BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.
{"nessus": [{"lastseen": "2021-08-19T12:33:49", "description": "Improper fetch cleanup sequencing in the resolver can cause named to crash :\n\nA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3145)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-02-22T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : bind (ALAS-2018-954)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-02-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bind", "p-cpe:/a:amazon:linux:bind-chroot", "p-cpe:/a:amazon:linux:bind-debuginfo", "p-cpe:/a:amazon:linux:bind-devel", "p-cpe:/a:amazon:linux:bind-libs", "p-cpe:/a:amazon:linux:bind-sdb", "p-cpe:/a:amazon:linux:bind-utils", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-954.NASL", "href": "https://www.tenable.com/plugins/nessus/106931", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-954.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106931);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/02/12 9:22:59\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"ALAS\", value:\"2018-954\");\n\n script_name(english:\"Amazon Linux AMI : bind (ALAS-2018-954)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Improper fetch cleanup sequencing in the resolver can cause named to\ncrash :\n\nA use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS\nrequest.(CVE-2017-3145)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-954.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update bind' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"bind-9.8.2-0.62.rc1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-chroot-9.8.2-0.62.rc1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-debuginfo-9.8.2-0.62.rc1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-devel-9.8.2-0.62.rc1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-libs-9.8.2-0.62.rc1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-sdb-9.8.2-0.62.rc1.57.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-utils-9.8.2-0.62.rc1.57.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:51", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : bind (EulerOS-SA-2018-1038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-pkcs11-libs", "p-cpe:/a:huawei:euleros:bind-pkcs11-utils", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1038.NASL", "href": "https://www.tenable.com/plugins/nessus/106766", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106766);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3145\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : bind (EulerOS-SA-2018-1038)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request. (CVE-2017-3145)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1038\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0075751\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.9.4-51.2.h1\",\n \"bind-chroot-9.9.4-51.2.h1\",\n \"bind-libs-9.9.4-51.2.h1\",\n \"bind-libs-lite-9.9.4-51.2.h1\",\n \"bind-license-9.9.4-51.2.h1\",\n \"bind-pkcs11-9.9.4-51.2.h1\",\n \"bind-pkcs11-libs-9.9.4-51.2.h1\",\n \"bind-pkcs11-utils-9.9.4-51.2.h1\",\n \"bind-utils-9.9.4-51.2.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:42", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-02-13T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : bind (EulerOS-SA-2018-1037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1037.NASL", "href": "https://www.tenable.com/plugins/nessus/106765", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106765);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3145\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : bind (EulerOS-SA-2018-1037)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request. (CVE-2017-3145)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1037\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?14bc8a1e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.9.4-51.2\",\n \"bind-chroot-9.9.4-51.2\",\n \"bind-libs-9.9.4-51.2\",\n \"bind-libs-lite-9.9.4-51.2\",\n \"bind-license-9.9.4-51.2\",\n \"bind-utils-9.9.4-51.2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:01", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix (CVE-2017-3145)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-24T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0014.NASL", "href": "https://www.tenable.com/plugins/nessus/106291", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0014.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106291);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0014)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix (CVE-2017-3145)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000824.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd2d1749\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000825.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46652241\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:01", "description": "Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-17T00:00:00", "type": "nessus", "title": "Debian DSA-4089-1 : bind9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-02-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4089.NASL", "href": "https://www.tenable.com/plugins/nessus/106076", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4089. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106076);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/02/12 9:22:59\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"DSA\", value:\"4089\");\n\n script_name(english:\"Debian DSA-4089-1 : bind9 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading\nin some cases to a use-after-free error, triggering an assertion\nfailure and crash in named.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4089\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bind9 packages.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:9.9.5.dfsg-9+deb8u15.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"bind9\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-doc\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-host\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9utils\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"dnsutils\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"host\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-dev\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-export-dev\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind9-90\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns100\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc95\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccc90\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg90\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"liblwres90\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lwresd\", reference:\"1:9.9.5.dfsg-9+deb8u15\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9-doc\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9-host\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9utils\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"dnsutils\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"host\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind-dev\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind-export-dev\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind9-140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns-export162\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns-export162-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns162\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs-export141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs-export141-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc-export160\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc-export160-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc160\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc-export140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc-export140-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg-export140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg-export140-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblwres141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lwresd\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:12", "description": "According to its self-reported version, the instance of ISC BIND 9 running on the remote name server is 9.9.x prior to 9.9.11-S2 or 9.9.11-P1, 9.10.x prior to 9.10.6-S2 or 9.10.6-P1, or 9.11.x prior to 9.11.2-P1. It is, therefore, affected by a remote denial of service vulnerability.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "ISC BIND 9 < 9.9.11-P1 / 9.9.11-S2 / 9.10.6-P1 / 9.10.6-S2 / 9.11.2-P1 / 9.12.0rc2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND9_CVE-2017-3145.NASL", "href": "https://www.tenable.com/plugins/nessus/106200", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106200);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_bugtraq_id(102716);\n\n script_name(english:\"ISC BIND 9 < 9.9.11-P1 / 9.9.11-S2 / 9.10.6-P1 / 9.10.6-S2 / 9.11.2-P1 / 9.12.0rc2 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of BIND.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote name server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, the instance of ISC BIND 9\nrunning on the remote name server is 9.9.x prior to 9.9.11-S2 or\n9.9.11-P1, 9.10.x prior to 9.10.6-S2 or 9.10.6-P1, or 9.11.x prior to\n9.11.2-P1. It is, therefore, affected by a remote denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/article/AA-01542\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ISC BIND version 9.9.11-P1 / 9.9.11-S2 / 9.10.6-P1 / \n9.10.6-S2 / 9.11.2-P1 / 9.12.0rc2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3145\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bind_version.nasl\");\n script_require_keys(\"bind/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"bind/version\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (\n # 9.9.0 - 9.9.9\n ver =~ \"^9\\.9\\.[0-9]($|[^0-9])\" ||\n # 9.9.10 - 9.9.11-P1|S2\n ver =~ \"^9\\.9\\.1[0-1]((-P[0])|(-S[0-1]))?$\" ||\n # 9.9.10 <= 9.9.10-P2/9.9.10-S3\n ver =~ \"^9\\.9\\.10((([ab]|beta|rc)[0-9]*)|(-P[0-1])|(-S[0-2]))?$\" ||\n\n # 9.10.0 - 9.10.5\n ver =~ \"^9\\.10\\.[0-5]($|[^0-9])\" ||\n # 9.10.5 <= 9.10.6-P1/9.10.6-S2\n ver =~ \"^9\\.10\\.6((([ab]|beta|rc)[0-9]*)|(-P[0])|(-S[0-1]))?$\" ||\n\n # 9.11.0\n ver =~ \"^9\\.11\\.[0-1]($|[^0-9])\" ||\n # 9.11.2.x <= 9.11.2-P1\n ver =~ \"^9\\.11\\.2((([ab]|beta|rc)[0-9]*)|(-P[0]))?$\" ||\n # 9.12.0.rcx <= 9.12.0rc2\n ver =~ \"^9\\.12\\.0((([ab]|beta|rc)[0-1]*))?$\" \n)\n{\n items = make_array(\n \"Installed version\", ver,\n \"Fixed version\", \"9.9.11-P1 / 9.9.11-S2 / 9.10.6-P1 / 9.10.6-S2 / 9.11.2-P1 / 9.12.0rc2\"\n );\n order = make_list(\"Installed version\", \"Fixed version\");\n security_report_v4(\n severity:SECURITY_WARNING,\n port:53,\n proto:\"udp\",\n extra:report_items_str(\n report_items:items,\n ordered_fields:order\n )\n );\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"BIND\", 53, ver, \"UDP\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:12", "description": "New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-18T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2018-017-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-02-12T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:bind", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-017-01.NASL", "href": "https://www.tenable.com/plugins/nessus/106106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-017-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106106);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/02/12 9:22:59\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"SSA\", value:\"2018-017-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : bind (SSA:2018-017-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bind packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, 14.2, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.552055\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?799844e4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.11_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"bind\", pkgver:\"9.10.6_P1\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.10.6_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"bind\", pkgver:\"9.11.2_P1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.11.2_P1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:16", "description": "Security Fix(es) :\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL7.x x86_64 (20180122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:bind-libs-lite", "p-cpe:/a:fermilab:scientific_linux:bind-license", "p-cpe:/a:fermilab:scientific_linux:bind-lite-devel", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180122_BIND_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/106258", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106258);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL7.x x86_64 (20180122)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request. (CVE-2017-3145)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=7212\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb88a03d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"bind-license-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-51.el7_4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:20:24", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has bind packages installed that are affected by a vulnerability:\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0123)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0123_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/127370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0123. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127370);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_bugtraq_id(102716);\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0123)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has bind packages installed that are affected by a\nvulnerability:\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request. (CVE-2017-3145)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0123\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3145\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"bind-9.8.2-0.62.rc1.el6_9.5\",\n \"bind-chroot-9.8.2-0.62.rc1.el6_9.5\",\n \"bind-debuginfo-9.8.2-0.62.rc1.el6_9.5\",\n \"bind-devel-9.8.2-0.62.rc1.el6_9.5\",\n \"bind-libs-9.8.2-0.62.rc1.el6_9.5\",\n \"bind-sdb-9.8.2-0.62.rc1.el6_9.5\",\n \"bind-utils-9.8.2-0.62.rc1.el6_9.5\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:39", "description": "An update for bind is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-13T00:00:00", "type": "nessus", "title": "RHEL 7 : bind (RHSA-2018:0488)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3"], "id": "REDHAT-RHSA-2018-0488.NASL", "href": "https://www.tenable.com/plugins/nessus/108277", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0488. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108277);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0488\");\n\n script_name(english:\"RHEL 7 : bind (RHSA-2018:0488)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended\nUpdate Support, Red Hat Enterprise Linux 7.2 Update Services for SAP\nSolutions, and Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Improper fetch cleanup sequencing in the resolver can cause\nnamed to crash (CVE-2017-3145)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3145\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7\\.2|7\\.3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2 / 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0488\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"bind-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"bind-chroot-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"bind-debuginfo-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"i686\", reference:\"bind-debuginfo-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"bind-devel-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"i686\", reference:\"bind-devel-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"bind-libs-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"i686\", reference:\"bind-libs-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"bind-libs-lite-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"i686\", reference:\"bind-libs-lite-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"bind-lite-devel-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"i686\", reference:\"bind-lite-devel-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"bind-pkcs11-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"bind-pkcs11-devel-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"i686\", reference:\"bind-pkcs11-devel-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"bind-pkcs11-libs-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"i686\", reference:\"bind-pkcs11-libs-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"bind-sdb-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-29.el7_2.8\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"bind-utils-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-50.el7_3.