Vulnerabilities > CVE-2017-1000231 - Double Free vulnerability in Nlnetlabs Ldns 1.7.0

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
nlnetlabs
CWE-415
critical
nessus

Summary

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

Vulnerable Configurations

Part Description Count
Application
Nlnetlabs
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-438.NASL
    descriptionThis update for ldns fixes the following issues : - CVE-2017-1000231: Fixed a buffer overflow during token parsing (bsc#1068711). - CVE-2017-1000232: Fixed a double-free vulnerability in str2host.c (bsc#1068709). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-04-07
    modified2020-04-02
    plugin id135163
    published2020-04-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135163
    titleopenSUSE Security Update : ldns (openSUSE-2020-438)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2020-438.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(135163);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/06");
    
      script_cve_id("CVE-2017-1000231", "CVE-2017-1000232");
    
      script_name(english:"openSUSE Security Update : ldns (openSUSE-2020-438)");
      script_summary(english:"Check for the openSUSE-2020-438 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for ldns fixes the following issues :
    
      - CVE-2017-1000231: Fixed a buffer overflow during token
        parsing (bsc#1068711).
    
      - CVE-2017-1000232: Fixed a double-free vulnerability in
        str2host.c (bsc#1068709).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068711"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ldns packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ldns");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ldns-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ldns-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ldns-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldns2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libldns2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-DNS-LDNS");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-DNS-LDNS-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-ldns");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-ldns-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/03/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.1", reference:"ldns-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ldns-debuginfo-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ldns-debugsource-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"ldns-devel-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libldns2-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"libldns2-debuginfo-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"perl-DNS-LDNS-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"perl-DNS-LDNS-debuginfo-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"python3-ldns-1.7.0-lp151.4.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.1", reference:"python3-ldns-debuginfo-1.7.0-lp151.4.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ldns / ldns-debuginfo / ldns-debugsource / ldns-devel / libldns2 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-0801-1.NASL
    descriptionThis update for ldns fixes the following issues : CVE-2017-1000231: Fixed a buffer overflow during token parsing (bsc#1068711). CVE-2017-1000232: Fixed a double-free vulnerability in str2host.c (bsc#1068709). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-01
    modified2020-03-27
    plugin id134972
    published2020-03-27
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134972
    titleSUSE SLED15 / SLES15 Security Update : ldns (SUSE-SU-2020:0801-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1231.NASL
    descriptionAccording to the version of the ldns package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.(CVE-2017-1000231) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id117540
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117540
    titleEulerOS Virtualization 2.5.0 : ldns (EulerOS-SA-2018-1231)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3491-1.NASL
    descriptionLeon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-3209) Stephan Zeisberg discovered that ldns incorrectly handled memory when processing data. A remote attacker could use this issue to cause ldns to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-1000231, CVE-2017-1000232). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id104784
    published2017-11-27
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104784
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : ldns vulnerabilities (USN-3491-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1337.NASL
    descriptionAccording to the version of the ldns package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.(CVE-2017-1000231) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-12-18
    plugin id105318
    published2017-12-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105318
    titleEulerOS 2.0 SP2 : ldns (EulerOS-SA-2017-1337)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1182.NASL
    descriptionA security vulnerability has been discovered in ldns, a library and collection of utilities for DNS programming. CVE-2017-1000231 The generic parser contained a double-free vulnerability which resulted in an application crash with unspecified impacts and attack vectors. For Debian 7
    last seen2020-03-17
    modified2017-11-21
    plugin id104709
    published2017-11-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104709
    titleDebian DLA-1182-1 : ldns security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1336.NASL
    descriptionAccording to the version of the ldns package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.(CVE-2017-1000231) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-12-18
    plugin id105317
    published2017-12-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105317
    titleEulerOS 2.0 SP1 : ldns (EulerOS-SA-2017-1336)