Vulnerabilities > CVE-2013-4854 - Remote Denial of Service vulnerability in ISC BIND 9 DNS RDATA Handling

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE

Summary

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-654.NASL
    descriptionThe BIND nameserver was updated to 9.9.3P2 to fix a security issue where incorrect bounds checking on private type
    last seen2020-06-05
    modified2014-06-13
    plugin id75123
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75123
    titleopenSUSE Security Update : bind (openSUSE-SU-2013:1353-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2013-654.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75123);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4854");
    
      script_name(english:"openSUSE Security Update : bind (openSUSE-SU-2013:1353-1)");
      script_summary(english:"Check for the openSUSE-2013-654 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The BIND nameserver was updated to 9.9.3P2 to fix a security issue
    where incorrect bounds checking on private type 'keydata' could lead
    to a remotely triggerable REQUIRE failure. (CVE-2013-4854, bnc#831899)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2013-08/msg00039.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected bind packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-chrootenv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-lwresd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.2", reference:"bind-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-chrootenv-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-debuginfo-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-debugsource-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-devel-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-libs-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-libs-debuginfo-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-lwresd-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-lwresd-debuginfo-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-utils-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", reference:"bind-utils-debuginfo-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"bind-libs-32bit-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.2", cpu:"x86_64", reference:"bind-libs-debuginfo-32bit-9.9.2P2-1.19.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-chrootenv-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-debuginfo-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-debugsource-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-devel-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-libs-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-libs-debuginfo-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-lwresd-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-lwresd-debuginfo-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-utils-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"bind-utils-debuginfo-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"bind-libs-32bit-9.9.3P2-2.7.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"bind-libs-debuginfo-32bit-9.9.3P2-2.7.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2728.NASL
    descriptionMaxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query.
    last seen2020-03-17
    modified2013-07-29
    plugin id69094
    published2013-07-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69094
    titleDebian DSA-2728-1 : bind9 - denial of service
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2728. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69094);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4854");
      script_xref(name:"DSA", value:"2728");
    
      script_name(english:"Debian DSA-2728-1 : bind9 - denial of service");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Maxim Shudrak and the HP Zero Day Initiative reported a denial of
    service vulnerability in BIND, a DNS server. A specially crafted query
    that includes malformed rdata can cause named daemon to terminate with
    an assertion failure while rejecting the malformed query."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717936"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze/bind9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/bind9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2728"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the bind9 packages.
    
    For the oldstable distribution (squeeze), this problem has been fixed
    in version 1:9.7.3.dfsg-1~squeeze11.
    
    For the stable distribution (wheezy), this problem has been fixed in
    version 1:9.8.4.dfsg.P1-6+nmu2+deb7u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/29");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"bind9", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"bind9-doc", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"bind9-host", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"bind9utils", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"dnsutils", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"host", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"libbind-dev", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"libbind9-60", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"libdns69", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"libisc62", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"libisccc60", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"libisccfg62", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"liblwres60", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"6.0", prefix:"lwresd", reference:"1:9.7.3.dfsg-1~squeeze11")) flag++;
    if (deb_check(release:"7.0", prefix:"bind9", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"bind9-doc", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"bind9-host", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"bind9utils", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"dnsutils", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"host", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libbind-dev", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libbind9-80", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libdns88", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libisc84", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libisccc80", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"libisccfg82", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"liblwres80", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    if (deb_check(release:"7.0", prefix:"lwresd", reference:"1:9.8.4.dfsg.P1-6+nmu2+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1114.NASL
    descriptionUpdated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id69140
    published2013-07-31
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69140
    titleCentOS 6 : bind (CESA-2013:1114)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1114 and 
    # CentOS Errata and Security Advisory 2013:1114 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69140);
      script_version("1.12");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2013-4854");
      script_bugtraq_id(61479);
      script_xref(name:"RHSA", value:"2013:1114");
    
      script_name(english:"CentOS 6 : bind (CESA-2013:1114)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated bind packages that fix one security issue are now available
    for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The Berkeley Internet Name Domain (BIND) is an implementation of the
    Domain Name System (DNS) protocols. BIND includes a DNS server
    (named); a resolver library (routines for applications to use when
    interfacing with DNS); and tools for verifying that the DNS server is
    operating correctly.
    
