Vulnerabilities > CVE-2012-1667 - Numeric Errors vulnerability in ISC Bind
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
COMPLETE Summary
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Misc. NASL id VMWARE_VMSA-2012-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - bind - expat - nspr and nss - python - vSphere API last seen 2020-06-01 modified 2020-06-02 plugin id 89039 published 2016-02-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89039 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89039); script_version("1.5"); script_cvs_date("Date: 2019/11/19"); script_cve_id( "CVE-2011-4940", "CVE-2011-4944", "CVE-2012-0441", "CVE-2012-0876", "CVE-2012-1033", "CVE-2012-1148", "CVE-2012-1150", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-5703" ); script_bugtraq_id( 51239, 51898, 52379, 52732, 53772, 54083, 54658, 56571 ); script_xref(name:"VMSA", value:"2012-0016"); script_name(english:"VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)"); script_summary(english:"Checks the ESX / ESXi version and build number."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - bind - expat - nspr and nss - python - vSphere API"); script_set_attribute(attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2012-0016.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.1 or ESXi version 4.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1667"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/15"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/29"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("Host/VMware/version"); release = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); # Version + build map # https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014508 fixes = make_array(); fixes["ESXi 4.1"] = 874690; fixes["ESX 4.1"] = 874690; matches = eregmatch(pattern:'^VMware (ESXi?).*build-([0-9]+)$', string:release); if (empty_or_null(matches)) exit(1, 'Failed to extract the ESX / ESXi build number.'); type = matches[1]; build = int(matches[2]); fixed_build = fixes[version]; if (!isnull(fixed_build) && build < fixed_build) { padding = crap(data:" ", length:8 - strlen(type)); # Spacing alignment report = '\n ' + type + ' version' + padding + ': ' + version + '\n Installed build : ' + build + '\n Fixed build : ' + fixed_build + '\n'; security_report_v4(extra:report, port:port, severity:SECURITY_HOLE); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware " + version + " build " + build);NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0716.NASL description From Red Hat Security Advisory 2012:0716 : Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68537 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68537 title Oracle Linux 5 / 6 : bind (ELSA-2012-0716) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0716 and # Oracle Linux Security Advisory ELSA-2012-0716 respectively. # include("compat.inc"); if (description) { script_id(68537); script_version("1.10"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-1033", "CVE-2012-1667"); script_bugtraq_id(51898, 53772); script_xref(name:"RHSA", value:"2012:0716"); script_name(english:"Oracle Linux 5 / 6 : bind (ELSA-2012-0716)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:0716 : Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-June/002851.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-June/002852.html" ); script_set_attribute(attribute:"solution", value:"Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libbind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:caching-nameserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"bind-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-chroot-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-devel-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-libbind-devel-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-libs-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-sdb-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"bind-utils-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL5", reference:"caching-nameserver-9.3.6-20.P1.el5_8.1")) flag++; if (rpm_check(release:"EL6", reference:"bind-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-chroot-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-devel-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-libs-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-sdb-9.7.3-8.P3.el6_2.3")) flag++; if (rpm_check(release:"EL6", reference:"bind-utils-9.7.3-8.P3.el6_2.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libbind-devel / bind-libs / etc"); }NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL13660.NASL description ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial-of-service (DoS) (process crash or data corruption) or obtain sensitive information from process memory by way of a crafted record. (CVE-2012-1667) last seen 2020-06-01 modified 2020-06-02 plugin id 86003 published 2015-09-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86003 title F5 Networks BIG-IP : BIND vulnerability (SOL13660) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL13660. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(86003); script_version("2.7"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2012-1667"); script_bugtraq_id(53772); script_name(english:"F5 Networks BIG-IP : BIND vulnerability (SOL13660)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial-of-service (DoS) (process crash or data corruption) or obtain sensitive information from process memory by way of a crafted record. (CVE-2012-1667)" ); # http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6963.html script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K6963" ); # http://www.isc.org/products/BIND/ script_set_attribute( attribute:"see_also", value:"http://www.isc.org/downloads/BIND/" ); # http://www.isc.org/software/bind/advisories/cve-2012-1667 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5424fea4" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K13660" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL13660." