); script_set_attribute( attribute:"solution", value: "Upgrade the bind9 packages. For the stable distribution (lenny), these problems have been fixed in version 1:9.6.ESV.R1+dfsg-0+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"bind9", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"bind9-doc", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"bind9-host", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"bind9utils", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"dnsutils", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libbind-dev", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libbind9-50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libdns55", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libisc52", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libisccc50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libisccfg50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"liblwres50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"lwresd", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_11_2_BIND-100121.NASL description bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290). last seen 2020-06-01 modified 2020-06-02 plugin id 44309 published 2010-01-26 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44309 title openSUSE Security Update : bind (bind-1845) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update bind-1845. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(44309); script_version("1.9"); script_cvs_date("Date: 2019/10/25 13:36:38"); script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290"); script_name(english:"openSUSE Security Update : bind (bind-1845)"); script_summary(english:"Check for the bind-1845 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=570912" ); script_set_attribute(attribute:"solution", value:"Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-chrootenv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.2"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.2", reference:"bind-9.6.1P3-1.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"bind-chrootenv-9.6.1P3-1.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"bind-devel-9.6.1P3-1.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"bind-libs-9.6.1P3-1.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", reference:"bind-utils-9.6.1P3-1.1.1") ) flag++; if ( rpm_check(release:"SUSE11.2", cpu:"x86_64", reference:"bind-libs-32bit-9.6.1P3-1.1.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chrootenv / bind-devel / bind-libs / bind-libs-32bit / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_BIND-100121.NASL description When bind is configured for DNSSEC it could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290). All these bugs have been fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 44311 published 2010-01-26 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44311 title SuSE 11 Security Update : bind (SAT Patch Number 1844) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(44311); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:39"); script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290"); script_name(english:"SuSE 11 Security Update : bind (SAT Patch Number 1844)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "When bind is configured for DNSSEC it could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290). All these bugs have been fixed." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=570912" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-4022.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0097.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-0290.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 1844."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-chrootenv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0"); flag = 0; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"bind-libs-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"bind-utils-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"bind-libs-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"bind-libs-32bit-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"bind-utils-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"bind-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"bind-chrootenv-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"bind-doc-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"bind-libs-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLES11", sp:0, reference:"bind-utils-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"s390x", reference:"bind-libs-32bit-9.5.0P2-20.7.1")) flag++; if (rpm_check(release:"SLES11", sp:0, cpu:"x86_64", reference:"bind-libs-32bit-9.5.0P2-20.7.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-11.NASL description The remote host is affected by the vulnerability described in GLSA-201006-11 (BIND: Multiple vulnerabilities) Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete fix and a regression for CVE-2009-4022. Impact : An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46778 published 2010-06-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46778 title GLSA-201006-11 : BIND: Multiple vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201006-11. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(46778); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382"); script_xref(name:"GLSA", value:"201006-11"); script_name(english:"GLSA-201006-11 : BIND: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201006-11 (BIND: Multiple vulnerabilities) Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete fix and a regression for CVE-2009-4022. Impact : An attacker could exploit this weakness to poison the cache of a recursive resolver and thus spoof DNS traffic, which could e.g. lead to the redirection of web or mail traffic to malicious sites. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://www.isc.org/advisories/CVE2009-4022" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201006-11" ); script_set_attribute( attribute:"solution", value: "All BIND users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/bind-9.4.3_p5'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-dns/bind", unaffected:make_list("ge 9.4.3_p5"), vulnerable:make_list("lt 9.4.3_p5"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BIND"); }NASL family Scientific Linux Local Security Checks NASL id SL_20100120_BIND_ON_SL5_X.NASL description CVE-2010-0097 BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097) The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2010-0290) After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 60726 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60726 title Scientific Linux Security Update : bind on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60726); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:18"); script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290"); script_name(english:"Scientific Linux Security Update : bind on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "CVE-2010-0097 BIND DNSSEC NSEC/NSEC3 validation code could cause bogus NXDOMAIN responses CVE-2010-0290 BIND upstream fix for CVE-2009-4022 is incomplete A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097) The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2010-0290) After installing the update, the BIND daemon (named) will be restarted automatically." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1001&L=scientific-linux-errata&T=0&P=1792 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?137641e1" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"bind-9.3.6-4.P1.el5_4.2")) flag++; if (rpm_check(release:"SL5", reference:"bind-chroot-9.3.6-4.P1.el5_4.2")) flag++; if (rpm_check(release:"SL5", reference:"bind-devel-9.3.6-4.P1.el5_4.2")) flag++; if (rpm_check(release:"SL5", reference:"bind-libbind-devel-9.3.6-4.P1.el5_4.2")) flag++; if (rpm_check(release:"SL5", reference:"bind-libs-9.3.6-4.P1.el5_4.2")) flag++; if (rpm_check(release:"SL5", reference:"bind-sdb-9.3.6-4.P1.el5_4.2")) flag++; if (rpm_check(release:"SL5", reference:"bind-utils-9.3.6-4.P1.el5_4.2")) flag++; if (rpm_check(release:"SL5", reference:"caching-nameserver-9.3.6-4.P1.el5_4.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV09978.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63700 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63700 title AIX 6.1 TL 7 : bind9 (IV09978) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory3.asc. # include("compat.inc"); if (description) { script_id(63700); script_version("1.9"); script_cvs_date("Date: 2019/09/16 14:13:03"); script_cve_id("CVE-2009-0025", "CVE-2010-0097", "CVE-2010-0382", "CVE-2011-4313"); script_bugtraq_id(33151, 37118, 37865); script_name(english:"AIX 6.1 TL 7 : bind9 (IV09978)"); script_summary(english:"Check for APAR IV09978"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal." ); # http://www.isc.org/software/bind/advisories/cve-2011-4313 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f77e2a75" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory3.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"6.1", ml:"07", sp:"01", patch:"IV09978m01", package:"bos.net.tcp.client", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.1") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"07", sp:"01", patch:"IV09978m01", package:"bos.net.tcp.server", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.0") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV09491.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63699 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63699 title AIX 5.3 TL 12 : bind9 (IV09491) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory3.asc. # include("compat.inc"); if (description) { script_id(63699); script_version("1.9"); script_cvs_date("Date: 2019/09/16 14:13:03"); script_cve_id("CVE-2009-0025", "CVE-2010-0097", "CVE-2010-0382", "CVE-2011-4313"); script_bugtraq_id(33151, 37118, 37865); script_name(english:"AIX 5.3 TL 12 : bind9 (IV09491)"); script_summary(english:"Check for APAR IV09491"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal." ); # http://www.isc.org/software/bind/advisories/cve-2011-4313 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f77e2a75" ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory3.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"5.3", ml:"12", sp:"05", patch:"IV09491m05", package:"bos.net.tcp.client", minfilesetver:"5.3.12.0", maxfilesetver:"5.3.12.5") < 0) flag++; if (aix_check_ifix(release:"5.3", ml:"12", sp:"05", patch:"IV09491m05", package:"bos.net.tcp.server", minfilesetver:"5.3.12.0", maxfilesetver:"5.3.12.3") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-021.NASL description Some vulnerabilities were discovered and corrected in bind : The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries (CVE-2010-0290). There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097). ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022 (CVE-2010-0382). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version. last seen 2020-06-01 modified 2020-06-02 plugin id 44102 published 2010-01-21 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44102 title Mandriva Linux Security Advisory : bind (MDVSA-2010:021) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:021. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(44102); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2009-4022", "CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382"); script_bugtraq_id(37118, 37865); script_xref(name:"MDVSA", value:"2010:021"); script_name(english:"Mandriva Linux Security Advisory : bind (MDVSA-2010:021)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Some vulnerabilities were discovered and corrected in bind : The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries (CVE-2010-0290). There was an error in the DNSSEC NSEC/NSEC3 validation code that could cause bogus NXDOMAIN responses (that is, NXDOMAIN responses for records proven by NSEC or NSEC3 to exist) to be cached as if they had validated correctly, so that future queries to the resolver would return the bogus NXDOMAIN with the AD flag set (CVE-2010-0097). ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022 (CVE-2010-0382). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally BIND has been upgraded to the latest patch release version." