Vulnerabilities > CVE-2018-5745 - Use of a Broken or Risky Cryptographic Algorithm vulnerability in ISC Bind
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Encryption Brute Forcing An attacker, armed with the cipher text and the encryption algorithm used, performs an exhaustive (brute force) search on the key space to determine the key that decrypts the cipher text to obtain the plaintext.
- Creating a Rogue Certificate Authority Certificate An attacker exploits a weakness in the MD5 hash algorithm (weak collision resistance) to generate a certificate signing request (CSR) that contains collision blocks in the "to be signed" part. The attacker specially crafts two different, but valid X.509 certificates that when hashed with the MD5 algorithm would yield the same value. The attacker then sends the CSR for one of the certificates to the Certification Authority which uses the MD5 hashing algorithm. That request is completely valid and the Certificate Authority issues an X.509 certificate to the attacker which is signed with its private key. An attacker then takes that signed blob and inserts it into another X.509 certificate that the attacker generated. Due to the MD5 collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the attackers' second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority. To make the attack more interesting, the second certificate could be not just a regular certificate, but rather itself a signing certificate. Thus the attacker is able to start their own Certification Authority that is anchored in its root of trust in the legitimate Certification Authority that has signed the attackers' first X.509 certificate. If the original Certificate Authority was accepted by default by browsers, so will now the Certificate Authority set up by the attacker and of course any certificates that it signs. So the attacker is now able to generate any SSL certificates to impersonate any web server, and the user's browser will not issue any warning to the victim. This can be used to compromise HTTPS communications and other types of systems where PKI and X.509 certificates may be used (e.g., VPN, IPSec) .
- Signature Spoof An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
- Cryptanalysis Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the ciphertext without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as: 1. Total Break - Finding the secret key 2. Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key. 3. Information Deduction - Gaining some information about plaintexts or ciphertexts that was not previously known 4. Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (ciphertext) from a random permutation of bits The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.
Nessus
NASL family DNS NASL id BIND9_CVE-2018-5745.NASL description According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is less than 9.11.5-P4 / 9.11.5-S5 / 9.12.3-P4 / 9.13.7. It is, therefore, affected by an assertion failure vulnerability. - An assertion failure exists in the managed-keys component due to an error when, during key rollover, a trust anchor last seen 2020-06-01 modified 2020-06-02 plugin id 122506 published 2019-03-01 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122506 title ISC BIND Assertion Failure Vulnerability code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122506); script_version("1.4"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2018-5745"); script_bugtraq_id(107142); script_name(english:"ISC BIND Assertion Failure Vulnerability"); script_summary(english:"Checks the version of BIND."); script_set_attribute(attribute:"synopsis", value: "The remote name server is affected by an assertion failure vulnerability."); script_set_attribute(attribute:"description", value: "According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is less than 9.11.5-P4 / 9.11.5-S5 / 9.12.3-P4 / 9.13.7. It is, therefore, affected by an assertion failure vulnerability. - An assertion failure exists in the managed-keys component due to an error when, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. An unauthenticated, remote attacker to cause named to deliberately exit after encountering an assertion failure. (CVE-2018-5745) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/docs/cve-2018-5745"); # https://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?819e1b27"); # https://ftp.isc.org/isc/bind9/9.12.3-P4/RELEASE-NOTES-bind-9.12.3-P4.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce21c14e"); # https://ftp.isc.org/isc/bind9/9.13.7/RELEASE-NOTES-bind-9.13.7.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d3f49be7"); script_set_attribute(attribute:"solution", value: "Upgrade to ISC BIND version 9.11.5-P4 / 9.12.3-P4 / 9.13.7 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5745"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/01"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"DNS"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("bind_version.nasl"); script_require_keys("bind/version", "Settings/ParanoidReport"); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); # patch can be applied vcf::bind::initialize(); app_info = vcf::get_app_info(app:"BIND", port:53, kb_ver:"bind/version", service:TRUE, proto:"UDP"); constraints = [ { "min_version" : "9.9.0", "max_version" : "9.10.8-P1", "fixed_version":"9.11.5-P4" }, { "min_version" : "9.11.0", "max_version": "9.11.5-P1", "fixed_version" : "9.11.5-P4"}, { "min_version" : "9.12.0", "max_version": "9.12.3-P1", "fixed_version" : "9.12.3-P4"}, { "min_version" : "9.9.3-S1", "max_version" : "9.11.5-S3", "fixed_version":"9.11.5-S5" }, { "min_version" : "9.13.0", "max_version" : "9.13.6", "fixed_version" : "9.13.7" } ]; constraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version); vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL25244852.NASL description 'managed-keys last seen 2020-03-17 modified 2019-03-04 plugin id 122554 published 2019-03-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122554 title F5 Networks BIG-IP : BIND vulnerability (K25244852) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K25244852. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(122554); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09"); script_cve_id("CVE-2018-5745"); script_name(english:"F5 Networks BIG-IP : BIND vulnerability (K25244852)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745. (CVE-2018-5745) Impact BIG-IP An arbitrary attacker may exploit this vulnerability to cause a denial of service (DoS) on the named service. BIG-IQ, F5 iWorkflow, and Enterprise Manager These F5 products are not vulnerablein the default, standard, and recommended configurations. This vulnerability is exposed on these products when a custom configurationis applied to the named service. Traffix SDC There is no impact for thisF5 product; it isnot affected by this vulnerability." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K25244852" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K25244852." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K25244852"; vmatrix = make_array(); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["AFM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["AM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["APM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["ASM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["AVR"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["GTM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["LC"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["LTM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["PEM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("14.0.0-14.1.0","13.0.0-13.1.1","12.1.0-12.1.4","11.5.1-11.6.3"); vmatrix["WAM"]["unaffected"] = make_list("15.0.0","14.1.0.2","13.1.1.5","12.1.4.1","11.6.4","11.5.9"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_note(port:0, extra:bigip_report_get()); else security_note(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2321.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the last seen 2020-06-01 modified 2020-06-02 plugin id 131486 published 2019-12-03 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131486 title EulerOS Virtualization for ARM 64 3.0.3.0 : bind (EulerOS-SA-2019-2321) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131486); script_version("1.2"); script_cvs_date("Date: 2019/12/10"); script_cve_id( "CVE-2018-5738", "CVE-2018-5745", "CVE-2019-6465" ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.3.0 : bind (EulerOS-SA-2019-2321)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the 'allow-recursion' setting, it SHOULD default to one of the following: none, if 'recursion no' is set in named.conf a value inherited from the 'allow-query-cache' or 'allow-query' settings IF 'recursion yes' (the default for that setting) AND match lists are explicitly set for 'allow-query-cache' or 'allow-query' (see the BIND9 Administrative Reference Manual section 6.2 for more details) or the intended default of 'allow-recursion {localhost localnets}' if 'recursion yes' is in effect and no values are explicitly set for 'allow-query-cache' or 'allow-query'. However, because of the regression introduced by change #4777, it is possible when 'recursion yes' is in effect and no match list values are provided for 'allow-query-cache' or 'allow-query' for the setting of 'allow-recursion' to inherit a setting of all hosts from the 'allow-query' setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.(CVE-2018-5738) - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.(CVE-2019-6465) - 'managed-keys' is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.(CVE-2018-5745) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2321 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b3f1b816"); script_set_attribute(attribute:"solution", value: "Update the affected bind packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/03"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-export-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs-lite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-license"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-bind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.3.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.3.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.3.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["bind-export-libs-9.11.4-10.P2.h12.eulerosv2r8", "bind-libs-9.11.4-10.P2.h12.eulerosv2r8", "bind-libs-lite-9.11.4-10.P2.h12.eulerosv2r8", "bind-license-9.11.4-10.P2.h12.eulerosv2r8", "bind-utils-9.11.4-10.P2.h12.eulerosv2r8", "python3-bind-9.11.4-10.P2.h12.eulerosv2r8"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2128.NASL description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - last seen 2020-05-08 modified 2019-11-12 plugin id 130837 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130837 title EulerOS 2.0 SP5 : bind (EulerOS-SA-2019-2128) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1532.NASL description This update for bind fixes the following issues : Security issues fixed : - CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125807 published 2019-06-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125807 title openSUSE Security Update : bind (openSUSE-2019-1532) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1533.NASL description This update for bind fixes the following issues : Security issues fixed : - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). - CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125808 published 2019-06-11 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125808 title openSUSE Security Update : bind (openSUSE-2019-1533) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4440.NASL description Multiple vulnerabilities were found in the BIND DNS server : - CVE-2018-5743 Connection limits were incorrectly enforced. - CVE-2018-5745 The last seen 2020-06-01 modified 2020-06-02 plugin id 124722 published 2019-05-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124722 title Debian DSA-4440-1 : bind9 - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3893-1.NASL description Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744) It was discovered that Bind incorrectly handled certain trust anchors when used with the last seen 2020-06-01 modified 2020-06-02 plugin id 122399 published 2019-02-22 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122399 title Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : bind9 vulnerabilities (USN-3893-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1061.