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL13660"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.2.0","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("11.2.1-11.4.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.2.0","10.0.0-10.2.4","9.4.8"); vmatrix["ASM"]["unaffected"] = make_list("11.2.1-11.4.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3","9.4.8HF6"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.2.0","10.0.0-10.2.4","9.4.8"); vmatrix["GTM"]["unaffected"] = make_list("11.2.1-11.4.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3","9.4.8HF6"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.2.0","10.0.0-10.2.4","9.4.8"); vmatrix["LC"]["unaffected"] = make_list("11.2.1-11.4.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3","9.4.8HF6"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.2.0","10.0.0-10.2.4","9.4.8"); vmatrix["LTM"]["unaffected"] = make_list("11.2.1-11.4.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3","9.4.8HF6"); # PSM vmatrix["PSM"] = make_array(); vmatrix["PSM"]["affected" ] = make_list("11.0.0-11.2.0","10.0.0-10.2.4","9.4.8"); vmatrix["PSM"]["unaffected"] = make_list("11.2.1-11.4.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3","9.4.8HF6"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("11.0.0-11.2.0","10.0.0-10.2.4","9.4.8"); vmatrix["WAM"]["unaffected"] = make_list("11.2.1-11.3.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3","9.4.8HF6"); # WOM vmatrix["WOM"] = make_array(); vmatrix["WOM"]["affected" ] = make_list("11.0.0-11.2.0","10.0.0-10.2.4"); vmatrix["WOM"]["unaffected"] = make_list("11.2.1-11.3.0","11.2.0HF1","11.1.0HF4","11.0.0HF3","10.2.4HF3"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }NASL family AIX Local Security Checks NASL id AIX_IV22555.NASL description Adding records to BIND with zero length rdata fields could result in memory disclosure to client, data corruption or system crash. last seen 2020-06-01 modified 2020-06-02 plugin id 63721 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63721 title AIX 6.1 TL 7 : bind9 (IV22555) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind9_advisory4.asc. # include("compat.inc"); if (description) { script_id(63721); script_version("1.3"); script_cvs_date("Date: 2019/09/16 14:13:08"); script_cve_id("CVE-2012-1667"); script_name(english:"AIX 6.1 TL 7 : bind9 (IV22555)"); script_summary(english:"Check for APAR IV22555"); script_set_attribute( attribute:"synopsis", value:"The remote AIX host is missing a security patch." ); script_set_attribute( attribute:"description", value: "Adding records to BIND with zero length rdata fields could result in memory disclosure to client, data corruption or system crash." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory4.asc" ); script_set_attribute( attribute:"solution", value:"Install the appropriate interim fix." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"6.1", ml:"07", sp:"04", patch:"IV22555m04", package:"bos.net.tcp.client", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.16") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"07", sp:"04", patch:"IV22555m04", package:"bos.net.tcp.server", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.16") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"07", sp:"05", patch:"IV22555m05", package:"bos.net.tcp.client", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.16") < 0) flag++; if (aix_check_ifix(release:"6.1", ml:"07", sp:"05", patch:"IV22555m05", package:"bos.net.tcp.server", minfilesetver:"6.1.7.0", maxfilesetver:"6.1.7.16") < 0) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family AIX Local Security Checks NASL id AIX_IV22625.NASL description Adding records to BIND with zero length rdata fields could result in memory disclosure to client, data corruption or system crash. last seen 2020-06-01 modified 2020-06-02 plugin id 63724 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63724 title AIX 5.3 TL 12 : bind9 (IV22625) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1462-1.NASL description Dan Luther discovered that Bind incorrectly handled zero length rdata fields. A remote attacker could use this flaw to cause Bind to crash or behave erratically, resulting in a denial of service. (CVE-2012-1667) It was discovered that Bind incorrectly handled revoked domain names. A remote attacker could use this flaw to cause malicious domain names to be continuously resolvable even after they have been revoked. (CVE-2012-1033). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59386 published 2012-06-06 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59386 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : bind9 vulnerabilities (USN-1462-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8968.NASL description Update to the latest upstream release which fixes CVE-2012-1667. More information is available on http://www.isc.org/software/bind/advisories/CVE-2012-1667 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-14 plugin id 59488 published 2012-06-14 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59488 title Fedora 17 : bind-9.9.1-2.P1.fc17 (2012-8968) NASL family SuSE Local Security Checks NASL id SUSE_11_BIND-120604.NASL description The following issue has been fixed : - Records with zero length rdata field could have crashed named or disclose portions of memory to clients. (CVE-2012-1667) last seen 2020-06-05 modified 2013-01-25 plugin id 64111 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64111 title SuSE 11.2 Security Update : bind (SAT Patch Number 6382) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0717.NASL description Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59424 published 2012-06-08 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59424 title RHEL 5 : bind97 (RHSA-2012:0717) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-316.NASL description A remote denial of service in the bind nameserver via zero length rdata fields was fixed. last seen 2020-06-05 modified 2014-06-13 plugin id 74648 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74648 title openSUSE Security Update : bind (openSUSE-SU-2012:0722-1) NASL family SuSE Local Security Checks NASL id SUSE_BIND-8169.NASL description The following issue has been fixed : - Records with zero length rdata field could have crashed named or disclosed portions of memory to clients. (CVE-2012-1667) last seen 2020-06-05 modified 2012-06-18 plugin id 59552 published 2012-06-18 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59552 title SuSE 10 Security Update : bind (ZYPP Patch Number 8169) NASL family AIX Local Security Checks NASL id AIX_IV22554.NASL description Adding records to BIND with zero length rdata fields could result in memory disclosure to client, data corruption or system crash. last seen 2020-06-01 modified 2020-06-02 plugin id 63720 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63720 title AIX 6.1 TL 6 : bind9 (IV22554) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0055.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite - Fix (CVE-2016-1285, CVE-2016-1286) - Fix (CVE-2015-8704) - Fix (CVE-2015-8000) - Fix (CVE-2015-5722) - Fix (CVE-2015-5477) - Remove files backup after patching (Related: #1171971) - Fix CVE-2014-8500 (#1171971) - fix race condition in socket module - fix (CVE-2012-5166) - bind-chroot-admin: set correct permissions on /etc/named.conf during update - fix (CVE-2012-4244) - fix (CVE-2012-3817) - fix (CVE-2012-1667) - fix (CVE-2012-1033) last seen 2020-06-01 modified 2020-06-02 plugin id 91739 published 2016-06-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91739 title OracleVM 3.2 : bind (OVMSA-2016-0055) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-166-01.NASL description New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59507 published 2012-06-15 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59507 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : bind (SSA:2012-166-01) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-296.NASL description bind was updated to 9.8.4-P2 to fix security problems and bugs. Security Fixes Removed the check for regex.h in configure in order to disable regex syntax checking, as it exposes BIND to a critical flaw in libregex on some platforms. [CVE-2013-2266] [RT #32688] https://kb.isc.org/article/AA-00871 (bnc#811876) Prevents named from aborting with a require assertion failure on servers with DNS64 enabled. These crashes might occur as a result of specific queries that are received. (Note that this fix is a subset of a series of updates that will be included in full in BIND 9.8.5 and 9.9.3 as change #3388, RT #30996). [CVE-2012-5688] [RT #30792] A deliberately constructed combination of records could cause named to hang while populating the additional section of a response. [CVE-2012-5166] [RT #31090] Prevents a named assert (crash) when queried for a record whose RDATA exceeds 65535 bytes [CVE-2012-4244] [RT #30416] Prevents a named assert (crash) when validating caused by using last seen 2020-06-05 modified 2014-06-13 plugin id 74953 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74953 title openSUSE Security Update : bind (openSUSE-SU-2013:0605-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8962.NASL description Update to the latest upstream release which fixes CVE-2012-1667. More information is available on http://www.isc.org/software/bind/advisories/CVE-2012-1667 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-18 plugin id 59541 published 2012-06-18 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59541 title Fedora 15 : bind-9.8.3-2.P1.fc15 (2012-8962) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201209-04.NASL description The remote host is affected by the vulnerability described in GLSA-201209-04 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND: Domain names are not properly revoked due to an error in the cache update policy (CVE-2012-1033). BIND accepts records with zero-length RDATA fields (CVE-2012-1667). An assertion failure from the failing-query cache could occur when DNSSEC validation is enabled (CVE-2012-3817). A memory leak may occur under high TCP query loads (CVE-2012-3868). An assertion error can occur when a query is performed for a record with RDATA greater than 65535 bytes (CVE-2012-4244). Impact : A remote attacker may be able to cause a Denial of Service condition or keep domain names resolvable after it has been deleted from registration. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62237 published 2012-09-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62237 title GLSA-201209-04 : BIND: Multiple vulnerabilities NASL family DNS NASL id BIND9_991_P1.NASL description According to its self-reported version number, the remote installation of BIND does not properly handle resource records with a zero-length RDATA section, which may lead to unexpected outcomes, such as crashes of the affected server, disclosure of portions of memory, corrupted zone data, or other problems. Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected. last seen 2020-06-01 modified 2020-06-02 plugin id 59446 published 2012-06-11 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59446 title ISC BIND 9 Zero-Length RDATA Section Denial of Service / Information Disclosure NASL family Scientific Linux Local Security Checks NASL id SL_20120607_BIND97_ON_SL5_X.NASL description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-03-18 modified 2012-08-01 plugin id 61324 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61324 title Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20120607) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-089.NASL description A vulnerability was discovered and corrected in bind : ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record (CVE-2012-1667). The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 59440 published 2012-06-11 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59440 title Mandriva Linux Security Advisory : bind (MDVSA-2012:089) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8946.NASL description Update to the latest upstream release which fixes CVE-2012-1667. More information is available on http://www.isc.org/software/bind/advisories/CVE-2012-1667 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-18 plugin id 59540 published 2012-06-18 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59540 title Fedora 16 : bind-9.8.3-2.P1.fc16 (2012-8946) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0016.NASL description a. VMware vSphere API denial of service vulnerability The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. VMware would like to thank Sebastian Tello of Core Security Technologies for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue. b. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-1033, CVE-2012-1667, and CVE-2012-3817 to these issues. c. Update to ESX service console python packages The ESX service console Python packages are updated to the following versions : python-2.4.3-46.el5_8.2.x86_64 python-libs-2.4.3-46.el5_8.2.x86_64 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-4940, CVE-2011-4944, and CVE-2012-1150 to these issues. d. Update to ESX service console expat package The ESX service console expat package is updated to expat-1.95.8-11.el5_8. This update fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-0876 and CVE-2012-1148 to these issues. e. Update to ESX service console nspr and nss packages This patch updates the ESX service console Netscape Portable Runtime and Network Security Services RPMs to versions nspr-4.9.1.4.el5_8 and nss-3.13.5.4.9834, respectively, to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-0441 to this issue. This patch also resolves a certificate trust issue caused by a fraudulent DigiNotar root certificate. last seen 2020-06-01 modified 2020-06-02 plugin id 62944 published 2012-11-16 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62944 title VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0716.NASL description Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59423 published 2012-06-08 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59423 title RHEL 5 / 6 : bind (RHSA-2012:0716) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2486.NASL description It was discovered that BIND, a DNS server, can crash while processing resource records containing no data bytes. Both authoritative servers and resolvers are affected. last seen 2020-03-17 modified 2012-06-29 plugin id 59764 published 2012-06-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59764 title Debian DSA-2486-1 : bind9 - denial of service NASL family MacOS X Local Security Checks NASL id MACOSX_10_8_2.NASL description The remote host is running a version of Mac OS X 10.8.x that is prior to 10.8.2. The newer version contains multiple security-related fixes for the following components : - BIND - Data Security - LoginWindow - Mobile Accounts - PHP last seen 2020-06-01 modified 2020-06-02 plugin id 62215 published 2012-09-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62215 title Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_11_BIND-120605.NASL description The following issue has been fixed : - Records with zero length rdata field could have crashed named or disclose portions of memory to clients. (CVE-2012-1667) last seen 2020-06-05 modified 2013-01-25 plugin id 64112 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64112 title SuSE 11.1 Security Update : bind (SAT Patch Number 6388) NASL family Solaris Local Security Checks NASL id SOLARIS11_BIND_20120814.NASL description The remote Solaris system is missing necessary patches to address security updates : - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. (CVE-2012-1667) last seen 2020-06-01 modified 2020-06-02 plugin id 80593 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80593 title Oracle Solaris Third-Party Patch Update : bind (cve_2012_1667_denial_of) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0717.NASL description From Red Hat Security Advisory 2012:0717 : Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 68538 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68538 title Oracle Linux 5 : bind97 (ELSA-2012-0717) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-341-01.NASL description New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63167 published 2012-12-07 reporter This script is Copyright (C) 2012-2013 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63167 title Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2012-341-01) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-004.