    A denial of service flaw was found in BIND. A remote attacker could
    use this flaw to send a specially crafted DNS query to named that,
    when processed, would cause named to crash when rejecting the
    malformed query. (CVE-2013-4854)
    
    All bind users are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue. After installing the
    update, the BIND daemon (named) will be restarted automatically."
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-July/019879.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6471737d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected bind packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4854");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"bind-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"bind-chroot-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"bind-devel-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"bind-libs-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"bind-sdb-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"bind-utils-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libs / bind-sdb / bind-utils");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1114.NASL
    descriptionUpdated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id69110
    published2013-07-30
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69110
    titleRHEL 6 : bind (RHSA-2013:1114)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1114. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69110);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-4854");
      script_bugtraq_id(61479);
      script_xref(name:"RHSA", value:"2013:1114");
    
      script_name(english:"RHEL 6 : bind (RHSA-2013:1114)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated bind packages that fix one security issue are now available
    for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The Berkeley Internet Name Domain (BIND) is an implementation of the
    Domain Name System (DNS) protocols. BIND includes a DNS server
    (named); a resolver library (routines for applications to use when
    interfacing with DNS); and tools for verifying that the DNS server is
    operating correctly.
    
    A denial of service flaw was found in BIND. A remote attacker could
    use this flaw to send a specially crafted DNS query to named that,
    when processed, would cause named to crash when rejecting the
    malformed query. (CVE-2013-4854)
    
    All bind users are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue. After installing the
    update, the BIND daemon (named) will be restarted automatically."
      );
      # https://kb.isc.org/article/AA-01015
      script_set_attribute(
        attribute:"see_also",
        value:"https://kb.isc.org/docs/aa-01015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4854"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1114";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"bind-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"bind-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"bind-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"bind-chroot-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"bind-chroot-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"bind-chroot-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"bind-debuginfo-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"bind-devel-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"bind-libs-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"bind-sdb-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"bind-sdb-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"bind-sdb-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"bind-utils-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"bind-utils-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"bind-utils-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1114.NASL
    descriptionFrom Red Hat Security Advisory 2013:1114 : Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id69156
    published2013-07-31
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69156
    titleOracle Linux 6 : bind (ELSA-2013-1114)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2013:1114 and 
    # Oracle Linux Security Advisory ELSA-2013-1114 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69156);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/30 10:58:18");
    
      script_cve_id("CVE-2013-4854");
      script_bugtraq_id(61479);
      script_xref(name:"RHSA", value:"2013:1114");
    
      script_name(english:"Oracle Linux 6 : bind (ELSA-2013-1114)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2013:1114 :
    
    Updated bind packages that fix one security issue are now available
    for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The Berkeley Internet Name Domain (BIND) is an implementation of the
    Domain Name System (DNS) protocols. BIND includes a DNS server
    (named); a resolver library (routines for applications to use when
    interfacing with DNS); and tools for verifying that the DNS server is
    operating correctly.
    
    A denial of service flaw was found in BIND. A remote attacker could
    use this flaw to send a specially crafted DNS query to named that,
    when processed, would cause named to crash when rejecting the
    malformed query. (CVE-2013-4854)
    
    All bind users are advised to upgrade to these updated packages, which
    contain a backported patch to correct this issue. After installing the
    update, the BIND daemon (named) will be restarted automatically."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2013-July/003607.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected bind packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"bind-9.8.2-0.17.rc1.0.2.el6_4.5")) flag++;
    if (rpm_check(release:"EL6", reference:"bind-chroot-9.8.2-0.17.rc1.0.2.el6_4.5")) flag++;
    if (rpm_check(release:"EL6", reference:"bind-devel-9.8.2-0.17.rc1.0.2.el6_4.5")) flag++;
    if (rpm_check(release:"EL6", reference:"bind-libs-9.8.2-0.17.rc1.0.2.el6_4.5")) flag++;
    if (rpm_check(release:"EL6", reference:"bind-sdb-9.8.2-0.17.rc1.0.2.el6_4.5")) flag++;
    if (rpm_check(release:"EL6", reference:"bind-utils-9.8.2-0.17.rc1.0.2.el6_4.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libs / bind-sdb / bind-utils");
    }
    
