Vulnerabilities > CVE-2012-1033 - Unspecified vulnerability in ISC Bind
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN isc
nessus
Summary
The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
Vulnerable Configurations
Nessus
NASL family Misc. NASL id VMWARE_VMSA-2012-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - bind - expat - nspr and nss - python - vSphere API last seen 2020-06-01 modified 2020-06-02 plugin id 89039 published 2016-02-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89039 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89039); script_version("1.5"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2011-4940", "CVE-2011-4944", "CVE-2012-0441", "CVE-2012-0876", "CVE-2012-1033", "CVE-2012-1148", "CVE-2012-1150", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-5703" ); script_bugtraq_id( 51239, 51898, 52379, 52732, 53772, 54083, 54658, 56571 ); script_xref(name:"VMSA", value:"2012-0016"); script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)"); script_summary(english:"Checks the ESX / ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - bind - expat - nspr and nss - python - vSphere API"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2012-0016.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.1 or ESXi version 4.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1667"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/15"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/29"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("Host/VMware/version"); release = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); # Version + build map # https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508 fixes = make_array(); fixes["ESXi 4.1"] = 874690; fixes["ESX 4.1"] = 874690; matches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release); if (empty_or_null(matches)) exit(1, 'Failed to extract the ESX / ESXi build number.'); type = matches[1]; build = int(matches[2]); fixed_build = fixes[version]; if (!isnull(fixed_build) && build < fixed_build) { padding = crap(data:" ", length:8 - strlen(type)); # Spacing alignment report = '\n ' + type + ' version' + padding + ': ' + version + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_report_v4(extra:report, port:port, severity:SECURITY_HOLE); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + version + " build " + build);NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0716.NASL description From Red Hat Security Advisory 2012:0716 : Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68537 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68537 title Oracle Linux 5 / 6 : bind (ELSA-2012-0716) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0716 and # Oracle Linux Security Advisory ELSA-2012-0716 respectively. # include("compat.inc"); if (description) { script_id(68537); script_version("1.10"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-1033", "CVE-2012-1667"); script_bugtraq_id(51898, 53772); script_xref(name:"RHSA", value:"2012:0716"); script_name(english:"Oracle Linux 5 / 6 : bind (ELSA-2012-0716)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:0716 : Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-June/002851.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-June/002852.html" ); script_set_attribute(attribute:"solution", value:"Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:caching-nameserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"bind-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-chroot-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-devel-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-libbind-devel-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-libs-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-sdb-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-utils-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"caching-nameserver-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL6", reference:"bind-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-chroot-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-devel-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-libs-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-sdb-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-utils-9.7.3-8.P3.el6_2.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libbind-devel / bind-libs / etc"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1462-1.NASL description Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667) It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked. (CVE-2012-1033). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59386 published 2012-06-06 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59386 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : bind9 vulnerabilities (USN-1462-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1462-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(59386); script_version("1.13"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-1033", "CVE-2012-1667"); script_bugtraq_id(51898, 53772); script_xref(name:"USN", value:"1462-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : bind9 vulnerabilities (USN-1462-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667) It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked. (CVE-2012-1033). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1462-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdns36"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdns64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdns69"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdns81"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|10\.04|11\.04|11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.04 / 11.10 / 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libdns36", pkgver:"1:9.4.2.dfsg.P2-2ubuntu0.10")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"libdns64", pkgver:"1:9.7.0.dfsg.P1-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"11.04", pkgname:"libdns69", pkgver:"1:9.7.3.dfsg-1ubuntu2.4")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"libdns69", pkgver:"1:9.7.3.dfsg-1ubuntu4.2")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"libdns81", pkgver:"1:9.8.1.dfsg.P1-4ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libdns36 / libdns64 / libdns69 / libdns81"); }NASL family DNS NASL id BIND9_990.NASL description According to its self-reported version number, the remote installation of BIND will continue to allow revoked domain names to be resolved due to an issue related to the cache update policy. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected. last seen 2020-06-01 modified 2020-06-02 plugin id 62355 published 2012-09-27 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62355 title ISC BIND Cache Update Policy Deleted Domain Name Resolving Weakness NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0717.NASL description Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59424 published 2012-06-08 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59424 title RHEL 5 : bind97 (RHSA-2012:0717) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0055.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite - Fix (CVE-2016-1285, CVE-2016-1286) - Fix (CVE-2015-8704) - Fix (CVE-2015-8000) - Fix (CVE-2015-5722) - Fix (CVE-2015-5477) - Remove files backup after patching (Related: #1171971) - Fix CVE-2014-8500 (#1171971) - fix race condition in socket module - fix (CVE-2012-5166) - bind-chroot-admin: set correct permissions on /etc/named.conf during update - fix (CVE-2012-4244) - fix (CVE-2012-3817) - fix (CVE-2012-1667) - fix (CVE-2012-1033) last seen 2020-06-01 modified 2020-06-02 plugin id 91739 published 2016-06-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91739 title OracleVM 3.2 : bind (OVMSA-2016-0055) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-166-01.