Vulnerabilities > CVE-2020-8617 - Reachable Assertion vulnerability in multiple products

047910
CVSS 5.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
high complexity
isc
debian
fedoraproject
opensuse
canonical
CWE-617
nessus
exploit available
metasploit

Summary

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

Vulnerable Configurations

Part Description Count
Application
Isc
1342
OS
Debian
3
OS
Fedoraproject
2
OS
Opensuse
2
OS
Canonical
6

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:48521
last seen2020-05-27
modified2020-05-20
published2020-05-20
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/48521
titleBIND - 'TSIG' Denial of Service

Metasploit

descriptionA logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c.
idMSF:AUXILIARY/DOS/DNS/BIND_TSIG_BADTIME
last seen2020-06-12
modified2020-05-27
published2020-05-26
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/dns/bind_tsig_badtime.rb
titleBIND TSIG Badtime Query Denial of Service

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-2344.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2344 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-02
    plugin id137007
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137007
    titleCentOS 7 : bind (CESA-2020:2344)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:2344 and 
    # CentOS Errata and Security Advisory 2020:2344 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137007);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
      script_xref(name:"RHSA", value:"2020:2344");
    
      script_name(english:"CentOS 7 : bind (CESA-2020:2344)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:2344 advisory.
    
      - bind: BIND does not sufficiently limit the number of
        fetches performed when processing referrals
        (CVE-2020-8616)
    
      - bind: A logic error in code which checks TSIG validity
        can be used to trigger an assertion failure in tsig.c
        (CVE-2020-8617)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number."
      );
      # https://lists.centos.org/pipermail/centos-announce/2020-June/035744.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9a940b1a"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected bind packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-export-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-export-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-libs-lite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-license");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-lite-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-pkcs11-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-sdb-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bind-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-chroot-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-export-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-export-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-libs-lite-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-license-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-lite-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-pkcs11-utils-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-sdb-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-sdb-chroot-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"bind-utils-9.11.4-16.P2.el7_8.6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-export-devel / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4689.NASL
    descriptionSeveral vulnerabilities were discovered in BIND, a DNS server implementation. - CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. - CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals. An attacker can take advantage of this flaw to cause a denial of service (performance degradation) or use the recursing server in a reflection attack with a high amplification factor. - CVE-2020-8617 It was discovered that a logic error in the code which checks TSIG validity can be used to trigger an assertion failure, resulting in denial of service.
    last seen2020-05-31
    modified2020-05-20
    plugin id136721
    published2020-05-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136721
    titleDebian DSA-4689-1 : bind9 - security update
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4689. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136721);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/26");
    
      script_cve_id("CVE-2019-6477", "CVE-2020-8616", "CVE-2020-8617");
      script_xref(name:"DSA", value:"4689");
      script_xref(name:"IAVA", value:"2020-A-0217-S");
    
      script_name(english:"Debian DSA-4689-1 : bind9 - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Several vulnerabilities were discovered in BIND, a DNS server
    implementation.
    
      - CVE-2019-6477
        It was discovered that TCP-pipelined queries can bypass
        tcp-client limits resulting in denial of service.
    
      - CVE-2020-8616
        It was discovered that BIND does not sufficiently limit
        the number of fetches performed when processing
        referrals. An attacker can take advantage of this flaw
        to cause a denial of service (performance degradation)
        or use the recursing server in a reflection attack with
        a high amplification factor.
    
      - CVE-2020-8617
        It was discovered that a logic error in the code which
        checks TSIG validity can be used to trigger an assertion
        failure, resulting in denial of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-6477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-8616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2020-8617"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/bind9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/bind9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/buster/bind9"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2020/dsa-4689"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade the bind9 packages.
    
    For the oldstable distribution (stretch), these problems have been
    fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u6.
    