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-29.el7_2.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:04", "description": "Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server implementation, was improperly sequencing cleanup operations, leading in some cases to a use-after-free error, triggering an assertion failure and crash in named.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1:9.8.4.dfsg.P1-6+nmu2+deb7u19.\n\nWe recommend that you upgrade your bind9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-22T00:00:00", "type": "nessus", "title": "Debian DLA-1255-1 : bind9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "p-cpe:/a:debian:debian_linux:bind9-doc", "p-cpe:/a:debian:debian_linux:bind9-host", "p-cpe:/a:debian:debian_linux:bind9utils", "p-cpe:/a:debian:debian_linux:dnsutils", "p-cpe:/a:debian:debian_linux:host", "p-cpe:/a:debian:debian_linux:libbind-dev", "p-cpe:/a:debian:debian_linux:libbind9-80", "p-cpe:/a:debian:debian_linux:libdns88", "p-cpe:/a:debian:debian_linux:libisc84", "p-cpe:/a:debian:debian_linux:libisccc80", "p-cpe:/a:debian:debian_linux:libisccfg82", "p-cpe:/a:debian:debian_linux:liblwres80", "p-cpe:/a:debian:debian_linux:lwresd", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1255.NASL", "href": "https://www.tenable.com/plugins/nessus/106211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1255-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106211);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"Debian DLA-1255-1 : bind9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading\nin some cases to a use-after-free error, triggering an assertion\nfailure and crash in named.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1:9.8.4.dfsg.P1-6+nmu2+deb7u19.\n\nWe recommend that you upgrade your bind9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/bind9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dnsutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind9-80\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns88\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc84\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccc80\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg82\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblwres80\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"bind9\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9-doc\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9-host\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9utils\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"dnsutils\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"host\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbind-dev\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbind9-80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libdns88\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisc84\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisccc80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisccfg82\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"liblwres80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lwresd\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:20", "description": "Jayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-18T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : bind9 vulnerability (USN-3535-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bind9", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3535-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106135", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3535-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106135);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"USN\", value:\"3535-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : bind9 vulnerability (USN-3535-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jayachandran Palanisamy discovered that the Bind resolver incorrectly\nhandled fetch cleanup sequencing. A remote attacker could possibly use\nthis issue to cause Bind to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3535-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind9 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bind9\", pkgver:\"1:9.9.5.dfsg-3ubuntu0.17\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"bind9\", pkgver:\"1:9.10.3.dfsg.P4-8ubuntu1.10\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"bind9\", pkgver:\"1:9.10.3.dfsg.P4-12.6ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind9\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:16", "description": "From Red Hat Security Advisory 2018:0102 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : bind (ELSA-2018-0102)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind", "p-cpe:/a:oracle:linux:bind-chroot", "p-cpe:/a:oracle:linux:bind-devel", "p-cpe:/a:oracle:linux:bind-libs", "p-cpe:/a:oracle:linux:bind-libs-lite", "p-cpe:/a:oracle:linux:bind-license", "p-cpe:/a:oracle:linux:bind-lite-devel", "p-cpe:/a:oracle:linux:bind-pkcs11", "p-cpe:/a:oracle:linux:bind-pkcs11-devel", "p-cpe:/a:oracle:linux:bind-pkcs11-libs", "p-cpe:/a:oracle:linux:bind-pkcs11-utils", "p-cpe:/a:oracle:linux:bind-sdb", "p-cpe:/a:oracle:linux:bind-sdb-chroot", "p-cpe:/a:oracle:linux:bind-utils", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-0102.NASL", "href": "https://www.tenable.com/plugins/nessus/106240", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0102 and \n# Oracle Linux Security Advisory ELSA-2018-0102 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106240);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0102\");\n\n script_name(english:\"Oracle Linux 7 : bind (ELSA-2018-0102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0102 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-January/007468.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-license-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-51.el7_4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-libs-lite / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:05", "description": "An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "CentOS 6 : bind (CESA-2018:0101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-chroot", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-utils", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2018-0101.NASL", "href": "https://www.tenable.com/plugins/nessus/106233", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0101 and \n# CentOS Errata and Security Advisory 2018:0101 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106233);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0101\");\n\n script_name(english:\"CentOS 6 : bind (CESA-2018:0101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-January/022714.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc95ea16\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3145\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-chroot-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-devel-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-sdb-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-sdb / bind-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:20", "description": "An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "RHEL 6 : bind (RHSA-2018:0101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0101.NASL", "href": "https://www.tenable.com/plugins/nessus/106244", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0101. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106244);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0101\");\n\n script_name(english:\"RHEL 6 : bind (RHSA-2018:0101)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n # https://kb.isc.org/article/AA-01542\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3145\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0101\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-chroot-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-chroot-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bind-debuginfo-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bind-devel-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-sdb-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-sdb-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:48", "description": "This update for bind fixes several issues.\n\nThis security issue was fixed :\n\n - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118).\n\nThese non-security issues were fixed :\n\n - Updated named.root file (bsc#1040039)\n\n - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-02-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2018-114)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-libs", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-114.NASL", "href": "https://www.tenable.com/plugins/nessus/106545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-114.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106545);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2018-114)\");\n script_summary(english:\"Check for the openSUSE-2018-114 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bind fixes several issues.\n\nThis security issue was fixed :\n\n - CVE-2017-3145: Improper sequencing during cleanup could\n have lead to a use-after-free error that triggered an\n assertion failure and crash in named (bsc#1076118).\n\nThese non-security issues were fixed :\n\n - Updated named.root file (bsc#1040039)\n\n - Update bind.keys for DNSSEC root KSK rollover\n (bsc#1047184)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076118\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-chrootenv-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-debuginfo-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-debugsource-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-devel-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-libs-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-libs-debuginfo-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-lwresd-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-lwresd-debuginfo-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-utils-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-utils-debuginfo-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.9P1-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-53.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:17", "description": "From Red Hat Security Advisory 2018:0101 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : bind (ELSA-2018-0101)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind", "p-cpe:/a:oracle:linux:bind-chroot", "p-cpe:/a:oracle:linux:bind-devel", "p-cpe:/a:oracle:linux:bind-libs", "p-cpe:/a:oracle:linux:bind-sdb", "p-cpe:/a:oracle:linux:bind-utils", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2018-0101.NASL", "href": "https://www.tenable.com/plugins/nessus/106239", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0101 and \n# Oracle Linux Security Advisory ELSA-2018-0101 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106239);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0101\");\n\n script_name(english:\"Oracle Linux 6 : bind (ELSA-2018-0101)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0101 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-January/007469.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"bind-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-chroot-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-devel-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-sdb-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-sdb / bind-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:20:20", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has bind packages installed that are affected by a vulnerability:\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 5.04 : bind Vulnerability (NS-SA-2019-0011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0011_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/127159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0011. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127159);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_bugtraq_id(102716);\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : bind Vulnerability (NS-SA-2019-0011)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has bind packages installed that are affected by a\nvulnerability:\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request. (CVE-2017-3145)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3145\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"bind-9.9.4-51.el7_4.2\",\n \"bind-chroot-9.9.4-51.el7_4.2\",\n \"bind-debuginfo-9.9.4-51.el7_4.2\",\n \"bind-devel-9.9.4-51.el7_4.2\",\n \"bind-libs-9.9.4-51.el7_4.2\",\n \"bind-libs-lite-9.9.4-51.el7_4.2\",\n \"bind-license-9.9.4-51.el7_4.2\",\n \"bind-lite-devel-9.9.4-51.el7_4.2\",\n \"bind-pkcs11-9.9.4-51.el7_4.2\",\n \"bind-pkcs11-devel-9.9.4-51.el7_4.2\",\n \"bind-pkcs11-libs-9.9.4-51.el7_4.2\",\n \"bind-pkcs11-utils-9.9.4-51.el7_4.2\",\n \"bind-sdb-9.9.4-51.el7_4.2\",\n \"bind-sdb-chroot-9.9.4-51.el7_4.2\",\n \"bind-utils-9.9.4-51.el7_4.2\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:53", "description": "This update for bind fixes several issues. This security issue was fixed :\n\n - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2018:0303-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-libs-debuginfo", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0303-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106531", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0303-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106531);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2018:0303-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes several issues. This security issue was\nfixed :\n\n - CVE-2017-3145: Improper sequencing during cleanup could\n have lead to a use-after-free error that triggered an\n assertion failure and crash in named (bsc#1076118).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3145/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180303-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?506c481f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-220=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-220=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-220=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-220=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2018-220=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-220=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-220=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-220=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-220=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2018-220=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-chrootenv-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-debugsource-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-devel-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-libs-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-libs-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-libs-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-utils-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"bind-utils-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-chrootenv-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-debugsource-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-libs-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-libs-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-libs-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-utils-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"bind-utils-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-chrootenv-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-debugsource-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-libs-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-libs-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-libs-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-utils-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"bind-utils-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-debugsource-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-utils-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-utils-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-debugsource-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-utils-9.9.9P1-63.7.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-utils-debuginfo-9.9.9P1-63.