  • NASL familyMisc.
    NASL idMCAFEE_WEB_GATEWAY_SB10052.NASL
    descriptionThe remote host has a version of McAfee Web Gateway (MWG) prior to 7.3.2.2. It is, therefore, affected by a denial of service vulnerability due to a flaw in the packaged ISC BIND server. An attacker can exploit this vulnerability by sending a specially crafted query with a malformed RDATA section.
    last seen2020-06-01
    modified2020-06-02
    plugin id76120
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76120
    titleMcAfee Web Gateway < 7.3.2.2 DoS (SB10052)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76120);
      script_version("1.3");
      script_cvs_date("Date: 2018/07/14  1:59:37");
    
      script_cve_id("CVE-2013-4854");
      script_bugtraq_id(61479);
      script_xref(name:"MCAFEE-SB", value:"SB10052");
    
      script_name(english:"McAfee Web Gateway < 7.3.2.2  DoS (SB10052)");
      script_summary(english:"Checks version of MWG.");
    
      script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a denial of service vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The remote host has a version of McAfee Web Gateway (MWG) prior to
    7.3.2.2. It is, therefore, affected by a denial of service
    vulnerability due to a flaw in the packaged ISC BIND server. An
    attacker can exploit this vulnerability by sending a specially crafted
    query with a malformed RDATA section.");
      script_set_attribute(attribute:"see_also", value:"https://kc.mcafee.com/corporate/index?page=content&id=SB10052");
      script_set_attribute(attribute:"solution", value:"Upgrade to 7.3.2.2 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/18");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mcafee:web_gateway");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("mcafee_web_gateway_detect.nbin");
      script_require_keys("Host/McAfee Web Gateway/Version", "Host/McAfee Web Gateway/Display Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    app_name = "McAfee Web Gateway";
    version = get_kb_item_or_exit("Host/McAfee Web Gateway/Version");
    version_display = get_kb_item_or_exit("Host/McAfee Web Gateway/Display Version");
    fix = NULL;
    
    if (version =~ "^7\.3\.2\.")
    {
      fix = "7.3.2.2";
      fix_display = "7.3.2.2 Build 15726";
    }
    
    if (fix && ver_compare(ver:version, fix:fix, strict:FALSE) == -1)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Installed version : ' + version_display +
          '\n  Fixed version     : ' + fix_display +
          '\n';
          security_hole(extra:report, port:0);
      }
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_INST_VER_NOT_VULN, app_name, version_display);
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130730_BIND_ON_SL6_X.NASL
    descriptionA denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-03-18
    modified2013-07-31
    plugin id69165
    published2013-07-31
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69165
    titleScientific Linux Security Update : bind on SL6.x i386/x86_64 (20130730)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69165);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");
    
      script_cve_id("CVE-2013-4854");
    
      script_name(english:"Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20130730)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A denial of service flaw was found in BIND. A remote attacker could
    use this flaw to send a specially crafted DNS query to named that,
    when processed, would cause named to crash when rejecting the
    malformed query. (CVE-2013-4854)
    
    After installing the update, the BIND daemon (named) will be restarted
    automatically."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1307&L=scientific-linux-errata&T=0&P=2189
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?66df36e9"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-utils");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/31");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"bind-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"SL6", reference:"bind-chroot-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"SL6", reference:"bind-debuginfo-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"SL6", reference:"bind-devel-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"SL6", reference:"bind-libs-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"SL6", reference:"bind-sdb-9.8.2-0.17.rc1.el6_4.5")) flag++;
    if (rpm_check(release:"SL6", reference:"bind-utils-9.8.2-0.17.rc1.el6_4.5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1181.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes three security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of
    last seen2020-06-01
    modified2020-06-02
    plugin id78969
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78969
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1181. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78969);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-0791", "CVE-2013-1620", "CVE-2013-4236");
      script_bugtraq_id(57777, 58826, 61772);
      script_xref(name:"RHSA", value:"2013:1181");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes three security issues
    and various bugs is now available.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: A subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization
    Hypervisor through the 3.2 Manager administration portal, the Host may
    appear with the status of 'Install Failed'. If this happens, place the
    host into maintenance mode, then activate it again to get the host
    back to an 'Up' state.
    