    For the stable distribution (buster), these problems have been fixed
    in version 1:9.11.5.P4+dfsg-5.1+deb10u1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"10.0", prefix:"bind9", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"bind9-doc", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"bind9-host", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"bind9utils", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"dnsutils", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libbind-dev", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libbind-export-dev", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libbind9-161", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libdns-export1104", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libdns-export1104-udeb", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libdns1104", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libirs-export161", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libirs-export161-udeb", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libirs161", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisc-export1100", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisc-export1100-udeb", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisc1100", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisccc-export161", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisccc-export161-udeb", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisccc161", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisccfg-export163", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisccfg-export163-udeb", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"libisccfg163", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"10.0", prefix:"liblwres161", reference:"1:9.11.5.P4+dfsg-5.1+deb10u1")) flag++;
    if (deb_check(release:"9.0", prefix:"bind9", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"bind9-doc", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"bind9-host", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"bind9utils", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"dnsutils", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"host", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libbind-dev", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libbind-export-dev", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libbind9-140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libdns-export162", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libdns-export162-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libdns162", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libirs-export141", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libirs-export141-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libirs141", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisc-export160", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisc-export160-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisc160", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisccc-export140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisccc-export140-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisccc140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisccfg-export140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisccfg-export140-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"libisccfg140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"liblwres141", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    if (deb_check(release:"9.0", prefix:"lwresd", reference:"1:9.10.3.dfsg.P4-12.3+deb9u6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-3_0-0101_BINDUTILS.NASL
    descriptionAn update of the bindutils package has been released.
    last seen2020-06-10
    modified2020-06-06
    plugin id137187
    published2020-06-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137187
    titlePhoton OS 3.0: Bindutils PHSA-2020-3.0-0101
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-3.0-0101. The text
    # itself is copyright (C) VMware, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137187);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
    
      script_name(english:"Photon OS 3.0: Bindutils PHSA-2020-3.0-0101");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the bindutils package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-101.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bindutils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 3.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-3.0", cpu:"x86_64", reference:"bindutils-9.16.3-1.ph3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bindutils");
    }
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2020-140-01.NASL
    descriptionNew bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-05-31
    modified2020-05-20
    plugin id136728
    published2020-05-20
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136728
    titleSlackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2020-140-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2020-140-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136728);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/26");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
      script_xref(name:"SSA", value:"2020-140-01");
      script_xref(name:"IAVA", value:"2020-A-0217-S");
    
      script_name(english:"Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2020-140-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "New bind packages are available for Slackware 14.0, 14.1, 14.2, and
    -current to fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.487699
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a01a9f22"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected bind package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:bind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.0", pkgname:"bind", pkgver:"9.11.19", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++;
    if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"bind", pkgver:"9.11.19", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++;
    
    if (slackware_check(osver:"14.1", pkgname:"bind", pkgver:"9.11.19", pkgarch:"i486", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"bind", pkgver:"9.11.19", pkgarch:"x86_64", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"14.2", pkgname:"bind", pkgver:"9.11.19", pkgarch:"i586", pkgnum:"1_slack14.2")) flag++;
    if (slackware_check(osver:"14.2", arch:"x86_64", pkgname:"bind", pkgver:"9.11.19", pkgarch:"x86_64", pkgnum:"1_slack14.2")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"bind", pkgver:"9.16.3", pkgarch:"i586", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"bind", pkgver:"9.16.3", pkgarch:"x86_64", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2383.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2383 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-03
    plugin id137070
    published2020-06-03
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137070
    titleRHEL 6 : bind (RHSA-2020:2383)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2383. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137070);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
      script_xref(name:"RHSA", value:"2020:2383");
    
      script_name(english:"RHEL 6 : bind (RHSA-2020:2383)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:2383 advisory.
    
      - bind: BIND does not sufficiently limit the number of
        fetches performed when processing referrals
        (CVE-2020-8616)
    