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59507 published 2012-06-15 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59507 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2012-166-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-383.NASL description Fixed domain name resolving flaw: CVE-2012-1033, bnc#746074 Non-security fixes : - more than 40 other bugs fixed (see CHANGES for details) - 9.7.6-P1 last seen 2020-06-05 modified 2014-06-13 plugin id 74678 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74678 title openSUSE Security Update : bind (openSUSE-SU-2012:0863-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-04.NASL description The remote host is affected by the vulnerability described in GLSA-201209-04 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND: Domain names are not properly revoked due to an error in the cache update policy (CVE-2012-1033). BIND accepts records with zero-length RDATA fields (CVE-2012-1667). An assertion failure from the failing-query cache could occur when DNSSEC validation is enabled (CVE-2012-3817). A memory leak may occur under high TCP query loads (CVE-2012-3868). An assertion error can occur when a query is performed for a record with RDATA greater than 65535 bytes (CVE-2012-4244). Impact : A remote attacker may be able to cause a Denial of Service condition or keep domain names resolvable after it has been deleted from registration. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62237 published 2012-09-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62237 title GLSA-201209-04 : BIND: Multiple vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20120607_BIND97_ON_SL5_X.NASL description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-03-18 modified 2012-08-01 plugin id 61324 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61324 title Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20120607) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0016.NASL description a. VMware vSphere API denial of service vulnerability The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. VMware would like to thank Sebastian Tello of Core Security Technologies for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue. b. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1033, CVE-2012-1667, and CVE-2012-3817 to these issues. c. Update to ESX service console python packages The ESX service console Python packages are updated to the following versions : python-2.4.3-46.el5_8.2.x86_64 python-libs-2.4.3-46.el5_8.2.x86_64 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4940, CVE-2011-4944, and CVE-2012-1150 to these issues. d. Update to ESX service console expat package The ESX service console expat package is updated to expat-1.95.8-11.el5_8. This update fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-0876 and CVE-2012-1148 to these issues. e. Update to ESX service console nspr and nss packages This patch updates the ESX service console Netscape Portable Runtime and Network Security Services RPMs to versions nspr-4.9.1.4.el5_8 and nss-3.13.5.4.9834, respectively, to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0441 to this issue. This patch also resolves a certificate trust issue caused by a fraudulent DigiNotar root certificate. last seen 2020-06-01 modified 2020-06-02 plugin id 62944 published 2012-11-16 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62944 title VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0716.NASL description Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59423 published 2012-06-08 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59423 title RHEL 5 / 6 : bind (RHSA-2012:0716) NASL family HP-UX Local Security Checks NASL id HPUX_PHNE_43369.NASL description s700_800 11.23 BIND 9.2.0 Revision 5.0 : A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely as a domain name revalidation. last seen 2020-06-01 modified 2020-06-02 plugin id 63319 published 2012-12-21 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63319 title HP-UX PHNE_43369 : s700_800 11.23 BIND 9.2.0 Revision 5.0 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0717.NASL description From Red Hat Security Advisory 2012:0717 : Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68538 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68538 title Oracle Linux 5 : bind97 (ELSA-2012-0717) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-84.NASL description A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) last seen 2020-06-01 modified 2020-06-02 plugin id 69691 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69691 title Amazon Linux AMI : bind (ALAS-2012-84) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15481.NASL description The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a last seen 2020-06-01 modified 2020-06-02 plugin id 78189 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78189 title F5 Networks BIG-IP : BIND vulnerability (SOL15481) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0717.NASL description Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59414 published 2012-06-08 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59414 title CentOS 5 : bind97 (CESA-2012:0717) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-382.NASL description Fixed domain name resolving flaw: CVE-2012-1033, bnc#746074 Non-security fixes : - added TLSA record type - added wire format lookup method to sdb - many many bugfixes (see CHANGES for details) - 9.8.3-P1 last seen 2020-06-05 modified 2014-06-13 plugin id 74677 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74677 title openSUSE Security Update : bind (openSUSE-SU-2012:0864-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family Scientific Linux Local Security Checks NASL id SL_20120607_BIND_ON_SL5_X.NASL description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-03-18 modified 2012-08-01 plugin id 61325 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61325 title Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20120607) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0716.NASL description Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59413 published 2012-06-08 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59413 title CentOS 5 / 6 : bind (CESA-2012:0716)
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 51898 CVE ID: CVE-2012-1033 BIND是一个应用非常广泛的DNS协议实现,由ISC负责维护,具体的开发由Nominum公司完成。 ISC BIND在缓存更新策略的实现上存在无法正确处理废弃域名的安全限制绕过漏洞,可导致从注册表中删除后还可以解析域名。 0 ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x 厂商补丁: ISC --- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.isc.org/ |
| id | SSV:30099 |
| last seen | 2017-11-19 |
| modified | 2012-02-09 |
| published | 2012-02-09 |
| reporter | Root |
| title | ISC BIND安全限制绕过漏洞(CVE-2012-1033) |
References
- http://marc.info/?l=bugtraq&m=135638082529878&w=2
- http://marc.info/?l=bugtraq&m=135638082529878&w=2
- http://osvdb.org/78916
- http://rhn.redhat.com/errata/RHSA-2012-0717.html
- http://secunia.com/advisories/47884
- http://www.kb.cert.org/vuls/id/542123
- http://www.securityfocus.com/bid/51898
- http://www.securitytracker.com/id?1026647
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73053
- https://hermes.opensuse.org/messages/15136456
- https://hermes.opensuse.org/messages/15136477
- https://www.isc.org/software/bind/advisories/cve-2012-1033
- http://marc.info/?l=bugtraq&m=135638082529878&w=2
- https://www.isc.org/software/bind/advisories/cve-2012-1033
- https://hermes.opensuse.org/messages/15136477
- https://hermes.opensuse.org/messages/15136456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73053
- http://www.securitytracker.com/id?1026647
- http://www.securityfocus.com/bid/51898
- http://www.kb.cert.org/vuls/id/542123
- http://secunia.com/advisories/47884
- http://rhn.redhat.com/errata/RHSA-2012-0717.html
- http://osvdb.org/78916
- http://marc.info/?l=bugtraq&m=135638082529878&w=2