Vulnerabilities > CVE-2017-3138 - Reachable Assertion vulnerability in multiple products

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3854.NASL
    descriptionSeveral vulnerabilities were discovered in BIND, a DNS server implementation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the
    last seen2020-06-01
    modified2020-06-02
    plugin id100167
    published2017-05-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100167
    titleDebian DSA-3854-1 : bind9 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3854. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100167);
      script_version("3.11");
      script_cvs_date("Date: 2019/02/12  9:22:59");
    
      script_cve_id("CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3138");
      script_xref(name:"DSA", value:"3854");
    
      script_name(english:"Debian DSA-3854-1 : bind9 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities were discovered in BIND, a DNS server
    implementation. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2017-3136
        Oleg Gorokhov of Yandex discovered that BIND does not
        properly handle certain queries when using DNS64 with
        the 'break-dnssec yes;' option, allowing a remote
        attacker to cause a denial-of-service.
    
      - CVE-2017-3137
        It was discovered that BIND makes incorrect assumptions
        about the ordering of records in the answer section of a
        response containing CNAME or DNAME resource records,
        leading to situations where BIND exits with an assertion
        failure. An attacker can take advantage of this
        condition to cause a denial-of-service.
    
      - CVE-2017-3138
        Mike Lalumiere of Dyn, Inc. discovered that BIND can
        exit with a REQUIRE assertion failure if it receives a
        null command string on its control channel. Note that
        the fix applied in Debian is only applied as a hardening
        measure. Details about the issue can be found at
        https://kb.isc.org/article/AA-01471 ."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-3136"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-3137"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-3138"
      );
      # https://kb.isc.org/article/AA-01471
      script_set_attribute(
        attribute:"see_also",
        value:"https://kb.isc.org/docs/aa-01471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/bind9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2017/dsa-3854"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the bind9 packages.
    
    For the stable distribution (jessie), these problems have been fixed
    in version 1:9.9.5.dfsg-9+deb8u11."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"bind9", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"bind9-doc", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"bind9-host", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"bind9utils", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"dnsutils", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"host", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libbind-dev", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libbind-export-dev", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libbind9-90", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libdns-export100", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libdns-export100-udeb", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libdns100", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libirs-export91", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libirs-export91-udeb", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libisc-export95", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libisc-export95-udeb", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libisc95", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libisccc90", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libisccfg-export90", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libisccfg-export90-udeb", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"libisccfg90", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"liblwres90", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    if (deb_check(release:"8.0", prefix:"lwresd", reference:"1:9.9.5.dfsg-9+deb8u11")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201708-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201708-01 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send a specially crafted DNS request to the BIND resolver resulting in a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id102531
    published2017-08-17
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102531
    titleGLSA-201708-01 : BIND: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201708-01.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102531);
      script_version("3.3");
      script_cvs_date("Date: 2019/04/10 16:10:17");
    
      script_cve_id("CVE-2016-9131", "CVE-2016-9147", "CVE-2016-9444", "CVE-2016-9778", "CVE-2017-3135", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3138", "CVE-2017-3140", "CVE-2017-3141");
      script_xref(name:"GLSA", value:"201708-01");
    
      script_name(english:"GLSA-201708-01 : BIND: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201708-01
    (BIND: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in BIND. Please review the
          CVE identifiers referenced below for details.
      
    Impact :
    
        A remote attacker could send a specially crafted DNS request to the BIND
          resolver resulting in a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201708-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All BIND users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=net-dns/bind-9.11.1_p1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"net-dns/bind", unaffected:make_list("ge 9.11.1_p1"), vulnerable:make_list("lt 9.11.1_p1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BIND");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-0A876B0BA5.NASL
    descriptionSecurity fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-24
    plugin id99605
    published2017-04-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99605
    titleFedora 24 : 32:bind (2017-0a876b0ba5)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-0a876b0ba5.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99605);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3138");
      script_xref(name:"FEDORA", value:"2017-0a876b0ba5");
    
      script_name(english:"Fedora 24 : 32:bind (2017-0a876b0ba5)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0a876b0ba5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected 32:bind package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:32:bind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"bind-9.10.4-3.P8.fc24", epoch:"32")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "32:bind");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-44E494DB1E.NASL
    descriptionSecurity fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-20
    plugin id99488
    published2017-04-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99488
    titleFedora 25 : bind99 (2017-44e494db1e)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-44e494db1e.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99488);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3138");
      script_xref(name:"FEDORA", value:"2017-44e494db1e");
    