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 62213 published 2012-09-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62213 title Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FC5231B6C06611E1B5E0000C299B62E1.NASL description Problem description : The named(8) server does not properly handle DNS resource records where the RDATA field is zero length, which may cause various issues for the servers handling them. Resolving servers may crash or disclose some portion of memory to the client. Authoritative servers may crash on restart after transferring a zone containing records with zero-length RDATA fields. These would result in a denial of service, or leak of sensitive information. last seen 2020-06-01 modified 2020-06-02 plugin id 59749 published 2012-06-28 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59749 title FreeBSD : FreeBSD -- Incorrect handling of zero-length RDATA fields in named(8) (fc5231b6-c066-11e1-b5e0-000c299b62e1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1ECC0D3FAE8E11E1965B0024E88A8C98.NASL description ISC reports : Processing of DNS resource records where the rdata field is zero length may cause various issues for the servers handling them. Processing of these records may lead to unexpected outcomes. Recursive servers may crash or disclose some portion of memory to the client. Secondary servers may crash on restart after transferring a zone containing these records. Master servers may corrupt zone data if the zone option last seen 2020-06-01 modified 2020-06-02 plugin id 59361 published 2012-06-05 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59361 title FreeBSD : dns/bind9* -- zero-length RDATA can cause named to terminate, reveal memory (1ecc0d3f-ae8e-11e1-965b-0024e88a8c98) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-84.NASL description A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) last seen 2020-06-01 modified 2020-06-02 plugin id 69691 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69691 title Amazon Linux AMI : bind (ALAS-2012-84) NASL family AIX Local Security Checks NASL id AIX_IV22557.NASL description Adding records to BIND with zero length rdata fields could result in memory disclosure to client, data corruption or system crash. last seen 2020-06-01 modified 2020-06-02 plugin id 63723 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63723 title AIX 7.1 TL 1 : bind9 (IV22557) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0717.NASL description Updated bind97 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59414 published 2012-06-08 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59414 title CentOS 5 : bind97 (CESA-2012:0717) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-2028.NASL description Description of changes: [20:9.2.4-38.0.1.el4] - fix CVE-2012-1667 (Adam Tkac) [orabz 14418] last seen 2020-06-01 modified 2020-06-02 plugin id 68680 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68680 title Oracle Linux 4 : bind (ELSA-2012-2028) NASL family AIX Local Security Checks NASL id AIX_IV22556.NASL description Adding records to BIND with zero length rdata fields could result in memory disclosure to client, data corruption or system crash. last seen 2020-06-01 modified 2020-06-02 plugin id 63722 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63722 title AIX 7.1 TL 0 : bind9 (IV22556) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_5.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB last seen 2020-06-01 modified 2020-06-02 plugin id 62214 published 2012-09-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62214 title Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST) NASL family Scientific Linux Local Security Checks NASL id SL_20120607_BIND_ON_SL5_X.NASL description The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-03-18 modified 2012-08-01 plugin id 61325 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61325 title Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64 (20120607) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-0716.NASL description Updated bind packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 59413 published 2012-06-08 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59413 title CentOS 5 / 6 : bind (CESA-2012:0716)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 53772 CVE ID: CVE-2012-1667 BIND是一个应用非常广泛的DNS协议的实现,由ISC负责维护,具体的开发由Nominum公司完成。 ISC BIND的下列版本9.0.x -> 9.6.x, 9.4-ESV->9.4-ESV-R5-P1, 9.6-ESV->9.6-ESV-R7, 9.7.0->9.7.6, 9.8.0->9.8.3, 9.9.0->9.9.1在处理DNS资源记录时存在错误,可被利用通过包含零长度rdata的记录造成递归服务器崩溃或泄漏某些内存到客户端,导致敏感信息泄漏或拒绝服务。 0 ISC BIND 9.9.x ISC BIND 9.3.x ISC BIND 9.2.x ISC BIND 9.2.x ISC BIND 9.8.x ISC BIND 9.7.x ISC BIND 9.6.x ISC BIND 9.5.x ISC BIND 9.4.x ISC BIND 9.3.x 厂商补丁: ISC --- ISC已经为此发布了一个安全公告(cve-2012-1667)以及相应补丁: cve-2012-1667:Handling of zero length rdata can cause named to terminate unexpectedly 链接:http://www.isc.org/software/bind/advisories/cve-2012-1667 |
| id | SSV:60184 |
| last seen | 2017-11-19 |
| modified | 2012-06-05 |
| published | 2012-06-05 |
| reporter | Root |
| title | ISC BIND 9 DNS资源记录处理远程拒绝服务漏洞 |
References
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00010.html
- http://marc.info/?l=bugtraq&m=134132772016230&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0717.html
- http://rhn.redhat.com/errata/RHSA-2012-1110.html
- http://secunia.com/advisories/51096
- http://support.apple.com/kb/HT5501
- http://www.debian.org/security/2012/dsa-2486
- http://www.isc.org/software/bind/advisories/cve-2012-1667
- http://www.kb.cert.org/vuls/id/381699
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:089
- http://www.securityfocus.com/bid/53772
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488
- https://kb.isc.org/article/AA-00698