Vulnerabilities > CVE-2015-8704 - Improper Input Validation vulnerability in ISC Bind
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family AIX Local Security Checks NASL id AIX_IV81282.NASL description ISC BIND is vulnerable to a denial of service, caused by improper bounds checking in apl_42.c. By sending specially crafted Address Prefix List (APL) data, a remote authenticated attacker could exploit this vulnerability to trigger an INSIST assertion failure and cause the named process to terminate. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory11.nasl (plugin id 102123). last seen 2017-10-29 modified 2017-08-03 plugin id 90720 published 2016-04-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=90720 title AIX 7.2 TL 0 : bind (IV81282) (deprecated) code #%NASL_MIN_LEVEL 999999 # # (C) Tenable Network Security, Inc. # # The text in the description was extracted from AIX Security # Advisory bind_advisory11.asc. # # @DEPRECATED@ # # Disabled on 2017/07/20. Deprecated by aix_bind_advisory11.nasl. include("compat.inc"); if (description) { script_id(90720); script_version("2.4"); script_cvs_date("Date: 2018/07/20 0:18:51"); script_cve_id("CVE-2015-8704"); script_name(english:"AIX 7.2 TL 0 : bind (IV81282) (deprecated)"); script_summary(english:"Check for APAR IV81282"); script_set_attribute( attribute:"synopsis", value:"This plugin has been deprecated." ); script_set_attribute( attribute:"description", value: "ISC BIND is vulnerable to a denial of service, caused by improper bounds checking in apl_42.c. By sending specially crafted Address Prefix List (APL) data, a remote authenticated attacker could exploit this vulnerability to trigger an INSIST assertion failure and cause the named process to terminate. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory11.nasl (plugin id 102123)." ); script_set_attribute( attribute:"see_also", value:"http://aix.software.ibm.com/aix/efixes/security/bind_advisory11.asc" ); script_set_attribute( attribute:"solution", value:"n/a" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/25"); script_set_attribute(attribute:"patch_publication_date", value:"2016/04/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/04/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_family(english:"AIX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version"); exit(0); } exit(0, "This plugin has been deprecated. Use aix_bind_advisory11.nasl (plugin ID 102123) instead."); include("audit.inc"); include("global_settings.inc"); include("aix.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX"); if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING); if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") ); flag = 0; if (aix_check_ifix(release:"7.2", ml:"00", sp:"00", patch:"IV81282m0a", package:"bos.net.tcp.client", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.0") < 0) flag++; if (aix_check_ifix(release:"7.2", ml:"00", sp:"01", patch:"IV81282m1a", package:"bos.net.tcp.client", minfilesetver:"7.2.0.0", maxfilesetver:"7.2.0.0") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0174-1.NASL description This update for bind fixes the following issues : - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88008 published 2016-01-20 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88008 title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:0174-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:0174-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(88008); script_version("2.12"); script_cvs_date("Date: 2019/09/11 11:22:13"); script_cve_id("CVE-2015-8704"); script_name(english:"SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:0174-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for bind fixes the following issues : - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=962189" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-8704/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20160174-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2ba11af0" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP1 : zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-114=1 SUSE Linux Enterprise Server 12-SP1 : zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-114=1 SUSE Linux Enterprise Desktop 12-SP1 : zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-114=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-chrootenv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/20"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-chrootenv-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-debuginfo-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-debugsource-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-libs-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-libs-debuginfo-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-utils-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-utils-debuginfo-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-libs-32bit-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"bind-libs-debuginfo-32bit-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-debuginfo-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-debugsource-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-libs-32bit-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-libs-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-libs-debuginfo-32bit-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-libs-debuginfo-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-utils-9.9.6P1-35.1")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"bind-utils-debuginfo-9.9.6P1-35.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind"); }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0009.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2015-8704) last seen 2020-06-01 modified 2020-06-02 plugin id 88446 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88446 title OracleVM 3.3 : bind (OVMSA-2016-0009) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2016-0009. # include("compat.inc"); if (description) { script_id(88446); script_version("1.10"); script_cvs_date("Date: 2019/09/27 13:00:35"); script_cve_id("CVE-2015-8704"); script_name(english:"OracleVM 3.3 : bind (OVMSA-2016-0009)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Fix (CVE-2015-8704)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2016-January/000413.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?85ac1f50" ); script_set_attribute( attribute:"solution", value:"Update the affected bind-libs / bind-utils packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/20"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"bind-libs-9.8.2-0.37.rc1.el6_7.6")) flag++; if (rpm_check(release:"OVS3.3", reference:"bind-utils-9.8.2-0.37.rc1.el6_7.