      script_name(english:"Fedora 25 : bind99 (2017-44e494db1e)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-44e494db1e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected bind99 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind99");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"bind99-9.9.9-4.P8.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind99");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-EDCE28F24B.NASL
    descriptionSecurity fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-05-08
    plugin id100014
    published2017-05-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100014
    titleFedora 24 : bind99 (2017-edce28f24b)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-edce28f24b.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(100014);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3138");
      script_xref(name:"FEDORA", value:"2017-edce28f24b");
    
      script_name(english:"Fedora 24 : bind99 (2017-edce28f24b)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-edce28f24b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected bind99 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind99");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/05/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"bind99-9.9.9-4.P8.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind99");
    }
    
  • NASL familyDNS
    NASL idBIND9_CVE-2017-3138.NASL
    descriptionAccording to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.x prior to 9.9.9-P8 or 9.9.9-S10, 9.10.x prior to 9.10.4-P8, or 9.11.x prior to 9.11.0-P5. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in DNS64 when handling certain queries for synthesized records. An unauthenticated, remote attacker can exploit this, via a specially crafted query, to cause an assertion failure, resulting in DNS64 terminating. Note that issue applies if the server is configured to use DNS64 and if the option
    last seen2020-06-01
    modified2020-06-02
    plugin id99478
    published2017-04-19
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99478
    titleISC BIND 9 < 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1r3 Multiple Vunlerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99478);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/13");
    
      script_cve_id("CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3138");
      script_bugtraq_id(97651, 97653, 97657);
    
      script_name(english:"ISC BIND 9 < 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1r3 Multiple Vunlerabilities");
      script_summary(english:"Checks the version of BIND.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote name server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its self-reported version, the instance of ISC BIND 9
    running on the remote name server is 9.9.x prior to 9.9.9-P8 or
    9.9.9-S10, 9.10.x prior to 9.10.4-P8, or 9.11.x prior to 9.11.0-P5. It
    is, therefore, affected by multiple vulnerabilities :
    
      - A denial of service vulnerability exists in DNS64 when
        handling certain queries for synthesized records. An
        unauthenticated, remote attacker can exploit this, via a
        specially crafted query, to cause an assertion failure,
        resulting in DNS64 terminating. Note that issue applies
        if the server is configured to use DNS64 and if the
        option 'break-dnssec yes;' is in use. (CVE-2017-3136)
    
      - A denial of service vulnerability exists when handling
        specially crafted responses containing CNAME or DNAME
        resource records that are ordered in specific ways. An
        unauthenticated, remote attacker can exploit this, via
        responses sent in an unusual order, to cause an
        assertion failure, resulting in the resolver
        terminating. (CVE-2017-3137)
    
      - A denial of service vulnerability exists when handling a
        NULL command string sent to the named control channel.
        An authenticated, remote attacker can exploit this to
        cause an REQUIRE assertion failure, resulting in the
        named daemon exiting. Note that the BIND control channel
        is not configured by default. (CVE-2017-3138)
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01465");
      script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01466");
      script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/article/AA-01471");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to ISC BIND version 9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 /
    9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1rc3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3137");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/19");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"DNS");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("bind_version.nasl");
      script_require_keys("bind/version", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver = get_kb_item_or_exit("bind/version");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    if (
      # 9.9.0 - 9.9.8
      ver =~ "^9\.9\.[0-8]($|[^0-9])" ||
      # 9.9.9 <= 9.9.9-P7/9.9.9-S9
      ver =~ "^9\.9\.9((([ab]|beta|rc)[0-9]*)|(-P[0-7])|(-S[0-9]))?$" ||
    
      # 9.10.0 - 9.10.3
      ver =~ "^9\.10\.[0-3]($|[^0-9])" ||
      # 9.10.4 <= 9.10.4-P7
      ver =~ "^9\.10\.4((([ab]|beta|rc)[0-9]*)|(-P[0-7]))?$" ||
    
      # 9.11.0.x <= 9.11.0-P4
      ver =~ "^9\.11\.0((([ab]|beta|rc)[0-9]*)|(-P[0-4]))?$" ||
    
      # beta and RC versions
      # 9.9.10b1 - 9.9.10rc2
      ver =~ "^9\.9\.10(b|beta)([0-9]*)?$" ||
      ver =~ "^9\.9\.10rc[0-2]?$" ||
    