      - bind: A logic error in code which checks TSIG validity
        can be used to trigger an assertion failure in tsig.c
        (CVE-2020-8617)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/617.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2383");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8616");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8617");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836118");
      script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1836124");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(400, 617);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::client");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::computenode");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6::workstation");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-utils");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'bind-9.8.2-0.68.rc1.el6_10.7', 'cpu':'i686', 'release':'6', 'epoch':'32'},
        {'reference':'bind-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390x', 'release':'6', 'epoch':'32'},
        {'reference':'bind-9.8.2-0.68.rc1.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'32'},
        {'reference':'bind-chroot-9.8.2-0.68.rc1.el6_10.7', 'cpu':'i686', 'release':'6', 'epoch':'32'},
        {'reference':'bind-chroot-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390x', 'release':'6', 'epoch':'32'},
        {'reference':'bind-chroot-9.8.2-0.68.rc1.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'32'},
        {'reference':'bind-devel-9.8.2-0.68.rc1.el6_10.7', 'cpu':'i686', 'release':'6', 'epoch':'32'},
        {'reference':'bind-devel-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390', 'release':'6', 'epoch':'32'},
        {'reference':'bind-devel-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390x', 'release':'6', 'epoch':'32'},
        {'reference':'bind-devel-9.8.2-0.68.rc1.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'32'},
        {'reference':'bind-libs-9.8.2-0.68.rc1.el6_10.7', 'cpu':'i686', 'release':'6', 'epoch':'32'},
        {'reference':'bind-libs-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390', 'release':'6', 'epoch':'32'},
        {'reference':'bind-libs-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390x', 'release':'6', 'epoch':'32'},
        {'reference':'bind-libs-9.8.2-0.68.rc1.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'32'},
        {'reference':'bind-sdb-9.8.2-0.68.rc1.el6_10.7', 'cpu':'i686', 'release':'6', 'epoch':'32'},
        {'reference':'bind-sdb-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390x', 'release':'6', 'epoch':'32'},
        {'reference':'bind-sdb-9.8.2-0.68.rc1.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'32'},
        {'reference':'bind-utils-9.8.2-0.68.rc1.el6_10.7', 'cpu':'i686', 'release':'6', 'epoch':'32'},
        {'reference':'bind-utils-9.8.2-0.68.rc1.el6_10.7', 'cpu':'s390x', 'release':'6', 'epoch':'32'},
        {'reference':'bind-utils-9.8.2-0.68.rc1.el6_10.7', 'cpu':'x86_64', 'release':'6', 'epoch':'32'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      allowmaj = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind / bind-chroot / bind-devel / etc');
    }
    
  • NASL familyDNS
    NASL idBIND9_9172.NASL
    descriptionA denial of service (DoS) vulnerability exists in ISC BIND versions 9.11.18 / 9.11.18-S1 / 9.12.4-P2 / 9.13 / 9.14.11 / 9.15 / 9.16.2 / 9.17 / 9.17.1 and earlier. An unauthenticated, remote attacker can exploit this issue, via a specially-crafted message, to cause the service to stop responding.
    last seen2020-05-31
    modified2020-05-22
    plugin id136808
    published2020-05-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136808
    titleISC BIND Denial of Service
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(136808);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/26");
    
      script_cve_id("CVE-2020-8617");
      script_xref(name:"IAVA", value:"2020-A-0217-S");
    
      script_name(english:"ISC BIND Denial of Service");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote name server is affected by an assertion failure vulnerability.");
      script_set_attribute(attribute:"description", value:
    "A denial of service (DoS) vulnerability exists in ISC BIND versions 9.11.18 / 9.11.18-S1 / 9.12.4-P2 / 9.13 / 9.14.11
    / 9.15 / 9.16.2 / 9.17 / 9.17.1 and earlier. An unauthenticated, remote attacker can exploit this issue, via a
    specially-crafted message, to cause the service to stop responding.");
      script_set_attribute(attribute:"see_also", value:"https://kb.isc.org/docs/cve-2020-8617");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to the patched release most closely related to your current version of BIND.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8616");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/22");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"DNS");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("bind_version.nasl");
      script_require_keys("bind/version");
    
      exit(0);
    }
    
    include('vcf.inc');
    include('vcf_extras.inc');
    
    vcf::bind::initialize();
    
    app_info = vcf::get_app_info(app:'BIND', port:53, kb_ver:'bind/version', service:TRUE, proto:'UDP');
    
    constraints = [
      { 'min_version' : '9.0.0', 'max_version' : '9.11.18', 'fixed_display' : '9.11.19' },
      { 'min_version' : '9.9.3-S1', 'max_version' : '9.11.18-S1', 'fixed_display' : '9.11.19-S1' },
      { 'min_version' : '9.14.0', 'max_version' : '9.14.11', 'fixed_display' : '9.14.12' },
      { 'min_version' : '9.16.0', 'max_version' : '9.16.2', 'fixed_display' : '9.16.3'},
      # The below have no fixed versions
      { 'min_version' : '9.12.0', 'max_version' : '9.12.4-P2', 'fixed_display' : 'Update to the latest available stable release' },
      { 'min_version' : '9.17.0', 'max_version' : '9.17.1', 'fixed_display' : 'Update to the latest available stable release' },
      { "min_version" : "9.13.0", "max_version" : "9.13.3" , 'fixed_display' : 'Update to the latest available stable release' },
      { "min_version" : "9.15.0", "max_version" : "9.15.7", 'fixed_display' : 'Update to the latest available stable release' }
    ];
    constraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version);
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2344.NASL
    descriptionFrom Red Hat Security Advisory 2020:2344 : The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2344 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-06-02
    plugin id137037
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137037
    titleOracle Linux 7 : bind (ELSA-2020-2344)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:2344 and 
    # Oracle Linux Security Advisory ELSA-2020-2344 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137037);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
      script_xref(name:"RHSA", value:"2020:2344");
    
      script_name(english:"Oracle Linux 7 : bind (ELSA-2020-2344)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "From Red Hat Security Advisory 2020:2344 :
    
    The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:2344 advisory.
    