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:32:47", "description": "Improper fetch cleanup sequencing in the resolver can cause named to crash\n\nA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-04-18T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : bind (ALAS-2018-954)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-02-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bind", "p-cpe:/a:amazon:linux:bind-chroot", "p-cpe:/a:amazon:linux:bind-debuginfo", "p-cpe:/a:amazon:linux:bind-devel", "p-cpe:/a:amazon:linux:bind-libs", "p-cpe:/a:amazon:linux:bind-libs-lite", "p-cpe:/a:amazon:linux:bind-license", "p-cpe:/a:amazon:linux:bind-lite-devel", "p-cpe:/a:amazon:linux:bind-pkcs11", "p-cpe:/a:amazon:linux:bind-pkcs11-devel", "p-cpe:/a:amazon:linux:bind-pkcs11-libs", "p-cpe:/a:amazon:linux:bind-pkcs11-utils", "p-cpe:/a:amazon:linux:bind-sdb", "p-cpe:/a:amazon:linux:bind-sdb-chroot", "p-cpe:/a:amazon:linux:bind-utils", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2018-954.NASL", "href": "https://www.tenable.com/plugins/nessus/109125", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2018-954.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109125);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/02/12 9:22:59\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"ALAS\", value:\"2018-954\");\n\n script_name(english:\"Amazon Linux 2 : bind (ALAS-2018-954)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Improper fetch cleanup sequencing in the resolver can cause named to\ncrash\n\nA use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2018-954.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update bind' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-license-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-51.amzn2.2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-51.amzn2.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-27T15:59:58", "description": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named.\n(CVE-2017-3145)\n\nImpact\n\nBIG-IP\n\nA remote attacker can use this flaw to make named , acting as a Domain Name System Security Extensions (DNSSEC) validating resolver, exit unexpectedly with an assertion failure by way of a specially crafted DNS request.\n\nThis vulnerability affects BIND only when configured as a recursive resolver with DNSSEC validation enabled. That mode of operation is not present in any default configuration but can be enabled.\n\nARX, Enterprise Manager, BIG-IQ, F5 iWorkflow, LineRate, and Traffix\n\nThere is no impact; these F5 products are not affected by this vulnerability.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-11-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : BIND vulnerability (K08613310)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2022-01-31T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL08613310.NASL", "href": "https://www.tenable.com/plugins/nessus/118626", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K08613310.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118626);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/31\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"F5 Networks BIG-IP : BIND vulnerability (K08613310)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"BIND was improperly sequencing cleanup operations on upstream\nrecursion fetch contexts, leading in some cases to a use-after-free\nerror that can trigger an assertion failure and crash in named.\n(CVE-2017-3145)\n\nImpact\n\nBIG-IP\n\nA remote attacker can use this flaw to make named , acting as a Domain\nName System Security Extensions (DNSSEC) validating resolver, exit\nunexpectedly with an assertion failure by way of a specially crafted\nDNS request.\n\nThis vulnerability affects BIND only when configured as a recursive\nresolver with DNSSEC validation enabled. That mode of operation is not\npresent in any default configuration but can be enabled.\n\nARX, Enterprise Manager, BIG-IQ, F5 iWorkflow, LineRate, and Traffix\n\nThere is no impact; these F5 products are not affected by this\nvulnerability.\"\n );\n # https://kb.isc.org/article/AA-01542\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K08613310\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K08613310.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3145\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K08613310\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"13.1.0\",\"12.1.3\",\"11.6.2-11.6.3\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.0.0\",\"13.1.0.4\",\"13.0.1\",\"12.1.3.4\",\"11.6.3.2\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:05", "description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "CentOS 7 : bind (CESA-2018:0102)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-chroot", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-libs-lite", "p-cpe:/a:centos:centos:bind-license", "p-cpe:/a:centos:centos:bind-lite-devel", "p-cpe:/a:centos:centos:bind-pkcs11", "p-cpe:/a:centos:centos:bind-pkcs11-devel", "p-cpe:/a:centos:centos:bind-pkcs11-libs", "p-cpe:/a:centos:centos:bind-pkcs11-utils", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-sdb-chroot", "p-cpe:/a:centos:centos:bind-utils", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-0102.NASL", "href": "https://www.tenable.com/plugins/nessus/106234", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0102 and \n# CentOS Errata and Security Advisory 2018:0102 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106234);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0102\");\n\n script_name(english:\"CentOS 7 : bind (CESA-2018:0102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-January/022715.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5ec817ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3145\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-license-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-51.el7_4.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-51.el7_4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-libs-lite / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:45", "description": "Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to current supported minor version.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-31T00:00:00", "type": "nessus", "title": "Fedora 26 : 32:bind / bind-dyndb-ldap / dnsperf (2018-6550550774)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:32:bind", "p-cpe:/a:fedoraproject:fedora:bind-dyndb-ldap", "p-cpe:/a:fedoraproject:fedora:dnsperf", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-6550550774.NASL", "href": "https://www.tenable.com/plugins/nessus/106513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-6550550774.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106513);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"FEDORA\", value:\"2018-6550550774\");\n\n script_name(english:\"Fedora 26 : 32:bind / bind-dyndb-ldap / dnsperf (2018-6550550774)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to\ncurrent supported minor version.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-6550550774\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 32:bind, bind-dyndb-ldap and / or dnsperf\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:32:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dnsperf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"bind-9.11.2-1.P1.fc26\", epoch:\"32\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"bind-dyndb-ldap-11.1-6.fc26\")) flag++;\nif (rpm_check(release:\"FC26\", reference:\"dnsperf-2.1.0.0-8.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"32:bind / bind-dyndb-ldap / dnsperf\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:16", "description": "Upgrades to latest minor supported BIND. Includes first -P1 security release fixing CVE-2017-3145.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-24T00:00:00", "type": "nessus", "title": "Fedora 27 : 32:bind / bind-dyndb-ldap / dnsperf (2018-97bdb9ba32)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:32:bind", "p-cpe:/a:fedoraproject:fedora:bind-dyndb-ldap", "p-cpe:/a:fedoraproject:fedora:dnsperf", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-97BDB9BA32.NASL", "href": "https://www.tenable.com/plugins/nessus/106283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-97bdb9ba32.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106283);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"FEDORA\", value:\"2018-97bdb9ba32\");\n\n script_name(english:\"Fedora 27 : 32:bind / bind-dyndb-ldap / dnsperf (2018-97bdb9ba32)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upgrades to latest minor supported BIND. Includes first -P1 security\nrelease fixing CVE-2017-3145.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-97bdb9ba32\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected 32:bind, bind-dyndb-ldap and / or dnsperf\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:32:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dnsperf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"bind-9.11.2-1.P1.fc27\", epoch:\"32\")) flag++;\nif (rpm_check(release:\"FC27\", reference:\"bind-dyndb-ldap-11.1-8.fc27\")) flag++;\nif (rpm_check(release:\"FC27\", reference:\"dnsperf-2.1.0.0-11.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"32:bind / bind-dyndb-ldap / dnsperf\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:13", "description": "An update for bind is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-13T00:00:00", "type": "nessus", "title": "RHEL 6 : bind (RHSA-2018:0487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.5", "cpe:/o:redhat:enterprise_linux:6.6", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2018-0487.NASL", "href": "https://www.tenable.com/plugins/nessus/108276", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0487. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108276);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0487\");\n\n script_name(english:\"RHEL 6 : bind (RHSA-2018:0487)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 6.4\nAdvanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update\nSupport, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat\nEnterprise Linux 6.6 Telco Extended Update Support, and Red Hat\nEnterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Improper fetch cleanup sequencing in the resolver can cause\nnamed to crash (CVE-2017-3145)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3145\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6\\.4|6\\.5|6\\.6|6\\.7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.4 / 6.5 / 6.6 / 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0487\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"bind-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"bind-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"bind-debuginfo-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"bind-debuginfo-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bind-debuginfo-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"bind-debuginfo-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"bind-devel-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"bind-devel-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bind-devel-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"bind-devel-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-devel-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-devel-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-devel-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"bind-libs-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"bind-libs-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bind-libs-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"bind-libs-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-libs-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-libs-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.30.rc1.el6_6.10\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.17.rc1.el6_4.13\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.12\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.23.rc1.el6_5.8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:00", "description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "RHEL 7 : bind (RHSA-2018:0102)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-0102.NASL", "href": "https://www.tenable.com/plugins/nessus/106245", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0102. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106245);\n script_version(\"3.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-3145\");\n script_xref(name:\"RHSA\", value:\"2018:0102\");\n\n script_name(english:\"RHEL 7 : bind (RHSA-2018:0102)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* A use-after-free flaw leading to denial of service was found in the\nway BIND internally handled cleanup operations on upstream recursion\nfetch contexts. A remote attacker could potentially use this flaw to\nmake named, acting as a DNSSEC validating resolver, exit unexpectedly\nwith an assertion failure via a specially crafted DNS request.\n(CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original\nreporter.\"\n );\n # https://kb.isc.org/article/AA-01542\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-3145\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0102\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-chroot-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-debuginfo-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-devel-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-libs-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-libs-lite-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-license-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-lite-devel-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-pkcs11-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-pkcs11-devel-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-pkcs11-libs-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-sdb-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-utils-9.9.4-51.el7_4.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-51.el7_4.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:51", "description": "This update for bind fixes several issues. This security issue was fixed :\n\n - CVE-2017-3145: Improper sequencing during cleanup could have lead to a use-after-free error that triggered an assertion failure and crash in named (bsc#1076118).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-02-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : bind (SUSE-SU-2018:0362-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-utils", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0362-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0362-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106618);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"SUSE SLES11 Security Update : bind (SUSE-SU-2018:0362-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bind fixes several issues. This security issue was\nfixed :\n\n - CVE-2017-3145: Improper sequencing during cleanup could\n have lead to a use-after-free error that triggered an\n assertion failure and crash in named (bsc#1076118).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-3145/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180362-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96fd977f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-bind-13455=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-bind-13455=1\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-bind-13455=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-bind-13455=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-bind-13455=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-bind-13455=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-chrootenv-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-doc-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-libs-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-utils-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-chrootenv-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-devel-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-doc-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-libs-9.9.6P1-0.51.7.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-utils-9.9.6P1-0.51.7.