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind-libs / bind-utils"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2016-641.NASL description Specific APL RR data could cause a server to exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. (CVE-2015-8704) CVE-2015-8705 was also issued today for bind, but the Amazon Linux AMI last seen 2020-06-01 modified 2020-06-02 plugin id 87990 published 2016-01-20 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87990 title Amazon Linux AMI : bind (ALAS-2016-641) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2016-641. # include("compat.inc"); if (description) { script_id(87990); script_version("2.7"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2015-8704"); script_xref(name:"ALAS", value:"2016-641"); script_name(english:"Amazon Linux AMI : bind (ALAS-2016-641)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Specific APL RR data could cause a server to exit due to an INSIST failure in apl_42.c when performing certain string formatting operations. (CVE-2015-8704) CVE-2015-8705 was also issued today for bind, but the Amazon Linux AMI's version of bind is not impacted by that CVE." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2016-641.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update bind' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"bind-9.8.2-0.37.rc1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"bind-chroot-9.8.2-0.37.rc1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"bind-debuginfo-9.8.2-0.37.rc1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"bind-devel-9.8.2-0.37.rc1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"bind-libs-9.8.2-0.37.rc1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"bind-sdb-9.8.2-0.37.rc1.43.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"bind-utils-9.8.2-0.37.rc1.43.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-0074.NASL description Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 88449 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88449 title RHEL 5 : bind97 (RHSA-2016:0074) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2016:0074. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(88449); script_version("1.12"); script_cvs_date("Date: 2019/10/24 15:35:41"); script_cve_id("CVE-2015-8704"); script_xref(name:"RHSA", value:"2016:0074"); script_name(english:"RHEL 5 : bind97 (RHSA-2016:0074)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://kb.isc.org/article/AA-01335" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2016:0074" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-8704" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind97-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2016/01/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2016:0074"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind97-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind97-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind97-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind97-chroot-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind97-chroot-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind97-chroot-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", reference:"bind97-debuginfo-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", reference:"bind97-devel-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", reference:"bind97-libs-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"bind97-utils-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"bind97-utils-9.7.0-21.P2.el5_11.5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"bind97-utils-9.7.0-21.P2.el5_11.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind97 / bind97-chroot / bind97-debuginfo / bind97-devel / etc"); } }NASL family AIX Local Security Checks NASL id AIX_IV81280.NASL description ISC BIND is vulnerable to a denial of service, caused by improper bounds checking in apl_42.c. By sending specially crafted Address Prefix List (APL) data, a remote authenticated attacker could exploit this vulnerability to trigger an INSIST assertion failure and cause the named process to terminate. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory11.nasl (plugin id 102123). last seen 2017-10-29 modified 2017-08-03 plugin id 90718 published 2016-04-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=90718 title AIX 7.1 TL 3 : bind (IV81280) (deprecated) NASL family AIX Local Security Checks NASL id AIX_IV81281.NASL description ISC BIND is vulnerable to a denial of service, caused by improper bounds checking in apl_42.c. By sending specially crafted Address Prefix List (APL) data, a remote authenticated attacker could exploit this vulnerability to trigger an INSIST assertion failure and cause the named process to terminate. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory11.nasl (plugin id 102123). last seen 2017-10-29 modified 2017-08-03 plugin id 90719 published 2016-04-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=90719 title AIX 7.1 TL 4 : bind (IV81281) (deprecated) NASL family Scientific Linux Local Security Checks NASL id SL_20160127_BIND_ON_SL5_X.NASL description A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-03-18 modified 2016-01-28 plugin id 88451 published 2016-01-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88451 title Scientific Linux Security Update : bind on SL5.x, SL6.x, SL7.x i386/x86_64 (20160127) NASL family AIX Local Security Checks NASL id AIX_IV81278.NASL description ISC BIND is vulnerable to a denial of service, caused by improper bounds checking in apl_42.c. By sending specially crafted Address Prefix List (APL) data, a remote authenticated attacker could exploit this vulnerability to trigger an INSIST assertion failure and cause the named process to terminate. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory11.nasl (plugin id 102123). last seen 2017-10-29 modified 2017-08-03 plugin id 90716 published 2016-04-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=90716 title AIX 5.3 TL 12 : bind (IV81278) (deprecated) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2874-1.NASL description It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88018 published 2016-01-20 reporter Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88018 title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : bind9 vulnerability (USN-2874-1) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2016-054-01.NASL description New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88909 published 2016-02-24 reporter This script is Copyright (C) 2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88909 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2016-054-01) NASL family Scientific Linux Local Security Checks NASL id SL_20160127_BIND97_ON_SL5_X.NASL description A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-03-18 modified 2016-01-28 plugin id 88450 published 2016-01-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88450 title Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20160127) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0055.