ID CVE-2019-10191 Type cve Reporter cve@mitre.org Modified 2020-02-18T21:15:00
Description
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
{"fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10190", "CVE-2019-10191"], "description": "The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd(a)1.service ", "modified": "2019-07-19T03:07:18", "published": "2019-07-19T03:07:18", "id": "FEDORA:4DA1D6186C6F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: knot-resolver-4.1.0-1.fc29", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2019-10190", "CVE-2019-10191"], "description": "The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd(a)1.service ", "modified": "2019-07-19T01:11:17", "published": "2019-07-19T01:11:17", "id": "FEDORA:B6938642A144", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: knot-resolver-4.1.0-1.fc30", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-01T02:20:54", "description": " - fixes security issues CVE-2019-10190 and CVE-2019-10191\n\n- https://lists.nic.cz/pipermail/knot-resolver-announce/2019/000009.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-07-19T00:00:00", "title": "Fedora 29 : knot-resolver (2019-20f95b0b39)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10190", "CVE-2019-10191"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:knot-resolver"], "id": "FEDORA_2019-20F95B0B39.NASL", "href": "https://www.tenable.com/plugins/nessus/126796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-20f95b0b39.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126796);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-10190\", \"CVE-2019-10191\");\n script_xref(name:\"FEDORA\", value:\"2019-20f95b0b39\");\n\n script_name(english:\"Fedora 29 : knot-resolver (2019-20f95b0b39)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fixes security issues CVE-2019-10190 and CVE-2019-10191\n\n- https://lists.nic.cz/pipermail/knot-resolver-announce/2019/000009.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-20f95b0b39\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.nic.cz/pipermail/knot-resolver-announce/2019/000009.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected knot-resolver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:knot-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"knot-resolver-4.1.0-1.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"knot-resolver\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T02:28:22", "description": " - fixes security issues CVE-2019-10190 and CVE-2019-10191\n\n- https://lists.nic.cz/pipermail/knot-resolver-announce/2019/000009.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-07-19T00:00:00", "title": "Fedora 30 : knot-resolver (2019-fdb50c675d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10190", "CVE-2019-10191"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:30", "p-cpe:/a:fedoraproject:fedora:knot-resolver"], "id": "FEDORA_2019-FDB50C675D.NASL", "href": "https://www.tenable.com/plugins/nessus/126805", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-fdb50c675d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126805);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2019-10190\", \"CVE-2019-10191\");\n script_xref(name:\"FEDORA\", value:\"2019-fdb50c675d\");\n\n script_name(english:\"Fedora 30 : knot-resolver (2019-fdb50c675d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fixes security issues CVE-2019-10190 and CVE-2019-10191\n\n- https://lists.nic.cz/pipermail/knot-resolver-announce/2019/000009.html\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-fdb50c675d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected knot-resolver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:knot-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"knot-resolver-4.1.0-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"knot-resolver\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-12-20T19:00:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10190", "CVE-2019-10191"], "description": "Knot Resolver is prone to multiple vulnerabilities.", "modified": "2019-12-19T00:00:00", "published": "2019-07-22T00:00:00", "id": "OPENVAS:1361412562310113449", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113449", "type": "openvas", "title": "Knot Resolver < 4.1.0 Multiple Vulnerabilities", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113449\");\n script_version(\"2019-12-19T09:16:40+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-19 09:16:40 +0000 (Thu, 19 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-22 15:39:45 +0000 (Mon, 22 Jul 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2019-10190\", \"CVE-2019-10191\");\n\n script_name(\"Knot Resolver < 4.1.0 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_knot_resolver_detect.nasl\");\n script_mandatory_keys(\"knot/resolver/detected\");\n\n script_tag(name:\"summary\", value:\"Knot Resolver is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - The NXDOMAIN answer could get passed through to the client\n if its DNSSEC validation failed, instead of sending a SERVFAIL packet.\n\n - Remote attackers can downgrade DNSSEC-secure domains, to an DNSSEC-insecure state,\n opening a possibility of domain hijacking using attacks against insecure DNS protocol.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow an attacker to poison the DNS cache or hijack the domain.\");\n\n script_tag(name:\"affected\", value:\"knot resolver through version 4.0.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.1.0.\");\n\n script_xref(name:\"URL\", value:\"https://www.knot-resolver.cz/2019-07-10-knot-resolver-4.1.0.html\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10190\");\n script_xref(name:\"URL\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10191\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:nic:knot_resolver\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"4.1.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.1.0\", install_path: location );\n security_message( data: report, port: 0 );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-26T11:48:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10190", "CVE-2019-10191"], "description": "The remote host is missing an update for the ", "modified": "2019-07-25T00:00:00", "published": "2019-07-20T00:00:00", "id": "OPENVAS:1361412562310876591", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876591", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2019-20f95b0b39", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876591\");\n script_version(\"2019-07-25T11:54:35+0000\");\n script_cve_id(\"CVE-2019-10190\", \"CVE-2019-10191\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-25 11:54:35 +0000 (Thu, 25 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-20 02:15:21 +0000 (Sat, 20 Jul 2019)\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2019-20f95b0b39\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-20f95b0b39\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMSSWBHINIX4WE6UDXWM66L7JYEK6XS6\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the FEDORA-2019-20f95b0b39 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Knot Resolver is a DNSSEC-enabled caching full resolver implementation\nwritten in C and LuaJIT, including both a resolver library and a daemon.\nModular architecture of the library keeps the core tiny and efficient, and\nprovides a state-machine like API for extensions.\n\nThe package is pre-configured as local caching resolver.\nTo start using it, start a single kresd instance:\n$ systemctl start kresd(a)1.service\");\n\n script_tag(name:\"affected\", value:\"'knot-resolver' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~4.1.0~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-07-26T11:47:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-10190", "CVE-2019-10191"], "description": "The remote host is missing an update for the ", "modified": "2019-07-25T00:00:00", "published": "2019-07-20T00:00:00", "id": "OPENVAS:1361412562310876587", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876587", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2019-fdb50c675d", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876587\");\n script_version(\"2019-07-25T11:54:35+0000\");\n script_cve_id(\"CVE-2019-10190\", \"CVE-2019-10191\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2019-07-25 11:54:35 +0000 (Thu, 25 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-20 02:15:17 +0000 (Sat, 20 Jul 2019)\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2019-fdb50c675d\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-fdb50c675d\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VZV5YZZ5766UIG2TFLFJL6EESQNAP5X5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the FEDORA-2019-fdb50c675d advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Knot Resolver is a DNSSEC-enabled caching full resolver implementation\nwritten in C and LuaJIT, including both a resolver library and a daemon.\nModular architecture of the library keeps the core tiny and efficient, and\nprovides a state-machine like API for extensions.\n\nThe package is pre-configured as local caching resolver.\nTo start using it, start a single kresd instance:\n$ systemctl start kresd(a)1.service\");\n\n script_tag(name:\"affected\", value:\"'knot-resolver' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~4.1.0~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}]}