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:34:12", "description": "Security Fix(es) :\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20180122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180122_BIND_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/106257", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106257);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20180122)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request. (CVE-2017-3145)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=7533\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8ea711db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"bind-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-chroot-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-debuginfo-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-devel-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-sdb-9.8.2-0.62.rc1.el6_9.5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:22:51", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.(CVE-2018-5740)\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3145)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145", "CVE-2018-5740"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1376.NASL", "href": "https://www.tenable.com/plugins/nessus/124879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124879);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-3145\",\n \"CVE-2018-5740\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - A denial of service flaw was discovered in bind\n versions that include the 'deny-answer-aliases'\n feature. This flaw may allow a remote attacker to\n trigger an INSIST assert in named leading to\n termination of the process and a denial of service\n condition.(CVE-2018-5740)\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request.(CVE-2017-3145)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1376\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a6e2bb7e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-libs-9.9.4-61.1.h2\",\n \"bind-libs-lite-9.9.4-61.1.h2\",\n \"bind-license-9.9.4-61.1.h2\",\n \"bind-utils-9.9.4-61.1.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T16:28:12", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix (CVE-2018-5740)\n\n - Fix (CVE-2017-3145)\n\n - Change EDNS flags only after successful query (#1416035)\n\n - Fix crash in ldap driver at bind-sdb stop (#1426626)\n\n - Fix (CVE-2017-3142, CVE-2017-3143)\n\n - Update root servers and trust anchors\n\n - Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391)\n\n - Fix CVE-2017-3136 (ISC change 4575)\n\n - Fix CVE-2017-3137 (ISC change 4578)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-08-29T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0252.NASL", "href": "https://www.tenable.com/plugins/nessus/112170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0252.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(112170);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-3136\", \"CVE-2017-3137\", \"CVE-2017-3142\", \"CVE-2017-3143\", \"CVE-2017-3145\", \"CVE-2018-5740\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bind (OVMSA-2018-0252)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix (CVE-2018-5740)\n\n - Fix (CVE-2017-3145)\n\n - Change EDNS flags only after successful query (#1416035)\n\n - Fix crash in ldap driver at bind-sdb stop (#1426626)\n\n - Fix (CVE-2017-3142, CVE-2017-3143)\n\n - Update root servers and trust anchors\n\n - Fix DNSKEY that encountered a CNAME (#1447872, ISC\n change 3391)\n\n - Fix CVE-2017-3136 (ISC change 4575)\n\n - Fix CVE-2017-3137 (ISC change 4578)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-August/000886.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c4cecb84\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-August/000887.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7bee6625\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.1\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.1\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-23T02:33:33", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2016-2776)\n\n - A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash.(CVE-2016-1285)\n\n - A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.(CVE-2015-4620)\n\n - A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2015-5477)\n\n - A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.(CVE-2014-0591)\n\n - A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.(CVE-2015-5722)\n\n - It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the 'lwres' statement in named.conf.(CVE-2016-2775)\n\n - A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.(CVE-2015-8000)\n\n - A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.(CVE-2016-8864)\n\n - A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.(CVE-2016-9131)\n\n - A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.(CVE-2014-8500)\n\n - A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions.(CVE-2015-1349)\n\n - A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash.(CVE-2016-1286)\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3145)\n\n - A denial of service flaw was found in the way BIND handled query requests when using DNS64 with 'break-dnssec yes' option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3136)\n\n - A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet.(CVE-2017-3142)\n\n - A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.(CVE-2017-3143)\n\n - A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.(CVE-2018-5740)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2775", "CVE-2016-2776", "CVE-2016-8864", "CVE-2016-9131", "CVE-2017-3136", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1433.NASL", "href": "https://www.tenable.com/plugins/nessus/124936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124936);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-0591\",\n \"CVE-2014-8500\",\n \"CVE-2015-1349\",\n \"CVE-2015-4620\",\n \"CVE-2015-5477\",\n \"CVE-2015-5722\",\n \"CVE-2015-8000\",\n \"CVE-2016-1285\",\n \"CVE-2016-1286\",\n \"CVE-2016-2775\",\n \"CVE-2016-2776\",\n \"CVE-2016-8864\",\n \"CVE-2016-9131\",\n \"CVE-2017-3136\",\n \"CVE-2017-3142\",\n \"CVE-2017-3143\",\n \"CVE-2017-3145\",\n \"CVE-2018-5740\"\n );\n script_bugtraq_id(\n 64801,\n 71590,\n 72673,\n 75588\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A denial of service flaw was found in the way BIND\n constructed a response to a query that met certain\n criteria. A remote attacker could use this flaw to make\n named exit unexpectedly with an assertion failure via a\n specially crafted DNS request packet.(CVE-2016-2776)\n\n - A denial of service flaw was found in the way BIND\n processed certain control channel input. A remote\n attacker able to send a malformed packet to the control\n channel could use this flaw to cause named to\n crash.(CVE-2016-1285)\n\n - A flaw was found in the way BIND performed DNSSEC\n validation. An attacker able to make BIND (functioning\n as a DNS resolver with DNSSEC validation enabled)\n resolve a name in an attacker-controlled domain could\n cause named to exit unexpectedly with an assertion\n failure.(CVE-2015-4620)\n\n - A flaw was found in the way BIND handled requests for\n TKEY DNS resource records. A remote attacker could use\n this flaw to make named (functioning as an\n authoritative DNS server or a DNS resolver) exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request packet.(CVE-2015-5477)\n\n - A denial of service flaw was found in the way BIND\n handled queries for NSEC3-signed zones. A remote\n attacker could use this flaw against an authoritative\n name server that served NCES3-signed zones by sending a\n specially crafted query, which, when processed, would\n cause named to crash.(CVE-2014-0591)\n\n - A denial of service flaw was found in the way BIND\n parsed certain malformed DNSSEC keys. A remote attacker\n could use this flaw to send a specially crafted DNS\n query (for example, a query requiring a response from a\n zone containing a deliberately malformed key) that\n would cause named functioning as a validating resolver\n to crash.(CVE-2015-5722)\n\n - It was found that the lightweight resolver protocol\n implementation in BIND could enter an infinite\n recursion and crash when asked to resolve a query name\n which, when combined with a search list entry, exceeds\n the maximum allowable length. A remote attacker could\n use this flaw to crash lwresd or named when using the\n 'lwres' statement in named.conf.(CVE-2016-2775)\n\n - A denial of service flaw was found in the way BIND\n processed certain records with malformed class\n attributes. A remote attacker could use this flaw to\n send a query to request a cached record with a\n malformed class attribute that would cause named\n functioning as an authoritative or recursive server to\n crash. Note: This issue affects authoritative servers\n as well as recursive servers, however authoritative\n servers are at limited risk if they perform\n authentication when making recursive queries to resolve\n addresses for servers listed in NS\n RRSETs.(CVE-2015-8000)\n\n - A denial of service flaw was found in the way BIND\n handled responses containing a DNAME answer. A remote\n attacker could use this flaw to make named exit\n unexpectedly with an assertion failure via a specially\n crafted DNS response.(CVE-2016-8864)\n\n - A denial of service flaw was found in the way BIND\n processed a response to an ANY query. A remote attacker\n could use this flaw to make named exit unexpectedly\n with an assertion failure via a specially crafted DNS\n response.(CVE-2016-9131)\n\n - A denial of service flaw was found in the way BIND\n followed DNS delegations. A remote attacker could use a\n specially crafted zone containing a large number of\n referrals which, when looked up and processed, would\n cause named to use excessive amounts of memory or\n crash.(CVE-2014-8500)\n\n - A flaw was found in the way BIND handled trust anchor\n management. A remote attacker could use this flaw to\n cause the BIND daemon (named) to crash under certain\n conditions.(CVE-2015-1349)\n\n - A denial of service flaw was found in the way BIND\n parsed signature records for DNAME records. By sending\n a specially crafted query, a remote attacker could use\n this flaw to cause named to crash.(CVE-2016-1286)\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request.(CVE-2017-3145)\n\n - A denial of service flaw was found in the way BIND\n handled query requests when using DNS64 with\n 'break-dnssec yes' option. A remote attacker could use\n this flaw to make named exit unexpectedly with an\n assertion failure via a specially crafted DNS\n request.(CVE-2017-3136)\n\n - A flaw was found in the way BIND handled TSIG\n authentication of AXFR requests. A remote attacker,\n able to communicate with an authoritative BIND server,\n could use this flaw to view the entire contents of a\n zone by sending a specially constructed request\n packet.(CVE-2017-3142)\n\n - A flaw was found in the way BIND handled TSIG\n authentication for dynamic updates. A remote attacker\n able to communicate with an authoritative BIND server\n could use this flaw to manipulate the contents of a\n zone, by forging a valid TSIG or SIG(0) signature for a\n dynamic update request.(CVE-2017-3143)\n\n - A denial of service flaw was discovered in bind\n versions that include the 'deny-answer-aliases'\n feature. This flaw may allow a remote attacker to\n trigger an INSIST assert in named leading to\n termination of the process and a denial of service\n condition.(CVE-2018-5740)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1433\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72d96ad2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3143\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-libs-9.9.4-61.1.h2\",\n \"bind-libs-lite-9.9.4-61.1.h2\",\n \"bind-license-9.9.4-61.1.h2\",\n \"bind-utils-9.9.4-61.1.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-16T16:14:02", "description": "According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : \n\n - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126)\n\n - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897)\n\n - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system.\n (CVE-2018-14634)\n\nAdditionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-10T00:00:00", "type": "nessus", "title": "Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0861", "CVE-2017-1000364", "CVE-2017-1000366", "CVE-2017-1000379", "CVE-2017-15265", "CVE-2017-2619", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-1000004", "CVE-2018-10301", "CVE-2018-1050", "CVE-2018-1064", "CVE-2018-10897", "CVE-2018-10901", "CVE-2018-10911", "CVE-2018-1124", "CVE-2018-1126", "CVE-2018-12020", "CVE-2018-12384", "CVE-2018-14634", "CVE-2018-3620", "CVE-2018-3693", "CVE-2018-5390", "CVE-2018-5391", "CVE-2018-5740", "CVE-2018-5748", "CVE-2018-7566"], "modified": "2022-05-24T00:00:00", "cpe": ["cpe:/a:juniper:junos_space"], "id": "JUNIPER_SPACE_JSA10917_184R1.NASL", "href": "https://www.tenable.com/plugins/nessus/121068", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121068);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2017-0861\",\n \"CVE-2017-2619\",\n \"CVE-2017-3136\",\n \"CVE-2017-3137\",\n \"CVE-2017-3142\",\n \"CVE-2017-3143\",\n \"CVE-2017-3145\",\n \"CVE-2017-15265\",\n \"CVE-2017-1000364\",\n \"CVE-2017-1000366\",\n \"CVE-2017-1000379\",\n \"CVE-2018-1050\",\n \"CVE-2018-1064\",\n \"CVE-2018-1124\",\n \"CVE-2018-1126\",\n \"CVE-2018-3620\",\n \"CVE-2018-3693\",\n \"CVE-2018-5390\",\n \"CVE-2018-5391\",\n \"CVE-2018-5740\",\n \"CVE-2018-5748\",\n \"CVE-2018-7566\",\n \"CVE-2018-10301\",\n \"CVE-2018-10897\",\n \"CVE-2018-10901\",\n \"CVE-2018-10911\",\n \"CVE-2018-12020\",\n \"CVE-2018-12384\",\n \"CVE-2018-14634\",\n \"CVE-2018-1000004\"\n );\n\n script_name(english:\"Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Junos Space\nversion is 18.4.x prior to 18.4R1. It is, therefore, affected by\nmultiple vulnerabilities : \n\n - An integer overflow issue exists in procps-ng. This is\n related to CVE-2018-1124. (CVE-2018-1126)\n\n - A directory traversal issue exits in reposync, a part\n of yum-utils.tory configuration files. If an attacker\n controls a repository, they may be able to copy files\n outside of the destination directory on the targeted\n system via path traversal. (CVE-2018-10897)\n\n - An integer overflow flaw was found in the Linux \n kernel's create_elf_tables() function. An unprivileged\n local user with access to SUID binary could use this\n flaw to escalate their privileges on the system.\n (CVE-2018-14634)\n\nAdditionally, Junos Space is affected by several other\nvulnerabilities exist as noted in the vendor advisory.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10917\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Junos Space 18.4R1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10897\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1126\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Solaris RSH Stack Clash Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:juniper:junos_space\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/Junos_Space/version\");\n\n exit(0);\n}\n\ninclude(\"junos.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Junos_Space/version');\n\n# since 18.3R1 was released in the same advisory, we are just\n# checking 18.4.x here\ncheck_junos_space(ver:ver, min:'18.4', fix:'18.4R1', severity:SECURITY_HOLE);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-17T14:18:37", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-06-05T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740", "CVE-2018-5743", "CVE-2020-8616", "CVE-2020-8617"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/137170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0021.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137170);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2006-4095\", \"CVE-2007-2241\", \"CVE-2007-2925\", \"CVE-2007-2926\", \"CVE-2007-6283\", \"CVE-2008-0122\", \"CVE-2008-1447\", \"CVE-2009-0025\", \"CVE-2009-0696\", \"CVE-2010-0097\", \"CVE-2010-0290\", \"CVE-2011-0414\", \"CVE-2011-1910\", \"CVE-2011-2464\", \"CVE-2012-1033\", \"CVE-2012-1667\", \"CVE-2012-3817\", \"CVE-2012-4244\", \"CVE-2012-5166\", \"CVE-2012-5688\", \"CVE-2012-5689\", \"CVE-2013-2266\", \"CVE-2013-4854\", \"CVE-2014-0591\", \"CVE-2014-8500\", \"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2015-8704\", \"CVE-2016-1285\", \"CVE-2016-1286\", \"CVE-2016-2776\", \"CVE-2016-2848\", \"CVE-2016-8864\", \"CVE-2016-9147\", \"CVE-2017-3136\", \"CVE-2017-3137\", \"CVE-2017-3142\", \"CVE-2017-3143\", \"CVE-2017-3145\", \"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2020-8616\", \"CVE-2020-8617\");\n script_bugtraq_id(19859, 25037, 27283, 30131, 33151, 35848, 37118, 37865, 46491, 48007, 48566, 51898, 53772, 54658, 55522, 55852, 56817, 57556, 58736, 61479, 64801, 71590, 72673, 75588);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2020-0021 for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000984.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000981.