Vulnerabilities > CVE-2018-5738 - Information Exposure vulnerability in multiple products
Summary
Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 17 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2321.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the last seen 2020-06-01 modified 2020-06-02 plugin id 131486 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131486 title EulerOS Virtualization for ARM 64 3.0.3.0 : bind (EulerOS-SA-2019-2321) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131486); script_version("1.2"); script_cvs_date("Date: 2019/12/10"); script_cve_id( "CVE-2018-5738", "CVE-2018-5745", "CVE-2019-6465" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : bind (EulerOS-SA-2019-2321)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the 'allow-recursion' setting, it SHOULD default to one of the following: none, if 'recursion no' is set in named.conf a value inherited from the 'allow-query-cache' or 'allow-query' settings IF 'recursion yes' (the default for that setting) AND match lists are explicitly set for 'allow-query-cache' or 'allow-query' (see the BIND9 Administrative Reference Manual section 6.2 for more details) or the intended default of 'allow-recursion {localhost localnets}' if 'recursion yes' is in effect and no values are explicitly set for 'allow-query-cache' or 'allow-query'. However, because of the regression introduced by change #4777, it is possible when 'recursion yes' is in effect and no match list values are provided for 'allow-query-cache' or 'allow-query' for the setting of 'allow-recursion' to inherit a setting of all hosts from the 'allow-query' setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.(CVE-2018-5738) - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.(CVE-2019-6465) - 'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.(CVE-2018-5745) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2321 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3f1b816"); script_set_attribute(attribute:"solution", value: "Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-export-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["bind-export-libs-9.11.4-10.P2.h12.eulerosv2r8", "bind-libs-9.11.4-10.P2.h12.eulerosv2r8", "bind-libs-lite-9.11.4-10.P2.h12.eulerosv2r8", "bind-license-9.11.4-10.P2.h12.eulerosv2r8", "bind-utils-9.11.4-10.P2.h12.eulerosv2r8", "python3-bind-9.11.4-10.P2.h12.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3683-1.NASL description Andrew Skalski discovered that Bind could incorrectly enable recursion when the last seen 2020-06-01 modified 2020-06-02 plugin id 110532 published 2018-06-14 reporter Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110532 title Ubuntu 18.04 LTS : bind9 vulnerability (USN-3683-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3683-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(110532); script_version("1.4"); script_cvs_date("Date: 2019/09/18 12:31:48"); script_cve_id("CVE-2018-5738"); script_xref(name:"USN", value:"3683-1"); script_name(english:"Ubuntu 18.04 LTS : bind9 vulnerability (USN-3683-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Andrew Skalski discovered that Bind could incorrectly enable recursion when the 'allow-recursion' setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3683-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected bind9 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bind9"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"bind9", pkgver:"1:9.11.3+dfsg-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind9"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-5417CA3713.NASL description Update to last security release - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120429 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120429 title Fedora 28 : 32:bind (2018-5417ca3713) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-5417ca3713. # include("compat.inc"); if (description) { script_id(120429); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-5738", "CVE-2018-5740"); script_xref(name:"FEDORA", value:"2018-5417ca3713"); script_name(english:"Fedora 28 : 32:bind (2018-5417ca3713)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to last security release - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-5417ca3713" ); script_set_attribute( attribute:"solution", value:"Update the affected 32:bind package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:32:bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:28"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^28([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 28", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC28", reference:"bind-9.11.4-5.P1.fc28", epoch:"32")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "32:bind"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201903-13.NASL description The remote host is affected by the vulnerability described in GLSA-201903-13 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : BIND can improperly permit recursive query service to unauthorized clients possibly resulting in a Denial of Service condition or to be used in DNS reflection attacks. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 122835 published 2019-03-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122835 title GLSA-201903-13 : BIND: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201903-13. # # The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(122835); script_version("1.2"); script_cvs_date("Date: 2020/02/05"); script_cve_id("CVE-2018-5738", "CVE-2018-5740", "CVE-2018-5741"); script_xref(name:"GLSA", value:"201903-13"); script_name(english:"GLSA-201903-13 : BIND: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201903-13 (BIND: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. Impact : BIND can improperly permit recursive query service to unauthorized clients possibly resulting in a Denial of Service condition or to be used in DNS reflection attacks. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201903-13" ); script_set_attribute( attribute:"solution", value: "All bind users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-dns/bind-9.12.1_p2-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"net-dns/bind", unaffected:make_list("ge 9.12.1_p2-r1"), vulnerable:make_list("lt 9.12.1_p2-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BIND"); }