    It was discovered that NSS leaked timing information when decrypting
    TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher
    suites were used. A remote attacker could possibly use this flaw to
    retrieve plain text from the encrypted packets by using a TLS/SSL or
    DTLS server as a padding oracle. (CVE-2013-1620)
    
    It was found that the fix for CVE-2013-0167 released via
    RHSA-2013:0907 was incomplete. A privileged guest user could
    potentially use this flaw to make the host the guest is running on
    unavailable to the management server. (CVE-2013-4236)
    
    An out-of-bounds memory read flaw was found in the way NSS decoded
    certain certificates. If an application using NSS decoded a malformed
    certificate, it could cause the application to crash. (CVE-2013-0791)
    
    Red Hat would like to thank the Mozilla project for reporting
    CVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original
    reporter of CVE-2013-0791. The CVE-2013-4236 issue was found by David
    Gibson of Red Hat.
    
    This updated package provides updated components that include fixes
    for various security issues. These issues have no security impact on
    Red Hat Enterprise Virtualization Hypervisor itself, however. The
    security fixes included in this update address the following CVE
    numbers :
    
    CVE-2013-4854 (bind issue)
    
    CVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224,
    CVE-2013-2232, and CVE-2013-2237 (kernel issues)
    
    This update also contains the fixes from the following errata :
    