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000982.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-0122\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 189, 200, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.7\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.7\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-23T21:53:31", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: bind-dyndb-ldap-11.1-8.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-23T21:53:31", "id": "FEDORA:8822C60BC43E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HVTMZARCKPTDEMTVSAFWCBF66YLRUJ5B/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf(1) and resperf(1) man pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-23T21:53:31", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: dnsperf-2.1.0.0-11.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-23T21:53:31", "id": "FEDORA:AA6DB60BC447", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YZUQAQVXTIUHTI6HPLALNZHUFS7D4WEZ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf(1) and resperf(1) man pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-30T17:34:36", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: dnsperf-2.1.0.0-8.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-30T17:34:36", "id": "FEDORA:016916148EBC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2QY6FP7WOZSJNNRQC3IVQSE2F7LGNGC2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-30T17:34:35", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: bind-9.11.2-1.P1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-30T17:34:35", "id": "FEDORA:792C8613FFCE", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UUEBJNTMJ3QBTHCAQBMMANF4TUDYX65L/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:54", "description": "This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-30T17:34:35", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: bind-dyndb-ldap-11.1-6.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-30T17:34:35", "id": "FEDORA:D06996148EB5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JICSXP3TG3GSRP5BNUZJ5AYCG4Z45HV5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-31T17:13:53", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: bind-9.11.4-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145", "CVE-2018-5738"], "modified": "2018-07-31T17:13:53", "id": "FEDORA:D53F763482C4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BJHH7LTWK6RL4MHB4RARLQESAIWNDXZV/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-08-22T10:44:07", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: bind-9.11.4-2.P1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145", "CVE-2018-5738", "CVE-2018-5740"], "modified": "2018-08-22T10:44:07", "id": "FEDORA:10F50634F42C", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JT7FCQVLGYXKMRAHBL5FNH2H6TECHI7G/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-14T23:30:38", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: bind-9.11.4-3.P2.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145", "CVE-2018-5738", "CVE-2018-5741"], "modified": "2018-10-14T23:30:38", "id": "FEDORA:B691E6075D86", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BQOTKAA7CTZSDIF27JX4AHRF2JAZKFAZ/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:49", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nJayachandran Palanisamy discovered that the Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3312.x versions prior to 3312.51\n * 3363.x versions prior to 3363.48\n * 3421.x versions prior to 3421.38\n * 3445.x versions prior to 3445.24\n * 3468.x versions prior to 3468.19\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.181.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3312.x versions to 3312.51\n * Upgrade 3363.x versions to 3363.48\n * Upgrade 3421.x versions to 3421.38\n * Upgrade 3445.x versions to 3445.24\n * Upgrade 3468.x versions to 3468.19\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.181.0 or later.\n\n# References\n\n * [USN-3535-1](<http://www.ubuntu.com/usn/usn-3535-1/>)\n * [CVE-2017-3145](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-3145>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-24T00:00:00", "type": "cloudfoundry", "title": "USN-3535-1: Bind vulnerability | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-24T00:00:00", "id": "CFOUNDRY:9E53597C31CE20F5940310F150286140", "href": "https://www.cloudfoundry.org/blog/usn-3535-1/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:33", "description": "\nF5 Product Development has assigned ID 701359 (BIG-IP) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H08613310 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 14.x | None | 14.0.0 | Medium | [5.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L>) | BIND \n13.x | 13.1.0 | 13.1.0.4 \n13.0.1 \n12.x | 12.1.3 | 12.1.3.4 \n11.x | 11.6.2 - 11.6.3 | 11.6.3.2 \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ (Cloud, Device, Security, ADC) | 4.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nIf you require DNSSEC validation, there is no mitigation for this issue. However, if you have manually enabled the DNSSEC validation feature in the BIND configuration but do not require DNSSEC validation, you can mitigate this vulnerability by disabling/removing this feature in/from the BIND configuration. For more information about BIND's DNSSEC validation, refer to the official [BIND DNSSEC Guide](<https://ftp.isc.org/isc/dnssec-guide/dnssec-guide.pdf>) from Internet Systems Consortium (ISC).\n\n**Note**: The previous link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-23T19:44:00", "type": "f5", "title": "BIND vulnerability CVE-2017-3145", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-08-14T01:12:00", "id": "F5:K08613310", "href": "https://support.f5.com/csp/article/K08613310", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for bind-dyndb-ldap FEDORA-2018-6550550774", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874080", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6550550774_bind-dyndb-ldap_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for bind-dyndb-ldap FEDORA-2018-6550550774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874080\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:59:09 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind-dyndb-ldap FEDORA-2018-6550550774\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind-dyndb-ldap'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind-dyndb-ldap on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6550550774\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JICSXP3TG3GSRP5BNUZJ5AYCG4Z45HV5\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind-dyndb-ldap\", rpm:\"bind-dyndb-ldap~11.1~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-04T18:55:28", "description": "Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading in\nsome cases to a use-after-free error, triggering an assertion failure\nand crash in named.", "cvss3": {}, "published": "2018-01-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4089-1 (bind9 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704089", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704089", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4089-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704089\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-3145\");\n script_name(\"Debian Security Advisory DSA 4089-1 (bind9 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-16 00:00:00 +0100 (Tue, 16 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4089.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(9|8)\");\n script_tag(name:\"affected\", value:\"bind9 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), this problem has been fixed\nin version 1:9.9.5.dfsg-9+deb8u15.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u4.\n\nWe recommend that you upgrade your bind9 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/bind9\");\n script_tag(name:\"summary\", value:\"Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading in\nsome cases to a use-after-free error, triggering an assertion failure\nand crash in named.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"host\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-export-dev\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind9-140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns-export162\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns162\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libirs-export141\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libirs141\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc-export160\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc160\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccc-export140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccc140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg-export140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"liblwres141\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u4\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"host\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-export-dev\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind9-90\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns-export100\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns100\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libirs-export91\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc-export95\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc95\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccc90\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg-export90\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg90\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"liblwres90\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.9.5.dfsg-9+deb8u15\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2018-6550550774", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874070", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874070", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6550550774_bind_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for bind FEDORA-2018-6550550774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874070\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:58:31 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2018-6550550774\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6550550774\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUEBJNTMJ3QBTHCAQBMMANF4TUDYX65L\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.2~1.P1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T20:09:14", "description": "Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading in\nsome cases to a use-after-free error, triggering an assertion failure\nand crash in named.", "cvss3": {}, "published": "2018-01-22T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for bind9 (DLA-1255-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891255", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891255", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891255\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-3145\");\n script_name(\"Debian LTS: Security Advisory for bind9 (DLA-1255-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-22 00:00:00 +0100 (Mon, 22 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"bind9 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1:9.8.4.dfsg.P1-6+nmu2+deb7u19.\n\nWe recommend that you upgrade your bind9 packages.\");\n\n script_tag(name:\"summary\", value:\"Jayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading in\nsome cases to a use-after-free error, triggering an assertion failure\nand crash in named.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind9-80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns88\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc84\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccc80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg82\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"liblwres80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u19\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:58", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2018-1038)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181038", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1038\");\n script_version(\"2020-01-23T11:09:47+0000\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:09:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:09:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2018-1038)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1038\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1038\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2018-1038 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~51.2.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "Check the version of bind", "cvss3": {}, "published": "2018-01-23T00:00:00", "type": "openvas", "title": "CentOS Update for bind CESA-2018:0102 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882833", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882833", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0102_bind_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for bind CESA-2018:0102 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882833\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-23 07:37:39 +0100 (Tue, 23 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for bind CESA-2018:0102 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of bind\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND)\nis an implementation of the Domain Name System (DNS) protocols. BIND includes a\nDNS server (named) a resolver library (routines for applications to use when\ninterfacing with DNS) and tools for verifying that the DNS server is operating\ncorrectly.\n\nSecurity Fix(es):\n\n * A use-after-free flaw leading to denial of service was found in the way\nBIND internally handled cleanup operations on upstream recursion fetch\ncontexts. A remote attacker could potentially use this flaw to make named,\nacting as a DNSSEC validating resolver, exit unexpectedly with an assertion\nfailure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.\");\n script_tag(name:\"affected\", value:\"bind on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:0102\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-January/022715.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-lite-devel\", rpm:\"bind-lite-devel~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-devel\", rpm:\"bind-pkcs11-devel~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb-chroot\", rpm:\"bind-sdb-chroot~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~51.el7_4.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:25", "description": "Check the version of bind", "cvss3": {}, "published": "2018-01-23T00:00:00", "type": "openvas", "title": "CentOS Update for bind CESA-2018:0101 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882832", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0101_bind_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for bind CESA-2018:0101 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882832\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-23 07:37:35 +0100 (Tue, 23 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for bind CESA-2018:0101 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of bind\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND)\nis an implementation of the Domain Name System (DNS) protocols. BIND includes\na DNS server (named) a resolver library (routines for applications to use when\ninterfacing with DNS) and tools for verifying that the DNS server is operating\ncorrectly.\n\nSecurity Fix(es):\n\n * A use-after-free flaw leading to denial of service was found in the way\nBIND internally handled cleanup operations on upstream recursion fetch\ncontexts. A remote attacker could potentially use this flaw to make named,\nacting as a DNSSEC validating resolver, exit unexpectedly with an assertion\nfailure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.\");\n script_tag(name:\"affected\", value:\"bind on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:0101\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-January/022714.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.62.rc1.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.62.rc1.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.62.rc1.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.62.rc1.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.62.rc1.