Vulnerabilities > CVE-2018-5742 - Reachable Assertion vulnerability in ISC Bind 9.9.465/9.9.472
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0063_BIND.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by a vulnerability: - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (CVE-2018-5742) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127258 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127258 title NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0063) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0063. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127258); script_version("1.4"); script_cvs_date("Date: 2019/11/12"); script_cve_id("CVE-2018-5742"); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0063)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by a vulnerability."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by a vulnerability: - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (CVE-2018-5742) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0063"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5742"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "bind-9.9.4-73.el7_6", "bind-chroot-9.9.4-73.el7_6", "bind-debuginfo-9.9.4-73.el7_6", "bind-devel-9.9.4-73.el7_6", "bind-libs-9.9.4-73.el7_6", "bind-libs-lite-9.9.4-73.el7_6", "bind-license-9.9.4-73.el7_6", "bind-lite-devel-9.9.4-73.el7_6", "bind-pkcs11-9.9.4-73.el7_6", "bind-pkcs11-devel-9.9.4-73.el7_6", "bind-pkcs11-libs-9.9.4-73.el7_6", "bind-pkcs11-utils-9.9.4-73.el7_6", "bind-sdb-9.9.4-73.el7_6", "bind-sdb-chroot-9.9.4-73.el7_6", "bind-utils-9.9.4-73.el7_6" ], "CGSL MAIN 5.04": [ "bind-9.9.4-73.el7_6", "bind-chroot-9.9.4-73.el7_6", "bind-debuginfo-9.9.4-73.el7_6", "bind-devel-9.9.4-73.el7_6", "bind-libs-9.9.4-73.el7_6", "bind-libs-lite-9.9.4-73.el7_6", "bind-license-9.9.4-73.el7_6", "bind-lite-devel-9.9.4-73.el7_6", "bind-pkcs11-9.9.4-73.el7_6", "bind-pkcs11-devel-9.9.4-73.el7_6", "bind-pkcs11-libs-9.9.4-73.el7_6", "bind-pkcs11-utils-9.9.4-73.el7_6", "bind-sdb-9.9.4-73.el7_6", "bind-sdb-chroot-9.9.4-73.el7_6", "bind-utils-9.9.4-73.el7_6" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-0194.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-17 modified 2019-02-04 plugin id 121548 published 2019-02-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121548 title CentOS 7 : bind (CESA-2019:0194) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:0194 and # CentOS Errata and Security Advisory 2019:0194 respectively. # include("compat.inc"); if (description) { script_id(121548); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2018-5742"); script_xref(name:"RHSA", value:"2019:0194"); script_name(english:"CentOS 7 : bind (CESA-2019:0194)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); # https://lists.centos.org/pipermail/centos-announce/2019-February/023182.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d043b860" ); script_set_attribute(attribute:"solution", value:"Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5742"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-lite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-sdb-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-libs-lite-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-license-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-lite-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-utils-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-sdb-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-sdb-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-utils-9.9.4-73.el7_6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libs / bind-libs-lite / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-0194.NASL description From Red Hat Security Advisory 2019:0194 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-01-31 plugin id 121497 published 2019-01-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121497 title Oracle Linux 7 : bind (ELSA-2019-0194) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:0194 and # Oracle Linux Security Advisory ELSA-2019-0194 respectively. # include("compat.inc"); if (description) { script_id(121497); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2018-5742"); script_xref(name:"RHSA", value:"2019:0194"); script_name(english:"Oracle Linux 7 : bind (ELSA-2019-0194)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2019:0194 : An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2019-January/008390.html" ); script_set_attribute(attribute:"solution", value:"Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-lite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-sdb-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-libs-lite-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-license-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-lite-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-utils-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-sdb-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-sdb-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-utils-9.9.4-73.el7_6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-libs / bind-libs-lite / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0194.NASL description An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-01-30 plugin id 121451 published 2019-01-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121451 title RHEL 7 : bind (RHSA-2019:0194) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:0194. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(121451); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20"); script_cve_id("CVE-2018-5742"); script_xref(name:"RHSA", value:"2019:0194"); script_name(english:"RHEL 7 : bind (RHSA-2019:0194)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:0194" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-5742" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:0194"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bind-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bind-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bind-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bind-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-debuginfo-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-libs-lite-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-license-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-lite-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bind-pkcs11-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bind-pkcs11-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-pkcs11-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", reference:"bind-pkcs11-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bind-pkcs11-utils-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bind-pkcs11-utils-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bind-sdb-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bind-sdb-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bind-sdb-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bind-sdb-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"bind-utils-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"bind-utils-9.9.4-73.el7_6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc"); } }NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2019-1170.NASL description Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most servers will be exploitable. The debug level of the bind server can be checked via the rndc status command, which will return the current trace level as last seen 2020-06-01 modified 2020-06-02 plugin id 122676 published 2019-03-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122676 title Amazon Linux 2 : bind (ALAS-2019-1170) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1170. # include("compat.inc"); if (description) { script_id(122676); script_version("1.3"); script_cvs_date("Date: 2020/02/06"); script_cve_id("CVE-2018-5742"); script_xref(name:"ALAS", value:"2019-1170"); script_name(english:"Amazon Linux 2 : bind (ALAS-2019-1170)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux 2 host is missing a security update." ); script_set_attribute( attribute:"description", value: "Crash from assertion error when debug log level is 10 and log entries meet buffer boundary. This flaw appears to be exploitable only when debug logging is enabled and set to at least a level of 10. As this configuration should be rare in production instances of bind, it is unlikely that most servers will be exploitable. The debug level of the bind server can be checked via the rndc status command, which will return the current trace level as 'debug level'. A value of 10 or above would most likely make this flaw exploitable.(CVE-2018-5742)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1170.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update bind' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-lite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-pkcs11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-pkcs11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-pkcs11-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-sdb-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "2") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"AL2", reference:"bind-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-chroot-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-debuginfo-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-devel-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-libs-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-libs-lite-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-license-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-lite-devel-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-pkcs11-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-pkcs11-devel-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-pkcs11-libs-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-pkcs11-utils-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-sdb-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-sdb-chroot-9.9.4-73.amzn2.1.1")) flag++; if (rpm_check(release:"AL2", reference:"bind-utils-9.9.4-73.amzn2.1.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc"); }NASL family Scientific Linux Local Security Checks NASL id SL_20190129_BIND_ON_SL7_X.NASL description Security Fix(es) : - bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) last seen 2020-03-18 modified 2019-01-30 plugin id 121455 published 2019-01-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121455 title Scientific Linux Security Update : bind on SL7.x x86_64 (20190129) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(121455); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24"); script_cve_id("CVE-2018-5742"); script_name(english:"Scientific Linux Security Update : bind on SL7.x x86_64 (20190129)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Security Fix(es) : - bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1901&L=SCIENTIFIC-LINUX-ERRATA&P=9784 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?90bb4494" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-lite-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-sdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-utils"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/30"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-debuginfo-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-libs-lite-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", reference:"bind-license-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-lite-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-devel-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-libs-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-utils-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-sdb-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-sdb-chroot-9.9.4-73.el7_6")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-utils-9.9.4-73.el7_6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc"); }
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|