    * vdsm: RHSA-2013:1155 and RHBA-2013:1158
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package, which corrects these issues."
      );
      # https://rhn.redhat.com/errata/RHSA-2013-0907.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:0907"
      );
      # https://rhn.redhat.com/errata/RHSA-2013-1155.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1155"
      );
      # https://rhn.redhat.com/errata/RHBA-2013-1158.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHBA-2013:1158"
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-0791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-1620"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4236"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1181";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.4-20130815.0.el6_4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familyDNS
    NASL idBIND9_993_P2.NASL
    descriptionAccording to its self-reported version number, the remote installation of BIND can be forced to crash via specially crafted queries containing malformed
    last seen2020-06-01
    modified2020-06-02
    plugin id69106
    published2013-07-29
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69106
    titleISC BIND 9 RDATA Section Handling DoS
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0084.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-8500 (#1171973) - Use /dev/urandom when generating rndc.key file (#951255) - Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035 - Add support for TLSA resource records (#956685) - Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035) - Fix segmentation fault in nsupdate when -r option is used (#1064045) - Fix race condition on send buffer in host tool when sending UDP query (#1008827) - Allow authentication using TSIG in allow-notify configuration statement (#1044545) - Fix SELinux context of /var/named/chroot/etc/localtime (#902431) - Include updated named.ca file with root server addresses (#917356) - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id80247
    published2014-12-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80247
    titleOracleVM 3.3 : bind (OVMSA-2014-0084)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-13863.NASL
    description - update to 9.9.3-P2 (fix for CVE-2013-4854) - update RRL patch to 9.9.3-P2-rl.13207.22 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-08-05
    plugin id69211
    published2013-08-05
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69211
    titleFedora 19 : bind-9.9.3-5.P2.fc19 (2013-13863)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1115.NASL
    descriptionUpdated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id69141
    published2013-07-31
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69141
    titleCentOS 5 : bind97 (CESA-2013:1115)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2013-218-01.NASL
    descriptionNew bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id69224
    published2013-08-07
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69224
    titleSlackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : bind (SSA:2013-218-01)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SERVER_4_0.NASL
    descriptionThe remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id78601
    published2014-10-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78601
    titleMac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-13831.NASL
    description - update to 9.9.3-P2 (fix for CVE-2013-4854) - update RRL patch to 9.9.3-P2-rl.13207.22 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-08-05
    plugin id69210
    published2013-08-05
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69210
    titleFedora 18 : bind-9.9.3-4.P2.fc18 (2013-13831)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_BIND-130805.NASL
    descriptionA specially crafted query with malicious rdata could have caused a crash (DoS) in named.
    last seen2020-06-05
    modified2013-08-08
    plugin id69259
    published2013-08-08
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69259
    titleSuSE 11.2 / 11.3 Security Update : bind (SAT Patch Numbers 8160 / 8161)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-202.NASL
    descriptionA vulnerability has been discovered and corrected in bind : The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (daemon crash) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013 (CVE-2013-4854). The updated packages for Enterprise Server 5 have been patched to correct this issue. The updated packages for Business Server 1 have been upgraded to the 9.9.3-P2 version which is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id69097
    published2013-07-29
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69097
    titleMandriva Linux Security Advisory : bind (MDVSA-2013:202)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2020-0021.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.
    last seen2020-06-10
    modified2020-06-05
    plugin id137170
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137170
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1115.NASL
    descriptionUpdated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id69111
    published2013-07-30
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69111
    titleRHEL 5 : bind97 (RHSA-2013:1115)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL14613.NASL
    descriptionThe RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial-of-service (DoS) through a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
    last seen2020-06-01
    modified2020-06-02
    plugin id78154
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78154
    titleF5 Networks BIG-IP : BIND vulnerability (SOL14613)
  • NASL familyFirewalls
    NASL idMCAFEE_FIREWALL_ENTERPRISE_SB10052.NASL
    descriptionThe remote host has a version of McAfee Firewall Enterprise installed that is affected by a denial of service vulnerability due to a flaw in the packaged ISC BIND server. An attacker can exploit this by sending a specially crafted query with a malformed RDATA section.
    last seen2020-06-01
    modified2020-06-02
    plugin id76118
    published2014-06-18
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76118
    titleMcAfee Firewall Enterprise DoS (SB10052)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0066.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776)
    last seen2020-06-01
    modified2020-06-02
    plugin id99569
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99569
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1115.NASL
    descriptionFrom Red Hat Security Advisory 2013:1115 : Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-06-01
    modified2020-06-02
    plugin id69157
    published2013-07-31
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69157
    titleOracle Linux 5 : bind97 (ELSA-2013-1115)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-214.NASL
    descriptionA denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854)
    last seen2020-06-01
    modified2020-06-02
    plugin id70218
    published2013-10-01
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70218
    titleAmazon Linux AMI : bind (ALAS-2013-214)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201401-34.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201401-34 (BIND: Denial of Service) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id72208
    published2014-01-30
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72208
    titleGLSA-201401-34 : BIND: Denial of Service
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130730_BIND97_ON_SL5_X.NASL
    descriptionA denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) After installing the update, the BIND daemon (named) will be restarted automatically.
    last seen2020-03-18
    modified2013-07-31
    plugin id69164
    published2013-07-31
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69164
    titleScientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20130730)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_7943E521F64811E286073C970E169BC2.NASL
    descriptionISC reports : A specially crafted query that includes malformed rdata can cause named to terminate with an assertion failure while rejecting the malformed query.
    last seen2020-06-01
    modified2020-06-02
    plugin id69088
    published2013-07-28
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69088
    titleFreeBSD : bind -- denial of service vulnerability (7943e521-f648-11e2-8607-3c970e169bc2)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1910-1.NASL
    descriptionMaxim Shudrak discovered that Bind incorrectly handled certain malformed rdata. A remote attacker could use this flaw with a specially crafted query to cause Bind to stop responding, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id69119
    published2013-07-30
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69119
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : bind9 vulnerability (USN-1910-1)

Oval

accepted2015-04-20T04:01:29.911-04:00
classvulnerability
contributors
  • nameGanesh Manal
    organizationHewlett-Packard
  • namePrashant Kumar
    organizationHewlett-Packard
  • nameMike Cokus
    organizationThe MITRE Corporation
descriptionThe RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
familyunix
idoval:org.mitre.oval:def:19561
statusaccepted
submitted2013-11-22T11:43:28.000-05:00
titleHP-UX Running BIND, Remote Denial of Service (DoS)
version45