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.62.rc1.el6_9.5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2018-97bdb9ba32", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874047", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_97bdb9ba32_bind_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for bind FEDORA-2018-97bdb9ba32\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874047\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 07:46:52 +0100 (Wed, 24 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2018-97bdb9ba32\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-97bdb9ba32\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKBDGWTF7FXCH5QLOOTE3LMORB2DM7GT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.2~1.P1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:23", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2018-1037)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181037", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181037", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1037\");\n script_version(\"2020-01-23T11:09:46+0000\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:09:46 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:09:46 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2018-1037)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1037\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1037\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2018-1037 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~51.2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~51.2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~51.2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~51.2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~51.2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~51.2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for dnsperf FEDORA-2018-97bdb9ba32", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874038", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874038", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_97bdb9ba32_dnsperf_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dnsperf FEDORA-2018-97bdb9ba32\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874038\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 07:46:13 +0100 (Wed, 24 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dnsperf FEDORA-2018-97bdb9ba32\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dnsperf'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"dnsperf on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-97bdb9ba32\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZUQAQVXTIUHTI6HPLALNZHUFS7D4WEZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"dnsperf\", rpm:\"dnsperf~2.1.0.0~11.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-24T00:00:00", "type": "openvas", "title": "Fedora Update for bind-dyndb-ldap FEDORA-2018-97bdb9ba32", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874050", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_97bdb9ba32_bind-dyndb-ldap_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for bind-dyndb-ldap FEDORA-2018-97bdb9ba32\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874050\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-24 07:47:08 +0100 (Wed, 24 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind-dyndb-ldap FEDORA-2018-97bdb9ba32\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind-dyndb-ldap'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind-dyndb-ldap on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-97bdb9ba32\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVTMZARCKPTDEMTVSAFWCBF66YLRUJ5B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind-dyndb-ldap\", rpm:\"bind-dyndb-ldap~11.1~8.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-31T00:00:00", "type": "openvas", "title": "Fedora Update for dnsperf FEDORA-2018-6550550774", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874071", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_6550550774_dnsperf_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for dnsperf FEDORA-2018-6550550774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874071\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-31 07:58:33 +0100 (Wed, 31 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for dnsperf FEDORA-2018-6550550774\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dnsperf'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"dnsperf on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-6550550774\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QY6FP7WOZSJNNRQC3IVQSE2F7LGNGC2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"dnsperf\", rpm:\"dnsperf~2.1.0.0~8.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-11T19:17:24", "description": "BIND is improperly sequencing cleanup operations on upstream recursion fetch\n contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in\n named.", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "ISC BIND DoS Vulnerability - Jan17 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310140695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ISC BIND DoS Vulnerability - Jan17 (Linux)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:isc:bind\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140695\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 15:42:36 +0700 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ISC BIND DoS Vulnerability - Jan17 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"bind_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"isc/bind/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"BIND is improperly sequencing cleanup operations on upstream recursion fetch\n contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in\n named.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"ISC BIND 9 9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2,\n 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.9.11-S2, 9.10.6-S2, 9.9.11-P1, 9.10.6-P1, 9.11.2-P1,\n 9.12.0rc2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/aa-01542\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_proto(cpe: CPE, port: port))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version !~ \"^9\\.\")\n exit(99);\n\nif (version =~ \"^9\\.(9|10)\\.[0-9]s[0-9]\") {\n if (version_in_range(version: version, test_version: \"9.9.9s10\", test_version2: \"9.9.11s1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.9.11-S2\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.10.5s1\", test_version2: \"9.10.6s1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.10.6-S2\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_in_range(version: version, test_version: \"9.9.9p8\", test_version2: \"9.9.11\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.9.11-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.10.4.p8\", test_version2: \"9.10.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.10.6.P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.11.0p5\", test_version2: \"9.11.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.2-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if ((revcomp(a: version, b: \"9.12.0a1\") >= 0) && (revcomp(a: version, b: \"9.12.0rc2\") < 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.12.0rc2\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-11T19:17:24", "description": "BIND is improperly sequencing cleanup operations on upstream recursion fetch\n contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in\n named.", "cvss3": {}, "published": "2018-01-17T00:00:00", "type": "openvas", "title": "ISC BIND DoS Vulnerability - Jan17 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310140696", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310140696", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ISC BIND DoS Vulnerability - Jan17 (Windows)\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:isc:bind\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.140696\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-17 15:42:36 +0700 (Wed, 17 Jan 2018)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2017-3145\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ISC BIND DoS Vulnerability - Jan17 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"bind_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"isc/bind/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"BIND is improperly sequencing cleanup operations on upstream recursion fetch\n contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in\n named.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"ISC BIND 9 9.9.9-P8 to 9.9.11, 9.10.4-P8 to 9.10.6, 9.11.0-P5 to 9.11.2,\n 9.9.9-S10 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, and 9.12.0a1 to 9.12.0rc1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.9.11-S2, 9.10.6-S2, 9.9.11-P1, 9.10.6-P1, 9.11.2-P1,\n 9.12.0rc2 or later.\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/aa-01542\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!infos = get_app_version_and_proto(cpe: CPE, port: port))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version !~ \"^9\\.\")\n exit(99);\n\nif (version =~ \"^9\\.(9|10)\\.[0-9]s[0-9]\") {\n if (version_in_range(version: version, test_version: \"9.9.9s10\", test_version2: \"9.9.11s1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.9.11-S2\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.10.5s1\", test_version2: \"9.10.6s1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.10.6-S2\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_in_range(version: version, test_version: \"9.9.9p8\", test_version2: \"9.9.11\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.9.11-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.10.4p8\", test_version2: \"9.10.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.10.6.P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.11.0p5\", test_version2: \"9.11.2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.2-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if ((revcomp(a: version, b: \"9.12.0a1\") >= 0) && (revcomp(a: version, b: \"9.12.0rc2\") < 0)) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.12.0rc2\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-18T00:00:00", "type": "openvas", "title": "Ubuntu Update for bind9 USN-3535-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843421", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3535_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for bind9 USN-3535-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843421\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-18 07:36:09 +0100 (Thu, 18 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for bind9 USN-3535-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind9'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jayachandran Palanisamy discovered that the\n Bind resolver incorrectly handled fetch cleanup sequencing. A remote attacker\n could possibly use this issue to cause Bind to crash, resulting in a denial of\n service.\");\n script_tag(name:\"affected\", value:\"bind9 on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3535-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3535-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.9.5.dfsg-3ubuntu0.17\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.10.3.dfsg.P4-12.6ubuntu1.1\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.10.3.dfsg.P4-8ubuntu1.10\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T17:34:28", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-01T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bind (openSUSE-SU-2018:0323-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851694", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851694", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851694\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:53:51 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for bind (openSUSE-SU-2018:0323-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for bind fixes several issues.\n\n This security issue was fixed:\n\n - CVE-2017-3145: Improper sequencing during cleanup could have lead to a\n use-after-free error that triggered an assertion failure and crash in\n named (bsc#1076118).\n\n These non-security issues were fixed:\n\n - Updated named.root file (bsc#1040039)\n\n - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\");\n\n script_tag(name:\"affected\", value:\"bind on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0323-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo\", rpm:\"bind-libs-debuginfo~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd\", rpm:\"bind-lwresd~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd-debuginfo\", rpm:\"bind-lwresd-debuginfo~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils-debuginfo\", rpm:\"bind-utils-debuginfo~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo-32bit\", rpm:\"bind-libs-debuginfo-32bit~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.9.9P1~53.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-23T00:00:00", "type": "openvas", "title": "RedHat Update for bind RHSA-2018:0102-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-02-14T00:00:00", "id": "OPENVAS:1361412562310910003", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310910003", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2018_0102-01_bind.nasl 13654 2019-02-14 07:51:59Z mmartin $\n#\n# RedHat Update for bind RHSA-2018:0102-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.910003\");\n script_version(\"$Revision: 13654 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-14 08:51:59 +0100 (Thu, 14 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-23 07:37:12 +0100 (Tue, 23 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for bind RHSA-2018:0102-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND)\nis an implementation of the Domain Name System (DNS) protocols. BIND includes a\nDNS server (named) a resolver library (routines for applications to use when\ninterfacing with DNS) and tools for verifying that the DNS server is operating\ncorrectly.\n\nSecurity Fix(es):\n\n * A use-after-free flaw leading to denial of service was found in the way\nBIND internally handled cleanup operations on upstream recursion fetch\ncontexts. A remote attacker could potentially use this flaw to make named,\nacting as a DNSSEC validating resolver, exit unexpectedly with an assertion\nfailure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.\");\n script_tag(name:\"affected\", value:\"bind on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2018:0102-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2018-January/msg00065.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~51.el7_4.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-01-23T00:00:00", "type": "openvas", "title": "RedHat Update for bind RHSA-2018:0101-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2019-02-14T00:00:00", "id": "OPENVAS:1361412562310910004", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310910004", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2018_0101-01_bind.nasl 13654 2019-02-14 07:51:59Z mmartin $\n#\n# RedHat Update for bind RHSA-2018:0101-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.910004\");\n script_version(\"$Revision: 13654 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-02-14 08:51:59 +0100 (Thu, 14 Feb 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-01-23 07:37:16 +0100 (Tue, 23 Jan 2018)\");\n script_cve_id(\"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for bind RHSA-2018:0101-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND)\nis an implementation of the Domain Name System (DNS) protocols. BIND includes a\nDNS server (named) a resolver library (routines for applications to use when\ninterfacing with DNS) and tools for verifying that the DNS server is operating\ncorrectly.\n\nSecurity Fix(es):\n\n * A use-after-free flaw leading to denial of service was found in the way\nBIND internally handled cleanup operations on upstream recursion fetch\ncontexts. A remote attacker could potentially use this flaw to make named,\nacting as a DNSSEC validating resolver, exit unexpectedly with an assertion\nfailure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.\");\n script_tag(name:\"affected\", value:\"bind on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2018:0101-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2018-January/msg00064.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.62.rc1.el6_9.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.62.rc1.el6_9.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.8.2~0.62.rc1.el6_9.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.62.rc1.el6_9.