      # 9.10.5b1 - 9.10.5rc2
      ver =~ "^9\.10\.5(b|beta)([0-9]*)?$" ||
      ver =~ "^9\.10\.5rc[0-2]?$" ||
    
      # 9.11.1b1 - 9.11.1rc2
      ver =~ "^9\.11\.1((b|beta)[0-9])?$" ||
      ver =~ "^9\.11\.1rc[0-2]?$"
    )
    {
      items = make_array(
        "Installed version", ver,
        "Fixed version", "9.9.9-P8 / 9.9.9-S10 / 9.9.10rc3 / 9.10.4-P8 / 9.10.5rc3 / 9.11.0-P5 / 9.11.1rc3"
      );
      order = make_list("Installed version", "Fixed version");
      security_report_v4(
        severity:SECURITY_WARNING,
        port:53,
        proto:"udp",
        extra:report_items_str(
          report_items:items,
          ordered_fields:order
        )
      );
    }
    else audit(AUDIT_LISTEN_NOT_VULN, "BIND", 53, ver, "UDP");
    
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3259-1.NASL
    descriptionIt was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. (CVE-2017-3137) Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. (CVE-2017-3136) Mike Lalumiere discovered that in some situations, Bind did not properly handle invalid operations requested via its control channel. An attacker with access to the control channel could cause a denial of service. (CVE-2017-3138). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99435
    published2017-04-18
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99435
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : bind9 vulnerabilities (USN-3259-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-491.NASL
    descriptionThis update for bind fixes the following issues : CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. One additional non-security bug was fixed : The default umask was changed to 077. (bsc#1020983) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2017-04-20
    plugin id99499
    published2017-04-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99499
    titleopenSUSE Security Update : bind (openSUSE-2017-491)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-A354EFC764.NASL
    descriptionSecurity fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101692
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101692
    titleFedora 26 : bind99 (2017-a354efc764)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0999-1.NASL
    descriptionThis update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99357
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99357
    titleSUSE SLES12 Security Update : bind (SUSE-SU-2017:0999-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1000-1.NASL
    descriptionThis update for bind fixes the following security issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99358
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99358
    titleSUSE SLES11 Security Update : bind (SUSE-SU-2017:1000-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-EE4B0F53CB.NASL
    descriptionSecurity fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-04-20
    plugin id99495
    published2017-04-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99495
    titleFedora 25 : 32:bind (2017-ee4b0f53cb)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-F9F909A7B7.NASL
    descriptionSecurity fix for CVE-2017-3136, CVE-2017-3137 and CVE-2017-3138 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101751
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101751
    titleFedora 26 : 32:bind (2017-f9f909a7b7)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C68614941FFB11E7934DD05099C0AE8C.NASL
    descriptionISC reports : A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string.
    last seen2020-06-01
    modified2020-06-02
    plugin id99325
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99325
    titleFreeBSD : BIND -- multiple vulnerabilities (c6861494-1ffb-11e7-934d-d05099c0ae8c)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0998-1.NASL
    descriptionThis update for bind fixes the following issues: CVE-2017-3137 (bsc#1033467): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could have been exploited to cause a denial of service of a bind server performing recursion. CVE-2017-3136 (bsc#1033466): An attacker could have constructed a query that would cause a denial of service of servers configured to use DNS64. CVE-2017-3138 (bsc#1033468): An attacker with access to the BIND control channel could have caused the server to stop by triggering an assertion failure. CVE-2016-6170 (bsc#987866): Primary DNS servers could have caused a denial of service of secondary DNS servers via a large AXFR response. IXFR servers could have caused a denial of service of IXFR clients via a large IXFR response. Remote authenticated users could have caused a denial of service of primary DNS servers via a large UPDATE message. CVE-2016-2775 (bsc#989528): When lwresd or the named lwres option were enabled, bind allowed remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. One additional non-security bug was fixed: The default umask was changed to 077. (bsc#1020983) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99356
    published2017-04-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99356
    titleSUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2017:0998-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-957.NASL
    descriptionCVE-2017-3136 Oleg Gorokhov of Yandex discovered that BIND does not properly handle certain queries when using DNS64 with the
    last seen2020-03-17
    modified2017-05-30
    plugin id100477
    published2017-05-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100477
    titleDebian DLA-957-1 : bind9 security update
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-103-01.NASL
    descriptionNew bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id99378
    published2017-04-14
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99378
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2017-103-01)