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite - Fix (CVE-2016-1285, CVE-2016-1286) - Fix (CVE-2015-8704) - Fix (CVE-2015-8000) - Fix (CVE-2015-5722) - Fix (CVE-2015-5477) - Remove files backup after patching (Related: #1171971) - Fix CVE-2014-8500 (#1171971) - fix race condition in socket module - fix (CVE-2012-5166) - bind-chroot-admin: set correct permissions on /etc/named.conf during update - fix (CVE-2012-4244) - fix (CVE-2012-3817) - fix (CVE-2012-1667) - fix (CVE-2012-1033) last seen 2020-06-01 modified 2020-06-02 plugin id 91739 published 2016-06-22 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91739 title OracleVM 3.2 : bind (OVMSA-2016-0055) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-70.NASL description This update for bind fixes the following issues : - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-05 modified 2016-01-25 plugin id 88137 published 2016-01-25 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88137 title openSUSE Security Update : bind (openSUSE-2016-70) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2016-0073.NASL description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 88448 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88448 title RHEL 5 / 6 / 7 : bind (RHSA-2016:0073) NASL family DNS NASL id BIND9_9103_P3.NASL description According to its self-reported version number, the installation of ISC BIND running on the remote name server is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to improper handling of certain string formatting options. An authenticated, remote attacker can exploit this, via a malformed Address Prefix List (APL) record, to cause an INSIST assertion failure and daemon exit. (CVE-2015-8704) - A denial of service vulnerability exists due to a failure to properly convert OPT records and ECS options to formatted text. A remote attacker can exploit this to cause a REQUIRE assertion failure and daemon exit. Note that this issue only affects BIND 9.10.x. (CVE-2015-8705) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 88385 published 2016-01-26 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88385 title ISC BIND 9.3.0 < 9.9.8-P3 / 9.9.x-Sx < 9.9.8-S4 / 9.10.x < 9.10.3-P3 Multiple DoS NASL family Debian Local Security Checks NASL id DEBIAN_DLA-396.NASL description It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial of service. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2016-01-20 plugin id 87994 published 2016-01-20 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/87994 title Debian DLA-396-1 : bind9 security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-73.NASL description This update for bind fixes the following issues : - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) last seen 2020-06-05 modified 2016-01-26 plugin id 88158 published 2016-01-26 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88158 title openSUSE Security Update : bind (openSUSE-2016-73) NASL family Fedora Local Security Checks NASL id FEDORA_2016-F3517B9C4C.NASL description Update to the latest upstream version due to security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89639 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89639 title Fedora 23 : bind-9.10.3-10.P3.fc23 (2016-f3517b9c4c) NASL family Fedora Local Security Checks NASL id FEDORA_2016-1323B9078A.NASL description Update to the latest upstream version due to security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89479 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89479 title Fedora 22 : bind99-9.9.8-2.P3.fc22 (2016-1323b9078a) NASL family Fedora Local Security Checks NASL id FEDORA_2016-1AB53BF440.NASL description Update to the latest upstream version due to security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89486 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89486 title Fedora 22 : bind-9.10.3-8.P3.fc22 (2016-1ab53bf440) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0180-1.NASL description This update for bind fixes the following issues : - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88039 published 2016-01-21 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88039 title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:0180-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201610-07.NASL description The remote host is affected by the vulnerability described in GLSA-201610-07 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could cause a Denial of Service condition through multiple attack vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 93994 published 2016-10-12 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93994 title GLSA-201610-07 : BIND: Multiple vulnerabilities NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL53445000.NASL description apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. (CVE-2015-8704) Impact The BIND named process may cause the named process to produce a core file and exit, causing a potential denial-of-service (DoS) attack. last seen 2020-06-01 modified 2020-06-02 plugin id 88852 published 2016-02-19 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88852 title F5 Networks BIG-IP : BIND vulnerability (K53445000) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-71.NASL description This update for bind fixes the following issues : - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) last seen 2020-06-05 modified 2016-01-25 plugin id 88138 published 2016-01-25 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/88138 title openSUSE Security Update : bind (openSUSE-2016-71) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-0074.NASL description Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 88421 published 2016-01-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88421 title CentOS 5 : bind97 (CESA-2016:0074) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2016-0073.NASL description Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 88420 published 2016-01-28 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88420 title CentOS 5 / 6 / 7 : bind (CESA-2016:0073) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2020-0021.