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=557121" ); # https://www.isc.org/advisories/CVE-2009-4022v6 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=bind-announce&m=126392310412888" ); script_set_attribute( attribute:"see_also", value:"https://www.isc.org/advisories/CVE-2010-0097" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"bind-9.4.3-0.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"bind-devel-9.4.3-0.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"bind-utils-9.4.3-0.2mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"bind-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"bind-devel-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"bind-doc-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"bind-utils-9.5.2-0.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"bind-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"bind-devel-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"bind-doc-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.1", reference:"bind-utils-9.6.1-0.2mdv2009.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"bind-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"bind-devel-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"bind-doc-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.0", reference:"bind-utils-9.6.1-4.2mdv2010.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family DNS NASL id BIND9_BOGUS_NXDOMAIN_CACHING.NASL description According to its version number, the remote installation of BIND suffers from a cache poisoning vulnerability. The vulnerability exists due to an error in DNSSEC NSEC/NSEC3 validation code which could cause caching of bogus NXDOMAIN responses without correctly validating them. This issue affects all versions prior to 9.4.3-P5, 9.5.2-P2, 9.6.1-P3 or pre-releases of 9.7.0. Note that only nameservers that allow recursive queries and validate DNSSEC records are affected. Nessus has tried to verify if the remote service supports DNSSEC options, but has not verified if the remote service allows recursive queries, so this could be a false positive. last seen 2020-06-01 modified 2020-06-02 plugin id 44116 published 2010-01-22 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44116 title ISC BIND 9 DNSSEC NSEC/NSEC3 Bogus NXDOMAIN Responses NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0009.NASL description a. Service Console update for COS kernel Updated COS package last seen 2020-06-01 modified 2020-06-02 plugin id 46765 published 2010-06-01 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46765 title VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0062.NASL description From Red Hat Security Advisory 2010:0062 : Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097) The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2010-0290) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67991 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67991 title Oracle Linux 5 : bind (ELSA-2010-0062) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0062.NASL description Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097) The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2010-0290) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 44099 published 2010-01-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44099 title CentOS 5 : bind (CESA-2010:0062) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL17025.NASL description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records. last seen 2020-06-01 modified 2020-06-02 plugin id 85131 published 2015-07-31 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85131 title F5 Networks BIG-IP : BIND DNSSEC vulnerability (SOL17025) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2010-0009_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd last seen 2020-06-01 modified 2020-06-02 plugin id 89740 published 2016-03-08 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89740 title VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check) NASL family Fedora Local Security Checks NASL id FEDORA_2010-0861.NASL description Update to 9.6.1-P3 release which contains fix for CVE-2010-0097. This update also fixes occasional assertion failure in keytable.c. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47199 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47199 title Fedora 11 : bind-9.6.1-9.P3.fc11 (2010-0861) NASL family AIX Local Security Checks NASL id AIX_IV11743.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63706 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63706 title AIX 6.1 TL 6 : bind9 (IV11743) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-888-1.NASL description It was discovered that Bind would incorrectly cache bogus NXDOMAIN responses. When DNSSEC validation is in use, a remote attacker could exploit this to cause a denial of service, and possibly poison DNS caches. (CVE-2010-0097) USN-865-1 provided updated Bind packages to fix a security vulnerability. The upstream security patch to fix CVE-2009-4022 was incomplete and CVE-2010-0290 was assigned to the issue. This update corrects the problem. Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44106 published 2010-01-21 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44106 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : bind9 vulnerabilities (USN-888-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2010-176-01.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues when DNSSEC is enabled (which is not the default setting). last seen 2020-06-01 modified 2020-06-02 plugin id 54879 published 2011-05-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/54879 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2010-176-01) NASL family SuSE Local Security Checks NASL id SUSE_11_1_BIND-100121.NASL description bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290). last seen 2020-06-01 modified 2020-06-02 plugin id 44307 published 2010-01-26 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44307 title openSUSE Security Update : bind (bind-1845) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family SuSE Local Security Checks NASL id SUSE_11_0_BIND-100121.NASL description bind when configured for DNSSEC could incorrectly cache NXDOMAIN responses (CVE-2010-0097). Moreover, the fix for CVE-2009-4022 was incomplete. Despite the previous fix CNAME and DNAME responses could be incorrectly cached (CVE-2010-0290). bind was updated to version 9.4.3-P5 in order to fix those issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44305 published 2010-01-26 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44305 title openSUSE Security Update : bind (bind-1843) NASL family AIX Local Security Checks NASL id AIX_IV11744.