      - bind: BIND does not sufficiently limit the number of
        fetches performed when processing referrals
        (CVE-2020-8616)
    
      - bind: A logic error in code which checks TSIG validity
        can be used to trigger an assertion failure in tsig.c
        (CVE-2020-8617)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2020-June/009985.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected bind packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-export-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-export-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-libs-lite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-license");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-lite-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-pkcs11-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-sdb-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bind-utils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-chroot-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-export-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-export-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-libs-lite-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-license-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-lite-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-pkcs11-utils-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-sdb-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-sdb-chroot-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"bind-utils-9.11.4-16.P2.el7_8.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-devel / bind-export-devel / etc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-2_0-0249_BINDUTILS.NASL
    descriptionAn update of the bindutils package has been released.
    last seen2020-06-10
    modified2020-06-06
    plugin id137191
    published2020-06-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137191
    titlePhoton OS 2.0: Bindutils PHSA-2020-2.0-0249
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2020-2.0-0249. The text
    # itself is copyright (C) VMware, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(137191);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/08");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
    
      script_name(english:"Photon OS 2.0: Bindutils PHSA-2020-2.0-0249");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the bindutils package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-249.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:bindutils");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", cpu:"x86_64", reference:"bindutils-9.16.3-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bindutils");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200601_BIND_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)
    last seen2020-06-06
    modified2020-06-02
    plugin id137041
    published2020-06-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137041
    titleScientific Linux Security Update : bind on SL7.x x86_64 (20200601)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(137041);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/05");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
    
      script_name(english:"Scientific Linux Security Update : bind on SL7.x x86_64 (20200601)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Security Fix(es) :
    
      - bind: BIND does not sufficiently limit the number of
        fetches performed when processing referrals
        (CVE-2020-8616)
    
      - bind: A logic error in code which checks TSIG validity
        can be used to trigger an assertion failure in tsig.c
        (CVE-2020-8617)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2006&L=SCIENTIFIC-LINUX-ERRATA&P=388
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?75e6cb87"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-export-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-export-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-libs-lite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-license");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-lite-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-sdb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:bind-utils");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/06/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-chroot-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-debuginfo-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-export-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-export-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-libs-lite-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", reference:"bind-license-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-lite-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-devel-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-libs-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-pkcs11-utils-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-sdb-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-sdb-chroot-9.11.4-16.P2.el7_8.6")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"bind-utils-9.11.4-16.P2.el7_8.6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chroot / bind-debuginfo / bind-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2020-1350-1.NASL
    descriptionThis update for bind fixes the following issues : Security issues fixed : CVE-2020-8616: Fixed the insufficient limit on the number of fetches performed when processing referrals (bsc#1171740). CVE-2020-8617: Fixed a logic error in code which checks TSIG validity (bsc#1171740). Non-security issue fixed : Fixed an invalid string comparison in the handling of cookie-secrets (bsc#1161168). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-22
    plugin id136799
    published2020-05-22
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136799
    titleSUSE SLES12 Security Update : bind (SUSE-SU-2020:1350-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2020:1350-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(136799);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/26");
    
      script_cve_id("CVE-2020-8616", "CVE-2020-8617");
      script_xref(name:"IAVA", value:"2020-A-0217-S");
    
      script_name(english:"SUSE SLES12 Security Update : bind (SUSE-SU-2020:1350-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for bind fixes the following issues :
    
    Security issues fixed :
    
    CVE-2020-8616: Fixed the insufficient limit on the number of fetches
    performed when processing referrals (bsc#1171740).
    
    CVE-2020-8617: Fixed a logic error in code which checks TSIG validity
    (bsc#1171740).
    