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.62.rc1.el6_9.5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:50", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1376)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2017-3145"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191376", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1376\");\n script_version(\"2020-01-23T11:40:44+0000\");\n script_cve_id(\"CVE-2017-3145\", \"CVE-2018-5740\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:40:44 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:40:44 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1376)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1376\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1376\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-1376 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.(CVE-2018-5740)\n\nA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3145)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~61.1.h2\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~61.1.h2\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~61.1.h2\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~61.1.h2\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-02T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2018-c0f12f789e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5738", "CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874869", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874869", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_c0f12f789e_bind_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for bind FEDORA-2018-c0f12f789e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874869\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-02 06:01:15 +0200 (Thu, 02 Aug 2018)\");\n script_cve_id(\"CVE-2018-5738\", \"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2018-c0f12f789e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-c0f12f789e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJHH7LTWK6RL4MHB4RARLQESAIWNDXZV\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.4~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-15T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2018-54d84b0b0c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5741", "CVE-2018-5738", "CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310875188", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875188", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_54d84b0b0c_bind_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for bind FEDORA-2018-54d84b0b0c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875188\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-15 07:11:11 +0200 (Mon, 15 Oct 2018)\");\n script_cve_id(\"CVE-2018-5741\", \"CVE-2018-5738\", \"CVE-2017-3145\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2018-54d84b0b0c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-54d84b0b0c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQOTKAA7CTZSDIF27JX4AHRF2JAZKFAZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.4~3.P2.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-23T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2018-90f8fbd58e", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5738", "CVE-2018-5740", "CVE-2017-3145"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874985", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874985", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_90f8fbd58e_bind_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for bind FEDORA-2018-90f8fbd58e\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874985\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-23 07:48:32 +0200 (Thu, 23 Aug 2018)\");\n script_cve_id(\"CVE-2018-5738\", \"CVE-2017-3145\", \"CVE-2018-5740\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2018-90f8fbd58e\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-90f8fbd58e\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JT7FCQVLGYXKMRAHBL5FNH2H6TECHI7G\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.4~2.P1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:41", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1286", "CVE-2015-5477", "CVE-2015-4620", "CVE-2015-8000", "CVE-2016-8864", "CVE-2016-2775", "CVE-2015-5722", "CVE-2016-1285", "CVE-2018-5740", "CVE-2017-3136", "CVE-2016-9131", "CVE-2016-2776", "CVE-2017-3145", "CVE-2014-0591", "CVE-2015-1349", "CVE-2014-8500", "CVE-2017-3142", "CVE-2017-3143"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191433", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1433\");\n script_version(\"2020-01-23T11:45:55+0000\");\n script_cve_id(\"CVE-2014-0591\", \"CVE-2014-8500\", \"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2016-1285\", \"CVE-2016-1286\", \"CVE-2016-2775\", \"CVE-2016-2776\", \"CVE-2016-8864\", \"CVE-2016-9131\", \"CVE-2017-3136\", \"CVE-2017-3142\", \"CVE-2017-3143\", \"CVE-2017-3145\", \"CVE-2018-5740\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:45:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:45:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1433)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1433\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1433\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-1433 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2016-2776)\n\nA denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash.(CVE-2016-1285)\n\nA flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.(CVE-2015-4620)\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.(CVE-2014-0591)\n\nA denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.(CVE-2015-5722)\n\nIt was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the 'lwres' statement in named.conf.(CVE-2016-2775)\n\nA denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2021-07-25T19:39:35", "description": "**Issue Overview:**\n\nImproper fetch cleanup sequencing in the resolver can cause named to crash \nA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n \u00a0\u00a0\u00a0 bind-license-9.9.4-51.amzn2.2.noarch \n \n src: \n \u00a0\u00a0\u00a0 bind-9.9.4-51.amzn2.2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 bind-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-utils-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-libs-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-devel-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-sdb-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-libs-lite-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-libs-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-utils-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-devel-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-lite-devel-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-chroot-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-sdb-chroot-9.9.4-51.amzn2.2.x86_64 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.9.4-51.amzn2.2.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-20T21:03:00", "type": "amazon", "title": "Important: bind", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-02-21T21:18:00", "id": "ALAS2-2018-954", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-954.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-25T19:25:13", "description": "**Issue Overview:**\n\nImproper fetch cleanup sequencing in the resolver can cause named to crash: \nA use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3145)\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 bind-sdb-9.8.2-0.62.rc1.57.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-chroot-9.8.2-0.62.rc1.57.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-devel-9.8.2-0.62.rc1.57.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.8.2-0.62.rc1.57.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-9.8.2-0.62.rc1.57.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-utils-9.8.2-0.62.rc1.57.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-libs-9.8.2-0.62.rc1.57.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 bind-9.8.2-0.62.rc1.57.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 bind-9.8.2-0.62.rc1.57.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.8.2-0.62.rc1.57.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-libs-9.8.2-0.62.rc1.57.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-utils-9.8.2-0.62.rc1.57.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-chroot-9.8.2-0.62.rc1.57.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-sdb-9.8.2-0.62.rc1.57.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-devel-9.8.2-0.62.rc1.57.amzn1.x86_64 \n \n \n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-02-20T21:02:00", "type": "amazon", "title": "Important: bind", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-02-21T20:42:00", "id": "ALAS-2018-954", "href": "https://alas.aws.amazon.com/ALAS-2018-954.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named (CVE-2017-3145). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-24T22:37:59", "type": "mageia", "title": "Updated bind packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-24T22:37:59", "id": "MGASA-2018-0092", "href": "https://advisories.mageia.org/MGASA-2018-0092.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T11:19:34", "description": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named (CVE-2017-3145). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-01-24T22:37:59", "type": "mageia", "title": "Updated bind packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-24T22:37:59", "id": "MGASA-2018-0093", "href": "https://advisories.mageia.org/MGASA-2018-0093.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2022-02-27T11:51:17", "description": "**CentOS Errata and Security Advisory** CESA-2018:0101\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2018-January/059633.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-sdb\nbind-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2018:0101", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-22T14:11:38", "type": "centos", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-22T14:11:38", "id": "CESA-2018:0101", "href": "https://lists.centos.org/pipermail/centos-announce/2018-January/059633.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-27T11:51:17", "description": "**CentOS Errata and Security Advisory** CESA-2018:0102\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2018-January/059634.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-libs-lite\nbind-license\nbind-lite-devel\nbind-pkcs11\nbind-pkcs11-devel\nbind-pkcs11-libs\nbind-pkcs11-utils\nbind-sdb\nbind-sdb-chroot\nbind-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2018:0102", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-22T14:33:56", "type": "centos", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-22T14:33:56", "id": "CESA-2018:0102", "href": "https://lists.centos.org/pipermail/centos-announce/2018-January/059634.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-06-08T05:20:20", "description": "A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-09T22:44:46", "type": "redhatcve", "title": "CVE-2017-3145", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2022-06-08T02:44:32", "id": "RH:CVE-2017-3145", "href": "https://access.redhat.com/security/cve/cve-2017-3145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2018-01-31T00:53:58", "description": "This update for bind fixes several issues.\n\n This security issue was fixed:\n\n - CVE-2017-3145: Improper sequencing during cleanup could have lead to a\n use-after-free error that triggered an assertion failure and crash in\n named (bsc#1076118).\n\n These non-security issues were fixed:\n\n - Updated named.root file (bsc#1040039)\n - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184)\n\n", "cvss3": {}, "published": "2018-01-30T21:08:26", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-30T21:08:26", "id": "SUSE-SU-2018:0303-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00102.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-05T14:54:24", "description": "This update for bind fixes several issues.\n\n This security issue was fixed:\n\n - CVE-2017-3145: Improper sequencing during cleanup could have lead to a\n use-after-free error that triggered an assertion failure and crash in\n named (bsc#1076118).\n\n These non-security issues were fixed:\n\n - Updated named.root file (bsc#1040039)\n - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184)\n\n", "cvss3": {}, "published": "2018-02-05T12:11:02", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2018-02-05T12:11:02", "id": "SUSE-SU-2018:0362-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00006.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-01T02:54:02", "description": "This update for bind fixes several issues.\n\n This security issue was fixed:\n\n - CVE-2017-3145: Improper sequencing during cleanup could have lead to a\n use-after-free error that triggered an assertion failure and crash in\n named (bsc#1076118).\n\n These non-security issues were fixed:\n\n - Updated named.root file (bsc#1040039)\n - Update bind.keys for DNSSEC root KSK rollover (bsc#1047184)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n", "cvss3": {}, "published": "2018-02-01T00:13:25", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-3145"], "modified": "2018-02-01T00:13:25", "id": "OPENSUSE-SU-2018:0323-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00105.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2022-01-30T00:23:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4089-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nCVE ID : CVE-2017-3145\n\nJayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading in\nsome cases to a use-after-free error, triggering an assertion failure\nand crash in named.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:9.9.5.dfsg-9+deb8u15.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u4.\n\nWe recommend that you upgrade your bind9 packages.\n\nFor the detailed security status of bind9 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-16T22:05:58", "type": "debian", "title": "[SECURITY] [DSA 4089-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-16T22:05:58", "id": "DEBIAN:DSA-4089-1:03192", "href": "https://lists.debian.org/debian-security-announce/2018/msg00011.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-22T13:04:15", "description": "Package : bind9\nVersion : 1:9.8.4.dfsg.P1-6+nmu2+deb7u19\nCVE ID : CVE-2017-3145\n\n\nJayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading in\nsome cases to a use-after-free error, triggering an assertion failure\nand crash in named.\n\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n1:9.8.4.dfsg.P1-6+nmu2+deb7u19.\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-21T21:44:35", "type": "debian", "title": "[SECURITY] [DLA 1255-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-21T21:44:35", "id": "DEBIAN:DLA-1255-1:A8BFB", "href": "https://lists.debian.org/debian-lts-announce/2018/01/msg00029.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T21:47:08", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4089-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nCVE ID : CVE-2017-3145\n\nJayachandran Palanisamy of Cygate AB reported that BIND, a DNS server\nimplementation, was improperly sequencing cleanup operations, leading in\nsome cases to a use-after-free error, triggering an assertion failure\nand crash in named.\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 1:9.9.5.dfsg-9+deb8u15.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u4.\n\nWe recommend that you upgrade your bind9 packages.\n\nFor the detailed security status of bind9 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-16T22:05:58", "type": "debian", "title": "[SECURITY] [DSA 4089-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-16T22:05:58", "id": "DEBIAN:DSA-4089-1:AA3D6", "href": "https://lists.debian.org/debian-security-announce/2018/msg00011.