NASL family DNS NASL id BIND9_CVE-2018-5738.NASL description According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.12, 9.10.7, 9.11.3, 9.12.0 prior to or equal to 9.12.1-P2, development release 9.13.0, 9.9.12-S1, 9.11.3-S1, or 9.11.3-S2. It is, therefore, affected by an allow-recursion vulnerability which exists in the named.conf due to a regression issue introduced by change #4777. An unauthenticated, remote attacker can exploit this to cause undesirable behavior such as a degradation or denial of service, DNS reflection attacks, or potentially leak private information about what queries have been performed. last seen 2020-06-01 modified 2020-06-02 plugin id 122240 published 2019-02-15 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122240 title ISC BIND Allow-Recursion Vulnerability code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122240); script_version("1.3"); script_cvs_date("Date: 2019/10/31 15:18:51"); script_cve_id("CVE-2018-5738"); script_name(english:"ISC BIND Allow-Recursion Vulnerability"); script_summary(english:"Checks the version of BIND."); script_set_attribute(attribute:"synopsis", value: "The remote name server is affected by an allow-recursion vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.12, 9.10.7, 9.11.3, 9.12.0 prior to or equal to 9.12.1-P2, development release 9.13.0, 9.9.12-S1, 9.11.3-S1, or 9.11.3-S2. It is, therefore, affected by an allow-recursion vulnerability which exists in the named.conf due to a regression issue introduced by change #4777. An unauthenticated, remote attacker can exploit this to cause undesirable behavior such as a degradation or denial of service, DNS reflection attacks, or potentially leak private information about what queries have been performed."); script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/docs/AA-01616"); script_set_attribute(attribute:"solution", value: "Upgrade to ISC BIND version 9.9.13 / 9.10.8 / 9.11.4 / 9.12.2 or later or apply the workaround as per the vendor advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5738"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/12"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/15"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"DNS"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("bind_version.nasl"); script_require_keys("bind/version", "Settings/ParanoidReport"); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); # patch can be applied vcf::bind::initialize(); app_info = vcf::get_app_info(app:"BIND", port:53, kb_ver:"bind/version", service:TRUE, proto:"UDP"); constraints = [ { "min_version" : "9.9.12", "fixed_version" : "9.9.13" }, { "min_version" : "9.10.7", "fixed_version" : "9.10.8" }, { "min_version" : "9.11.3", "fixed_version" : "9.11.4" }, { "min_version" : "9.12.0", "max_version" : "9.12.1-P2", "fixed_version" : "9.12.2" }, { "min_version" : "9.9.12-S1", "fixed_version" : "9.9.13" }, { "min_version" : "9.10.7-S1", "fixed_version" : "9.10.8" }, { "min_version" : "9.11.3-S1", "max_version" : "9.11.3-S2", "fixed_version" : "9.12.2" }, ]; constraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version); vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);
NASL family Fedora Local Security Checks NASL id FEDORA_2018-C0F12F789E.NASL description Update to bind 9.11.4 ---- - Fix CVE-2018-5738 - Remove named.iscdlv.key - Make home writeable - Use invalid shell /bin/false for bind Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-08-02 plugin id 111476 published 2018-08-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111476 title Fedora 27 : 32:bind / bind-dyndb-ldap / dnsperf (2018-c0f12f789e) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2018-c0f12f789e. # include("compat.inc"); if (description) { script_id(111476); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-5738"); script_xref(name:"FEDORA", value:"2018-c0f12f789e"); script_name(english:"Fedora 27 : 32:bind / bind-dyndb-ldap / dnsperf (2018-c0f12f789e)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Update to bind 9.11.4 ---- - Fix CVE-2018-5738 - Remove named.iscdlv.key - Make home writeable - Use invalid shell /bin/false for bind Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-c0f12f789e" ); script_set_attribute( attribute:"solution", value: "Update the affected 32:bind, bind-dyndb-ldap and / or dnsperf packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:32:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:bind-dyndb-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dnsperf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC27", reference:"bind-9.11.4-1.fc27", epoch:"32")) flag++; if (rpm_check(release:"FC27", reference:"bind-dyndb-ldap-11.1-12.fc27")) flag++; if (rpm_check(release:"FC27", reference:"dnsperf-2.1.0.0-17.fc27")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "32:bind / bind-dyndb-ldap / dnsperf"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2018-BFEC61FB2F.NASL description - Fix CVE-2018-5738 - Remove named.iscdlv.key Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120758 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120758 title Fedora 28 : 32:bind (2018-bfec61fb2f) NASL family Fedora Local Security Checks NASL id FEDORA_2018-90F8FBD58E.NASL description Update to 9.11.4-P1 - Fixes CVE-2018-5738 - Adds root key sentinel mechanism support - incremental zone transfer limit to prevent journal corruption - rndc reload memory leak Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-08-23 plugin id 112068 published 2018-08-23 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/112068 title Fedora 27 : 32:bind (2018-90f8fbd58e) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2018-192-01.NASL description New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111035 published 2018-07-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111035 title Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2018-192-01)
References
- http://www.securitytracker.com/id/1041115
- http://www.securitytracker.com/id/1041115
- https://kb.isc.org/docs/aa-01616
- https://kb.isc.org/docs/aa-01616
- https://security.gentoo.org/glsa/201903-13
- https://security.gentoo.org/glsa/201903-13
- https://security.netapp.com/advisory/ntap-20190830-0002/
- https://security.netapp.com/advisory/ntap-20190830-0002/
- https://usn.ubuntu.com/3683-1/
- https://usn.ubuntu.com/3683-1/