    Non-security issue fixed :
    
    Fixed an invalid string comparison in the handling of cookie-secrets
    (bsc#1161168).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1161168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1171740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-8616/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2020-8617/"
      );
      # https://www.suse.com/support/update/announcement/2020/suse-su-20201350-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?05d114ef"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP5 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1350=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP4 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1350=1
    
    SUSE Linux Enterprise Server 12-SP5 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1350=1
    
    SUSE Linux Enterprise Server 12-SP4 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1350=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8617");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-chrootenv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbind9");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdns169");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libdns169-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libirs160");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libirs160-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libisc166");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libisc166-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libisccc160");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libisccc160-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libisccfg160");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:liblwres160");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:liblwres160-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4/5", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", reference:"bind-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"bind-chrootenv-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"bind-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"bind-debugsource-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"bind-utils-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"bind-utils-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libbind9-160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libbind9-160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libdns169-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libdns169-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libirs160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libirs160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisc166-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisc166-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisccc160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisccc160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisccfg160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisccfg160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"liblwres160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"liblwres160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisc166-32bit-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libisc166-debuginfo-32bit-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"bind-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"bind-chrootenv-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"bind-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"bind-debugsource-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"bind-utils-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"bind-utils-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libbind9-160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libbind9-160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libdns169-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libdns169-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libirs160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libirs160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisc166-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisc166-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisccc160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisccc160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisccfg160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisccfg160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"liblwres160-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"liblwres160-debuginfo-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisc166-32bit-9.11.2-3.17.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"5", reference:"libisc166-debuginfo-32bit-9.11.2-3.17.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind");
    }
    
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL05544642.NASL
    descriptionUsing a specially crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. (CVE-2020-8617) Impact An attacker can exploit this vulnerability to trigger an assertion failure, resulting in a denial of service to clients.
    last seen2020-06-13
    modified2020-06-12
    plugin id137377
    published2020-06-12
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137377
    titleF5 Networks BIG-IP : BIND vulnerability (K05544642)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1369.NASL
    descriptionA malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.(CVE-2020-8616) Using a specially crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.(CVE-2020-8617)
    last seen2020-06-10
    modified2020-06-04
    plugin id137092
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137092
    titleAmazon Linux AMI : bind (ALAS-2020-1369)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2020-1_0-0298_BINDUTILS.NASL
    descriptionAn update of the bindutils package has been released.
    last seen2020-06-12
    modified2020-06-10
    plugin id137318
    published2020-06-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137318
    titlePhoton OS 1.0: Bindutils PHSA-2020-1.0-0298
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200603_BIND_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617)
    last seen2020-06-10
    modified2020-06-05
    plugin id137174
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137174
    titleScientific Linux Security Update : bind on SL6.x i386/x86_64 (20200603)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2338.NASL
    descriptionDescription of changes: [32:9.11.13-5] - Limit number of queries triggered by a request (CVE-2020-8616) [32:9.11.13-4] - Fix invalid tsig request (CVE-2020-8617)
    last seen2020-06-11
    modified2020-06-08
    plugin id137219
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137219
    titleOracle Linux 8 : bind (ELSA-2020-2338)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2345.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2345 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-05
    modified2020-06-03
    plugin id137063
    published2020-06-03
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137063
    titleRHEL 8 : bind (RHSA-2020:2345)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2020-0021.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.
    last seen2020-06-10
    modified2020-06-05
    plugin id137170
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137170
    titleOracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-2D89CBCFD9.NASL
    descriptionLatest security update Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2020-06-04
    plugin id137108
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137108
    titleFedora 32 : 32:bind (2020-2d89cbcfd9)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-2227.NASL
    descriptionSeveral vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches performed when processing referrals. An attacker can take advantage of this flaw to cause a denial of service (performance degradation) or use the recursing server in a reflection attack with a high amplification factor. CVE-2020-8617 It was discovered that a logic error in the code which checks TSIG validity can be used to trigger an assertion failure, resulting in denial of service. For Debian 8
    last seen2020-06-06
    modified2020-06-01
    plugin id136983
    published2020-06-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136983
    titleDebian DLA-2227-1 : bind9 security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4365-1.NASL
    descriptionLior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. (CVE-2020-8616) Tobias Klein discovered that Bind incorrectly handled checking TSIG validity. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly perform other attacks. (CVE-2020-8617). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-31
    modified2020-05-20
    plugin id136730
    published2020-05-20
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136730
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : bind9 vulnerabilities (USN-4365-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2020-F9DCD4E9D5.NASL
    descriptionLatest minor release with security updates. - [Upstream release notes](https://downloads.isc.org/isc/bind9/9.11.19/RELEA SE-NOTES-bind-9.11.19.html) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2020-06-04
    plugin id137124
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137124
    titleFedora 31 : 32:bind / bind-dyndb-ldap / dnsperf (2020-f9dcd4e9d5)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2020-2383.NASL
    descriptionFrom Red Hat Security Advisory 2020:2383 : The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2383 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-04
    plugin id137129
    published2020-06-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137129
    titleOracle Linux 6 : bind (ELSA-2020-2383)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2020-1426.NASL
    descriptionAn assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled. (CVE-2020-8617) A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)
    last seen2020-05-31
    modified2020-05-21
    plugin id136749
    published2020-05-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136749
    titleAmazon Linux 2 : bind (ALAS-2020-1426)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-2383.NASL
    descriptionThe remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2383 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-05
    plugin id137151
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137151
    titleCentOS 6 : bind (CESA-2020:2383)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2404.NASL
    descriptionThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2404 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-05
    plugin id137139
    published2020-06-05
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137139
    titleRHEL 8 : bind (RHSA-2020:2404)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-2344.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2344 advisory. - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-10
    modified2020-06-03
    plugin id137082
    published2020-06-03
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137082
    titleRHEL 7 : bind (RHSA-2020:2344)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/157836/bindtsig-dos.txt
idPACKETSTORM:157836
last seen2020-05-28
published2020-05-27
reporterTeppei Fukuda
sourcehttps://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html
titleBIND TSIG Denial Of Service