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63707 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63707 title AIX 7.1 TL 0 : bind9 (IV11744) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2011-006.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2011-006 applied. This update contains numerous security-related fixes for the following components : - Apache - Application Firewall - ATS - BIND - Certificate Trust Policy - CFNetwork - CoreFoundation - CoreMedia - File Systems - IOGraphics - iChat Server - Mailman - MediaKit - PHP - postfix - python - QuickTime - Tomcat - User Documentation - Web Server - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 56481 published 2011-10-13 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56481 title Mac OS X Multiple Vulnerabilities (Security Update 2011-006) NASL family Fedora Local Security Checks NASL id FEDORA_2010-0868.NASL description Update to 9.6.1-P3 release which contains fix for CVE-2010-0097. This update also fixes occasional assertion failure in keytable.c. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47200 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47200 title Fedora 12 : bind-9.6.1-15.P3.fc12 (2010-0868) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0062.NASL description Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097) The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2010-0290) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 44105 published 2010-01-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44105 title RHEL 5 : bind (RHSA-2010:0062) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family AIX Local Security Checks NASL id AIX_IV11742.NASL description An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. Furthermore, AIX BIND 9.4.1 is affected by the following three security vulnerabilities: CVE-2010-0382 - ISC BIND Out-Of-Bailwick Data Handling Error CVE-2010-0097 - ISC BIND Improper DNSSEC NSEC and NSEC3 Record CVE-2009-0025 - BIND OpenSSL DSA_do_verify and EVP_VerifyFinal. last seen 2020-06-01 modified 2020-06-02 plugin id 63705 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63705 title AIX 6.1 TL 5 : bind9 (IV11742)
Oval
accepted 2015-04-20T04:00:17.950-04:00 class vulnerability contributors name Varun Narula organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Sushant Kumar Singh organization Hewlett-Packard name Prashant Kumar organization Hewlett-Packard name Mike Cokus organization The MITRE Corporation
description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. family unix id oval:org.mitre.oval:def:12205 status accepted submitted 2010-10-08T15:07:35.000-05:00 title HP-UX Running BIND, Remote Compromise of NXDOMAIN Responses. version 47 accepted 2010-07-12T04:00:12.648-04:00 class vulnerability contributors name J. Daniel Brown organization DTCC name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293 description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. family unix id oval:org.mitre.oval:def:7212 status accepted submitted 2010-06-01T17:30:00.000-05:00 title ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability version 8 accepted 2010-06-14T04:00:52.110-04:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard definition_extensions comment Solaris 9 (SPARC) is installed oval oval:org.mitre.oval:def:1457 comment Solaris 10 (SPARC) is installed oval oval:org.mitre.oval:def:1440 comment Solaris 9 (x86) is installed oval oval:org.mitre.oval:def:1683 comment Solaris 10 (x86) is installed oval oval:org.mitre.oval:def:1926
description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. family unix id oval:org.mitre.oval:def:7430 status accepted submitted 2010-05-03T13:51:32.000-04:00 title A vulnerability in the way named(1M) handles recursive client queries may allow a remote unprivileged user to cause named(1M) to return NXDOMAIN (Non-Existent Domain) for Internet hosts thus causing a Denial of Service (DoS) for those hosts to end users version 38 accepted 2013-04-29T04:18:56.119-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. family unix id oval:org.mitre.oval:def:9357 status accepted submitted 2010-07-09T03:56:16-04:00 title ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. version 18
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- ftp://ftp.sco.com/pub/unixware7/714/security/p535243_uw7/p535243b.txt
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034196.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-January/034202.html
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
- http://marc.info/?l=bugtraq&m=127195582210247&w=2
- http://secunia.com/advisories/38169
- http://secunia.com/advisories/38219
- http://secunia.com/advisories/38240
- http://secunia.com/advisories/39334
- http://secunia.com/advisories/39582
- http://secunia.com/advisories/40086
- http://securitytracker.com/id?1023474
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021798.1-1
- http://support.apple.com/kb/HT5002
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018
- http://www.debian.org/security/2010/dsa-2054
- http://www.kb.cert.org/vuls/id/360341
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:021
- http://www.osvdb.org/61853
- http://www.securityfocus.com/bid/37865
- http://www.ubuntu.com/usn/USN-888-1
- http://www.vupen.com/english/advisories/2010/0176
- http://www.vupen.com/english/advisories/2010/0622
- http://www.vupen.com/english/advisories/2010/0981
- http://www.vupen.com/english/advisories/2010/1352
- https://bugzilla.redhat.com/show_bug.cgi?id=554851
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55753
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12205
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7430
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9357
- https://rhn.redhat.com/errata/RHSA-2010-0062.html
- https://rhn.redhat.com/errata/RHSA-2010-0095.html
- https://www.isc.org/advisories/CVE-2010-0097