Redhat

advisories
  • bugzilla
    id988999
    titleCVE-2013-4854 bind: named crash with an assertion failure on parsing malformed rdata
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentbind-sdb is earlier than 32:9.8.2-0.17.rc1.el6_4.5
            ovaloval:com.redhat.rhsa:tst:20131114001
          • commentbind-sdb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651002
        • AND
          • commentbind-devel is earlier than 32:9.8.2-0.17.rc1.el6_4.5
            ovaloval:com.redhat.rhsa:tst:20131114003
          • commentbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651004
        • AND
          • commentbind is earlier than 32:9.8.2-0.17.rc1.el6_4.5
            ovaloval:com.redhat.rhsa:tst:20131114005
          • commentbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651006
        • AND
          • commentbind-chroot is earlier than 32:9.8.2-0.17.rc1.el6_4.5
            ovaloval:com.redhat.rhsa:tst:20131114007
          • commentbind-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651008
        • AND
          • commentbind-utils is earlier than 32:9.8.2-0.17.rc1.el6_4.5
            ovaloval:com.redhat.rhsa:tst:20131114009
          • commentbind-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651012
        • AND
          • commentbind-libs is earlier than 32:9.8.2-0.17.rc1.el6_4.5
            ovaloval:com.redhat.rhsa:tst:20131114011
          • commentbind-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651010
    rhsa
    idRHSA-2013:1114
    released2013-07-30
    severityImportant
    titleRHSA-2013:1114: bind security update (Important)
  • bugzilla
    id988999
    titleCVE-2013-4854 bind: named crash with an assertion failure on parsing malformed rdata
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentbind97 is earlier than 32:9.7.0-17.P2.el5_9.2
            ovaloval:com.redhat.rhsa:tst:20131115001
          • commentbind97 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110845002
        • AND
          • commentbind97-utils is earlier than 32:9.7.0-17.P2.el5_9.2
            ovaloval:com.redhat.rhsa:tst:20131115003
          • commentbind97-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110845004
        • AND
          • commentbind97-devel is earlier than 32:9.7.0-17.P2.el5_9.2
            ovaloval:com.redhat.rhsa:tst:20131115005
          • commentbind97-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110845006
        • AND
          • commentbind97-libs is earlier than 32:9.7.0-17.P2.el5_9.2
            ovaloval:com.redhat.rhsa:tst:20131115007
          • commentbind97-libs is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110845008
        • AND
          • commentbind97-chroot is earlier than 32:9.7.0-17.P2.el5_9.2
            ovaloval:com.redhat.rhsa:tst:20131115009
          • commentbind97-chroot is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20110845010
    rhsa
    idRHSA-2013:1115
    released2013-07-30
    severityImportant
    titleRHSA-2013:1115: bind97 security update (Important)
rpms
  • bind-32:9.8.2-0.17.rc1.el6_4.5
  • bind-chroot-32:9.8.2-0.17.rc1.el6_4.5
  • bind-debuginfo-32:9.8.2-0.17.rc1.el6_4.5
  • bind-devel-32:9.8.2-0.17.rc1.el6_4.5
  • bind-libs-32:9.8.2-0.17.rc1.el6_4.5
  • bind-sdb-32:9.8.2-0.17.rc1.el6_4.5
  • bind-utils-32:9.8.2-0.17.rc1.el6_4.5
  • bind97-32:9.7.0-17.P2.el5_9.2
  • bind97-chroot-32:9.7.0-17.P2.el5_9.2
  • bind97-debuginfo-32:9.7.0-17.P2.el5_9.2
  • bind97-devel-32:9.7.0-17.P2.el5_9.2
  • bind97-libs-32:9.7.0-17.P2.el5_9.2
  • bind97-utils-32:9.7.0-17.P2.el5_9.2

Seebug

bulletinFamilyexploit
descriptionBugtraq ID:61479 CVE ID:CVE-2013-4854 ISC BIND是一款DNS协议的实现 ISC BIND在解析DNS查询中的RDATA数据时存在错误,允许远程攻击者利用漏洞提交包含畸形RDATA数据的特殊查询可触发REQUIRE断言,使服务程序崩溃。此漏洞已经在网络上积极利用,权威和递归服务器都受此漏洞影响 0 ISC BIND 9.8.0 - 9.8.5-P1 ISC BIND 9.9.0 - 9.9.3-P1 厂商解决方案 ISC BIND 9.8.5-P2,9.9.3-P2和9.9.3-S1-P1已经修复此漏洞,建议用户下载更新: https://www.isc.org/downloads/bind/
idSSV:60926
last seen2017-11-19
modified2013-07-30
published2013-07-30
reporterRoot
titleISC BIND 9 DNS RDATA处理远程拒绝服务漏洞

References