Redhat

advisories
  • bugzilla
    id1836124
    titleCVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentpython3-bind is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338001
          • commentpython3-bind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191145008
        • AND
          • commentbind-license is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338003
          • commentbind-license is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767022
        • AND
          • commentbind-debugsource is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338005
          • commentbind-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191145004
        • AND
          • commentbind-utils is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338007
          • commentbind-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651012
        • AND
          • commentbind-sdb-chroot is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338009
          • commentbind-sdb-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767018
        • AND
          • commentbind-sdb is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338011
          • commentbind-sdb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651002
        • AND
          • commentbind-pkcs11-utils is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338013
          • commentbind-pkcs11-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767014
        • AND
          • commentbind-pkcs11-libs is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338015
          • commentbind-pkcs11-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767006
        • AND
          • commentbind-pkcs11-devel is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338017
          • commentbind-pkcs11-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767004
        • AND
          • commentbind-pkcs11 is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338019
          • commentbind-pkcs11 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767020
        • AND
          • commentbind-lite-devel is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338021
          • commentbind-lite-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767016
        • AND
          • commentbind-libs-lite is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338023
          • commentbind-libs-lite is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767024
        • AND
          • commentbind-libs is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338025
          • commentbind-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651010
        • AND
          • commentbind-devel is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338027
          • commentbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651004
        • AND
          • commentbind-chroot is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338029
          • commentbind-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651008
        • AND
          • commentbind is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338031
          • commentbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651006
        • AND
          • commentbind-export-libs is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338033
          • commentbind-export-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191145002
        • AND
          • commentbind-export-devel is earlier than 32:9.11.13-5.el8_2
            ovaloval:com.redhat.rhsa:tst:20202338035
          • commentbind-export-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191145006
    rhsa
    idRHSA-2020:2338
    released2020-05-28
    severityImportant
    titleRHSA-2020:2338: bind security update (Important)
  • bugzilla
    id1836124
    titleCVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentbind-sdb-chroot is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344001
          • commentbind-sdb-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767018
        • AND
          • commentbind-sdb is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344003
          • commentbind-sdb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651002
        • AND
          • commentbind-pkcs11-devel is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344005
          • commentbind-pkcs11-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767004
        • AND