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details. last seen 2020-06-10 modified 2020-06-05 plugin id 137170 published 2020-06-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/137170 title OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0200-1.NASL description This update for bind fixes the following issues : - CVE-2015-8704: Specific APL data allowed remote attacker to trigger a crash in certain configurations (bsc#962189) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88142 published 2016-01-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88142 title SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2016:0200-1) NASL family AIX Local Security Checks NASL id AIX_BIND_ADVISORY11.NASL description The version of bind installed on the remote AIX host is affected by a denial of service vulnerability due to improper handling of certain string formatting options. An authenticated, remote attacker can exploit this, via a malformed Address Prefix List (APL) record, to cause an INSIST assertion failure and daemon exit. last seen 2020-06-01 modified 2020-06-02 plugin id 102123 published 2017-08-03 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102123 title AIX bind Advisory : bind_advisory11.asc (IV81278) (IV81279) (IV81280) (IV81281) (IV81282) NASL family Fedora Local Security Checks NASL id FEDORA_2016-FEB8D77F36.NASL description Update to the latest upstream version due to security fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89650 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89650 title Fedora 23 : bind99-9.9.8-2.P3.fc23 (2016-feb8d77f36) NASL family AIX Local Security Checks NASL id AIX_IV81279.NASL description ISC BIND is vulnerable to a denial of service, caused by improper bounds checking in apl_42.c. By sending specially crafted Address Prefix List (APL) data, a remote authenticated attacker could exploit this vulnerability to trigger an INSIST assertion failure and cause the named process to terminate. This plugin has been deprecated to better accommodate iFix supersedence with replacement plugin aix_bind_advisory11.nasl (plugin id 102123). last seen 2017-10-29 modified 2017-08-03 plugin id 90717 published 2016-04-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=90717 title AIX 6.1 TL 9 : bind (IV81279) (deprecated) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3449.NASL description It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service. last seen 2020-06-01 modified 2020-06-02 plugin id 87996 published 2016-01-20 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87996 title Debian DSA-3449-1 : bind9 - security update NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0066.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2017-3136 (ISC change 4575) - Fix CVE-2017-3137 (ISC change 4578) - Fix and test caching CNAME before DNAME (ISC change 4558) - Fix CVE-2016-9147 (ISC change 4510) - Fix regression introduced by CVE-2016-8864 (ISC change 4530) - Restore SELinux contexts before named restart - Use /lib or /lib64 only if directory in chroot already exists - Tighten NSS library pattern, escape chroot mount path - Fix (CVE-2016-8864) - Do not change lib permissions in chroot (#1321239) - Support WKS records in chroot (#1297562) - Do not include patch backup in docs (fixes #1325081 patch) - Backported relevant parts of [RT #39567] (#1259923) - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283) - Fix multiple realms in nsupdate script like upstream (#1313286) - Fix multiple realm in nsupdate script (#1313286) - Use resolver-query-timeout high enough to recover all forwarders (#1325081) - Fix (CVE-2016-2848) - Fix infinite loop in start_lookup (#1306504) - Fix (CVE-2016-2776) last seen 2020-06-01 modified 2020-06-02 plugin id 99569 published 2017-04-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99569 title OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-0073.NASL description From Red Hat Security Advisory 2016:0073 : Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 88444 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88444 title Oracle Linux 5 / 6 / 7 : bind (ELSA-2016-0073) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2016-0074.NASL description From Red Hat Security Advisory 2016:0074 : Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 88445 published 2016-01-28 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88445 title Oracle Linux 5 : bind97 (ELSA-2016-0074) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-0227-1.NASL description This update for bind fixes the following issues : CVE-2015-8000: Remote denial of service by mis-parsing incoming responses. (bsc#958861) CVE-2015-5722: DoS against servers performing validation on DNSSEC-signed records. (bsc#944066) CVE-2015-5477: DoS against authoritative and recursive servers. CVE-2015-8704: Specific APL data could trigger a crash. (bsc#962189) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 88178 published 2016-01-26 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88178 title SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B4578647C12B11E596D614DAE9D210B8.NASL description ISC reports : Specific APL data could trigger an INSIST in apl_42.c last seen 2020-06-01 modified 2020-06-02 plugin id 88113 published 2016-01-25 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88113 title FreeBSD : bind -- denial of service vulnerability (b4578647-c12b-11e5-96d6-14dae9d210b8)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://kb.isc.org/article/AA-01335
- https://kb.isc.org/article/AA-01380
- http://marc.info/?l=bugtraq&m=145680832702035&w=2
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
- http://www.securityfocus.com/bid/81329
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178045.html
- http://rhn.redhat.com/errata/RHSA-2016-0073.html
- http://rhn.redhat.com/errata/RHSA-2016-0074.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00020.html
- http://www.securitytracker.com/id/1034739
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175973.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00025.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00023.html
- http://www.debian.org/security/2016/dsa-3449
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00024.html
- https://www.freebsd.org/security/advisories/FreeBSD-SA-16:08.bind.asc
- http://www.ubuntu.com/usn/USN-2874-1
- https://kb.isc.org/article/AA-01438
- https://security.gentoo.org/glsa/201610-07