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory. - bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) - bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) - bind: TCP Pipelining doesn last seen 2020-04-23 modified 2020-04-01 plugin id 135069 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135069 title RHEL 7 : bind (RHSA-2020:1061) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1822.NASL description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An assertion failure was found in the way bind implemented the last seen 2020-05-03 modified 2019-08-27 plugin id 128191 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128191 title EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-1822) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2557.NASL description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - last seen 2020-05-08 modified 2019-12-19 plugin id 132274 published 2019-12-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132274 title EulerOS 2.0 SP3 : bind (EulerOS-SA-2019-2557) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3552.NASL description An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es) : * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 130551 published 2019-11-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130551 title RHEL 8 : bind (RHSA-2019:3552) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1407-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125703 published 2019-06-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125703 title SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1449-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125799 published 2019-06-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125799 title SUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1697.NASL description Two issues have been found in bind9, the Internet Domain Name Server. CVE-2019-6465 Zone transfer for DLZs are executed though not permitted by ACLs. CVE-2018-5745 Avoid assertion and thus causing named to deliberately exit when a trust anchor last seen 2020-06-01 modified 2020-06-02 plugin id 122513 published 2019-03-01 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122513 title Debian DLA-1697-1 : bind9 security updat NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2502-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069). CVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687) CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068). CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185). CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 129526 published 2019-10-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129526 title SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1061.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1061 advisory. - bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) - bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) - bind: TCP Pipelining doesn last seen 2020-06-06 modified 2020-04-10 plugin id 135328 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135328 title CentOS 7 : bind (CESA-2020:1061) NASL family Scientific Linux Local Security Checks NASL id SL_20200407_BIND_ON_SL7_X.NASL description * bind: TCP Pipelining doesn last seen 2020-04-30 modified 2020-04-21 plugin id 135801 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135801 title Scientific Linux Security Update : bind on SL7.x x86_64 (20200407) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1460.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.(CVE-2016-6170) - It was found that the controls for zone transfer were not properly applied to Dynamically Loadable Zones (DLZs). An attacker acting as a DNS client could use this flaw to request and receive a zone transfer of a DLZ even when not permitted to do so by the last seen 2020-04-30 modified 2020-04-16 plugin id 135622 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135622 title EulerOS Virtualization 3.0.2.2 : bind (EulerOS-SA-2020-1460) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-14074-1.NASL description This update for bind fixes the following issues : Security issues fixed : CVE-2018-5740: Fixed a denial of service vulnerability in the last seen 2020-06-01 modified 2020-06-02 plugin id 125759 published 2019-06-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125759 title SUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1203.NASL description According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that bind does not implement reasonable restrictions for zone sizes. This allows an explicitly configured primary DNS server for a zone to crash a secondary DNS server, affecting service of other zones hosted on the same secondary server.(CVE-2016-6170) - Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.(CVE-2019-6465) - To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.(CVE-2018-5741) - last seen 2020-03-19 modified 2020-03-13 plugin id 134492 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134492 title EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2020-1203) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2453.NASL description According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.(CVE-2018-5741) - last seen 2020-05-08 modified 2019-12-04 plugin id 131607 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131607 title EulerOS 2.0 SP2 : bind (EulerOS-SA-2019-2453)
Redhat
| advisories |
| ||||
| rpms |
|