          • commentbind-lite-devel is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344007
          • commentbind-lite-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767016
        • AND
          • commentbind-export-devel is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344009
          • commentbind-export-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191145006
        • AND
          • commentbind-devel is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344011
          • commentbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651004
        • AND
          • commentbind-license is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344013
          • commentbind-license is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767022
        • AND
          • commentbind-utils is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344015
          • commentbind-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651012
        • AND
          • commentbind-libs-lite is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344017
          • commentbind-libs-lite is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767024
        • AND
          • commentbind-libs is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344019
          • commentbind-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651010
        • AND
          • commentbind-export-libs is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344021
          • commentbind-export-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191145002
        • AND
          • commentbind-pkcs11-utils is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344023
          • commentbind-pkcs11-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767014
        • AND
          • commentbind-pkcs11-libs is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344025
          • commentbind-pkcs11-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767006
        • AND
          • commentbind-pkcs11 is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344027
          • commentbind-pkcs11 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20171767020
        • AND
          • commentbind-chroot is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344029
          • commentbind-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651008
        • AND
          • commentbind is earlier than 32:9.11.4-16.P2.el7_8.6
            ovaloval:com.redhat.rhsa:tst:20202344031
          • commentbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651006
    rhsa
    idRHSA-2020:2344
    released2020-06-01
    severityImportant
    titleRHSA-2020:2344: bind security update (Important)
  • bugzilla
    id1836124
    titleCVE-2020-8617 bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentbind-utils is earlier than 32:9.8.2-0.68.rc1.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20202383001
          • commentbind-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651012
        • AND
          • commentbind-libs is earlier than 32:9.8.2-0.68.rc1.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20202383003
          • commentbind-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651010
        • AND
          • commentbind-chroot is earlier than 32:9.8.2-0.68.rc1.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20202383005
          • commentbind-chroot is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651008
        • AND
          • commentbind is earlier than 32:9.8.2-0.68.rc1.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20202383007
          • commentbind is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651006
        • AND
          • commentbind-sdb is earlier than 32:9.8.2-0.68.rc1.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20202383009
          • commentbind-sdb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651002
        • AND
          • commentbind-devel is earlier than 32:9.8.2-0.68.rc1.el6_10.7
            ovaloval:com.redhat.rhsa:tst:20202383011
          • commentbind-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20170651004
    rhsa
    idRHSA-2020:2383
    released2020-06-03
    severityImportant
    titleRHSA-2020:2383: bind security update (Important)
rpms
  • bind-32:9.11.13-5.el8_2
  • bind-chroot-32:9.11.13-5.el8_2
  • bind-debuginfo-32:9.11.13-5.el8_2
  • bind-debugsource-32:9.11.13-5.el8_2
  • bind-devel-32:9.11.13-5.el8_2
  • bind-export-devel-32:9.11.13-5.el8_2
  • bind-export-libs-32:9.11.13-5.el8_2
  • bind-export-libs-debuginfo-32:9.11.13-5.el8_2
  • bind-libs-32:9.11.13-5.el8_2
  • bind-libs-debuginfo-32:9.11.13-5.el8_2
  • bind-libs-lite-32:9.11.13-5.el8_2
  • bind-libs-lite-debuginfo-32:9.11.13-5.el8_2
  • bind-license-32:9.11.13-5.el8_2
  • bind-lite-devel-32:9.11.13-5.el8_2
  • bind-pkcs11-32:9.11.13-5.el8_2
  • bind-pkcs11-debuginfo-32:9.11.13-5.el8_2
  • bind-pkcs11-devel-32:9.11.13-5.el8_2
  • bind-pkcs11-libs-32:9.11.13-5.el8_2
  • bind-pkcs11-libs-debuginfo-32:9.11.13-5.el8_2
  • bind-pkcs11-utils-32:9.11.13-5.el8_2
  • bind-pkcs11-utils-debuginfo-32:9.11.13-5.el8_2
  • bind-sdb-32:9.11.13-5.el8_2
  • bind-sdb-chroot-32:9.11.13-5.el8_2
  • bind-sdb-debuginfo-32:9.11.13-5.el8_2
  • bind-utils-32:9.11.13-5.el8_2
  • bind-utils-debuginfo-32:9.11.13-5.el8_2
  • python3-bind-32:9.11.13-5.el8_2
  • bind-32:9.11.4-16.P2.el7_8.6
  • bind-chroot-32:9.11.4-16.P2.el7_8.6
  • bind-debuginfo-32:9.11.4-16.P2.el7_8.6
  • bind-devel-32:9.11.4-16.P2.el7_8.6
  • bind-export-devel-32:9.11.4-16.P2.el7_8.6
  • bind-export-libs-32:9.11.4-16.P2.el7_8.6
  • bind-libs-32:9.11.4-16.P2.el7_8.6
  • bind-libs-lite-32:9.11.4-16.P2.el7_8.6
  • bind-license-32:9.11.4-16.P2.el7_8.6
  • bind-lite-devel-32:9.11.4-16.P2.el7_8.6
  • bind-pkcs11-32:9.11.4-16.P2.el7_8.6
  • bind-pkcs11-devel-32:9.11.4-16.P2.el7_8.6
  • bind-pkcs11-libs-32:9.11.4-16.P2.el7_8.6
  • bind-pkcs11-utils-32:9.11.4-16.P2.el7_8.6
  • bind-sdb-32:9.11.4-16.P2.el7_8.6
  • bind-sdb-chroot-32:9.11.4-16.P2.el7_8.6
  • bind-utils-32:9.11.4-16.P2.el7_8.6
  • bind-32:9.11.4-26.P2.el8_1.3
  • bind-chroot-32:9.11.4-26.P2.el8_1.3
  • bind-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-debugsource-32:9.11.4-26.P2.el8_1.3
  • bind-devel-32:9.11.4-26.P2.el8_1.3
  • bind-export-devel-32:9.11.4-26.P2.el8_1.3
  • bind-export-libs-32:9.11.4-26.P2.el8_1.3
  • bind-export-libs-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-libs-32:9.11.4-26.P2.el8_1.3
  • bind-libs-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-libs-lite-32:9.11.4-26.P2.el8_1.3
  • bind-libs-lite-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-license-32:9.11.4-26.P2.el8_1.3
  • bind-lite-devel-32:9.11.4-26.P2.el8_1.3
  • bind-pkcs11-32:9.11.4-26.P2.el8_1.3
  • bind-pkcs11-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-pkcs11-devel-32:9.11.4-26.P2.el8_1.3
  • bind-pkcs11-libs-32:9.11.4-26.P2.el8_1.3
  • bind-pkcs11-libs-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-pkcs11-utils-32:9.11.4-26.P2.el8_1.3
  • bind-pkcs11-utils-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-sdb-32:9.11.4-26.P2.el8_1.3
  • bind-sdb-chroot-32:9.11.4-26.P2.el8_1.3
  • bind-sdb-debuginfo-32:9.11.4-26.P2.el8_1.3
  • bind-utils-32:9.11.4-26.P2.el8_1.3
  • bind-utils-debuginfo-32:9.11.4-26.P2.el8_1.3
  • python3-bind-32:9.11.4-26.P2.el8_1.3
  • bind-32:9.8.2-0.68.rc1.el6_10.7
  • bind-chroot-32:9.8.2-0.68.rc1.el6_10.7
  • bind-debuginfo-32:9.8.2-0.68.rc1.el6_10.7
  • bind-devel-32:9.8.2-0.68.rc1.el6_10.7
  • bind-libs-32:9.8.2-0.68.rc1.el6_10.7
  • bind-sdb-32:9.8.2-0.68.rc1.el6_10.7
  • bind-utils-32:9.8.2-0.68.rc1.el6_10.7
  • bind-32:9.11.4-19.P2.el8_0
  • bind-chroot-32:9.11.4-19.P2.el8_0
  • bind-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-debugsource-32:9.11.4-19.P2.el8_0
  • bind-devel-32:9.11.4-19.P2.el8_0
  • bind-export-devel-32:9.11.4-19.P2.el8_0
  • bind-export-libs-32:9.11.4-19.P2.el8_0
  • bind-export-libs-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-libs-32:9.11.4-19.P2.el8_0
  • bind-libs-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-libs-lite-32:9.11.4-19.P2.el8_0
  • bind-libs-lite-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-license-32:9.11.4-19.P2.el8_0
  • bind-lite-devel-32:9.11.4-19.P2.el8_0
  • bind-pkcs11-32:9.11.4-19.P2.el8_0
  • bind-pkcs11-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-pkcs11-devel-32:9.11.4-19.P2.el8_0
  • bind-pkcs11-libs-32:9.11.4-19.P2.el8_0
  • bind-pkcs11-libs-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-pkcs11-utils-32:9.11.4-19.P2.el8_0
  • bind-pkcs11-utils-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-sdb-32:9.11.4-19.P2.el8_0
  • bind-sdb-chroot-32:9.11.4-19.P2.el8_0
  • bind-sdb-debuginfo-32:9.11.4-19.P2.el8_0
  • bind-utils-32:9.11.4-19.P2.el8_0
  • bind-utils-debuginfo-32:9.11.4-19.P2.el8_0
  • python3-bind-32:9.11.4-19.P2.el8_0

References