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2021-10-21T04:43:03", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-22T08:15:48", "type": "redhat", "title": "(RHSA-2018:0102) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-04-11T23:33:06", "id": "RHSA-2018:0102", "href": "https://access.redhat.com/errata/RHSA-2018:0102", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T04:43:52", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-12T18:09:34", "type": "redhat", "title": "(RHSA-2018:0488) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-03-12T18:20:55", "id": "RHSA-2018:0488", "href": "https://access.redhat.com/errata/RHSA-2018:0488", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-21T04:42:08", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Improper fetch cleanup sequencing in the resolver can cause named to crash (CVE-2017-3145)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-03-12T18:07:56", "type": "redhat", "title": "(RHSA-2018:0487) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-03-12T18:11:09", "id": "RHSA-2018:0487", "href": "https://access.redhat.com/errata/RHSA-2018:0487", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:37:22", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-22T08:15:15", "type": "redhat", "title": "(RHSA-2018:0101) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-06-07T14:23:45", "id": "RHSA-2018:0101", "href": "https://access.redhat.com/errata/RHSA-2018:0101", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T12:02:40", "description": "Jayachandran Palanisamy discovered that the Bind resolver incorrectly \nhandled fetch cleanup sequencing. A remote attacker could possibly use this \nissue to cause Bind to crash, resulting in a denial of service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-17T00:00:00", "type": "ubuntu", "title": "Bind vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-17T00:00:00", "id": "USN-3535-1", "href": "https://ubuntu.com/security/notices/USN-3535-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-01-04T12:02:32", "description": "USN-3535-1 fixed a vulnerability in Bind. This update provides \nthe corresponding update for Ubuntu 12.04 ESM.\n\nOriginal advisory details:\n\nJayachandran Palanisamy discovered that the Bind resolver incorrectly \nhandled fetch cleanup sequencing. A remote attacker could possibly use this \nissue to cause Bind to crash, resulting in a denial of service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-17T00:00:00", "type": "ubuntu", "title": "Bind vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-17T00:00:00", "id": "USN-3535-2", "href": "https://ubuntu.com/security/notices/USN-3535-2", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2022-06-28T22:11:30", "description": "## Summary\n\nIBM Integrated Managment Module II (IMM2) has addressed the following vulnerability in bind.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3145](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145>) \n**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by a use-after-free when improperly sequencing cleanup operations on upstream recursion fetch contexts. A remote attacker could exploit this vulnerability to make named crash with an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137694> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM Integrated Management Module II (IMM2) for System x & Flex Systems\n\n| \n\n1AOO \n \nIBM Integrated Management Module II (IMM2) for BladeCenter Systems\n\n| \n\n1AOO \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM Integrated Management Module II (IMM2) for System x & Flex Systems \n(ibm_fw_imm2_1aoo84c-6.80_anyos_noarch)\n\n| \n\n1AOO84C-6.80 \n \nIBM Integrated Management Module II (IMM2) for BladeCenter Systems \n(ibm_fw_imm2_1aoo84c-6.80-bc_anyos_noarch)\n\n| \n\n1AOO84C-6.80-bc \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[Lenovo Product Security Advisories](<Lenovo Product Security Advisories>)\n\n## Change History\n\n10 July 2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Internal Use Only\n\n11111/110625\n\n[{\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"HW19X\",\"label\":\"System x->Microsoft Datacenter\"},\"Component\":\"IMM2\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Business Unit\":{\"code\":\"BU016\",\"label\":\"Multiple Vendor Support\"},\"Product\":{\"code\":\"SGUQZ9\",\"label\":\"System x Blades\"},\"Component\":\"IMM2\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Business Unit\":{\"code\":\"BU050\",\"label\":\"BU NOT IDENTIFIED\"},\"Product\":{\"code\":\"SSWLYD\",\"label\":\"PureFlex System & Flex System\"},\"Component\":\"IMM2\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-10T22:02:10", "type": "ibm", "title": "Security Bulletin: Vulnerability in bind affects IBM Integrated Management Module II (IMM2)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-07-10T22:02:10", "id": "B0489635EF2448720B050CF88269140AD76E6F5CE342B0A9A7ABAE224EDDDF02", "href": "https://www.ibm.com/support/pages/node/716769", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:14:03", "description": "## Summary\n\nISC BIND is vulnerable to this security vulnerability. IBM i has addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3145_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145>) \n**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by a use-after-free when improperly sequencing cleanup operations on upstream recursion fetch contexts. A remote attacker could exploit this vulnerability to make named crash with an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137694_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137694>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nReleases 6.1, 7.1, 7.2 and 7.3 of IBM i are affected. \n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to IBM i. \n \nReleases 6.1, 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed. \n\n[_http://www-933.ibm.com/support/fixcentral/_](<http://www-933.ibm.com/support/fixcentral/>)\n\n \nThe IBM i PTF numbers are: \n \n**Release 6.1 \u2013 SI66815** \n**Release 7.1 \u2013 SI66814** \n**Release 7.2 \u2013 SI66813** \n**Release 7.3 \u2013 SI66812** \n \n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB57\",\"label\":\"Power\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SWG60\",\"label\":\"IBM i\"},\"Platform\":[{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"7.1.0\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2017-3145", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2019-12-18T14:26:38", "id": "41C6047042201BEFC6057C7A272D57F63B07E7A01E6318C2A0434F21FC528BFC", "href": "https://www.ibm.com/support/pages/node/687965", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T21:58:49", "description": "## Summary\n\nPowerKVM is affected by a vulnerability in ISC Bind. IBM has now addressed this vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-3145_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145>)** \nDESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by a use-after-free when improperly sequencing cleanup operations on upstream recursion fetch contexts. A remote attacker could exploit this vulnerability to make named crash with an assertion failure. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137694_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137694>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 13.\n\n## Workarounds and Mitigations\n\nnone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n7 February 2018 - Initial Version\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-18T01:41:32", "type": "ibm", "title": "Security Bulletin: A vulnerability in bind affects PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-06-18T01:41:32", "id": "82BCB57C7F1C9EF37733811A197429DCF4E6D666F805733AB4C35B403D3997AE", "href": "https://www.ibm.com/support/pages/node/634131", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2021-07-28T14:47:03", "description": "New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\n14.2, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/bind-9.10.6_P1-i586-1_slack14.2.txz: Upgraded.\n This update fixes a high severity security issue:\n Improper sequencing during cleanup can lead to a use-after-free error,\n triggering an assertion failure and crash in named.\n For more information, see:\n https://kb.isc.org/article/AA-01542\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.11_P1-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.11_P1-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.11_P1-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.11_P1-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.11_P1-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.11_P1-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.11_P1-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.11_P1-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.11_P1-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.11_P1-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.10.6_P1-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.10.6_P1-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.11.2_P1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.11.2_P1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\ne80dd64171589e36710b7bbef0dc962f bind-9.9.11_P1-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\nd482641f326a7543ac49b52b14066264 bind-9.9.11_P1-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\nbcda49076768b83ba97d34ce33fa1149 bind-9.9.11_P1-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n67fff04baa5e780a4da0a369bb2387b3 bind-9.9.11_P1-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ne9da89b964b1ad8274e381f4fadc8932 bind-9.9.11_P1-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n15cf2689ec701d49db3ac2402b1cfd8e bind-9.9.11_P1-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\ncb697b092fc9f0ca0d34908d982704d3 bind-9.9.11_P1-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n7fc7c78eab670800e8050619e32a9f10 bind-9.9.11_P1-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n112d11d4a5da750dc97e8e7b453b788c bind-9.9.11_P1-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n33b23dd33c5e8858bbaf01e021d948a1 bind-9.9.11_P1-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n3e3789b5a4d08f09511648bd0241f09f bind-9.10.6_P1-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n3771a2d36a6e3d49979386c5258de1da bind-9.10.6_P1-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n339eaae45be15550afc28fb2d4cad9a9 n/bind-9.11.2_P1-i586-1.txz\n\nSlackware x86_64 -current package:\nede731e198dd2858a82498e6613ca0a5 n/bind-9.11.2_P1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.10.6_P1-i586-1_slack14.2.txz\n\nThen, restart the name server:\n\n > /etc/rc.d/rc.bind restart", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-17T21:36:38", "type": "slackware", "title": "[slackware-security] bind", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-17T21:36:38", "id": "SSA-2018-017-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.552055", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-05-18T23:31:42", "description": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-16T20:29:00", "type": "debiancve", "title": "CVE-2017-3145", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2019-01-16T20:29:00", "id": "DEBIANCVE:CVE-2017-3145", "href": "https://security-tracker.debian.org/tracker/CVE-2017-3145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T16:14:49", "description": "BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-16T20:29:00", "type": "cve", "title": "CVE-2017-3145", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2019-10-09T23:27:00", "cpe": ["cpe:/o:redhat:enterprise_linux_server_eus:7.3", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.2", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/a:isc:bind:9.10.5", "cpe:/o:redhat:enterprise_linux_server_tus:7.3", "cpe:/a:isc:bind:9.11.2", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:redhat:enterprise_linux_server_eus:6.7", "cpe:/o:redhat:enterprise_linux_server_tus:7.6", "cpe:/a:isc:bind:9.10.6", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:isc:bind:9.9.11", "cpe:/o:redhat:enterprise_linux_server_tus:7.2", "cpe:/a:isc:bind:9.12.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_server_aus:7.3", "cpe:/o:redhat:enterprise_linux_server_eus:7.4", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_server_eus:7.6", "cpe:/a:isc:bind:9.8.8", "cpe:/o:redhat:enterprise_linux_server_eus:7.5", "cpe:/o:redhat:enterprise_linux_server_aus:7.4", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:redhat:enterprise_linux_server_aus:6.6", "cpe:/o:redhat:enterprise_linux_server_aus:6.5", "cpe:/a:netapp:data_ontap_edge:-", "cpe:/o:redhat:enterprise_linux_server_aus:6.4", "cpe:/a:isc:bind:9.9.3", "cpe:/o:redhat:enterprise_linux_server_aus:7.6", "cpe:/o:redhat:enterprise_linux_server_tus:6.6"], "id": "CVE-2017-3145", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.9.11:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.9.11:s1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.2:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.6:s1:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.12.0:alpha1:*:*:*:*:*:*"]}], "alpinelinux": [{"lastseen": "2021-10-20T18:34:00", "description": "None", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-01-16T20:29:00", "type": "alpinelinux", "title": "CVE-2017-3145", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2019-10-09T23:27:00", "id": "ALPINE:CVE-2017-3145", "href": "https://security.alpinelinux.org/vuln/CVE-2017-3145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:38:30", "description": "BIND was improperly sequencing cleanup operations on upstream recursion\nfetch contexts, leading in some cases to a use-after-free error that can\ntrigger an assertion failure and crash in named. Affects BIND 9.0.0 to\n9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to\n9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-16T00:00:00", "type": "ubuntucve", "title": "CVE-2017-3145", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-16T00:00:00", "id": "UB:CVE-2017-3145", "href": "https://ubuntu.com/security/CVE-2017-3145", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2021-07-28T14:34:05", "description": "Arch Linux Security Advisory ASA-201801-16\n==========================================\n\nSeverity: High\nDate : 2018-01-18\nCVE-ID : CVE-2017-3145\nPackage : bind\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-589\n\nSummary\n=======\n\nThe package bind before version 9.11.2.P1-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 9.11.2.P1-1.\n\n# pacman -Syu \"bind>=9.11.2.P1-1\"\n\nThe problem has been fixed upstream in version 9.11.2.P1.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA use-after-free flaw leading to denial of service was found in the way\nBIND before 9.11.2.P1, 9.10.6-P1 and 9.9.11-P1 internally handled\ncleanup operations on upstream recursion fetch contexts. A remote\nattacker could potentially use this flaw to make named, acting as a\nDNSSEC validating resolver, exit unexpectedly with an assertion failure\nvia a specially crafted DNS request.\n\nImpact\n======\n\nA remote attacker is able to crash named while acting as a DNSSEC\nvalidating resolver via a specially crafted DNS request.\n\nReferences\n==========\n\nhttps://kb.isc.org/article/AA-01542\nhttps://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d\nhttps://security.archlinux.org/CVE-2017-3145", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-18T00:00:00", "type": "archlinux", "title": "[ASA-201801-16] bind: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-18T00:00:00", "id": "ASA-201801-16", "href": "https://security.archlinux.org/ASA-201801-16", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:38", "description": "[32:9.8.2-0.62.rc1.5]\n- Fix CVE-2017-3145", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-22T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-22T00:00:00", "id": "ELSA-2018-0101", "href": "http://linux.oracle.com/errata/ELSA-2018-0101.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:24:29", "description": "[32:9.9.4-51.2]\n- Fix CVE-2017-3145", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-22T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3145"], "modified": "2018-01-22T00:00:00", "id": "ELSA-2018-0102", "href": "http://linux.oracle.com/errata/ELSA-2018-0102.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-02-10T00:00:00", "description": "[32:9.8.2-0.68.rc1.0.3.8]\n- Backport fix for CVE-2018-5741 [Orabug: 33496185]\n[32:9.8.2-0.68.rc1.0.2.8]\n- Backport possible assertion failure on DNAME processing (CVE-2021-25215)\n[32:9.8.2-0.68.rc1.0.1.8]\n- Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749)\n[32:9.8.2-0.68.rc1.8]\n- Fix tsig-request verify (CVE-2020-8622)\n[32:9.8.2-0.68.rc1.7]\n- Correct tests covering CVE-2020-8617\n[32:9.8.2-0.68.rc1.6]\n- Add additional fix to limit recursions\n[32:9.8.2-0.68.rc1.5]\n- Add CVE tests to codebase\n[32:9.8.2-0.68.rc1.4]\n- Limit number of queries triggered by a request (CVE-2020-8616)\n- Fix invalid tsig request (CVE-2020-8617)\n[32:9.8.2-0.68.rc1.3]\n- Use only selected documentation files\n[32:9.8.2-0.68.rc1.2]\n- Fix CVE-2018-5743\n[32:9.8.2-0.68.rc1.1]\n- Fix CVE-2018-5740\n[32:9.8.2-0.68.rc1]\n- Fix CVE-2017-3145\n[32:9.8.2-0.67.rc1]\n- Change EDNS flags only after successful query (#1416035)\n- Fix crash in ldap driver at bind-sdb stop (#1426626)\n[32:9.8.2-0.66.rc1]\n- Fix CVE-2017-3142 and CVE-2017-3143\n[32:9.8.2-0.65.rc1]\n- Update root servers and trust anchors\n[32:9.8.2-0.64.rc1]\n- Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391)\n[32:9.8.2-0.63.rc1]\n- Fix CVE-2017-3136 (ISC change 4575)\n- Fix CVE-2017-3137 (ISC change 4578)\n[32:9.8.2-0.62.rc1]\n- Fix and test caching CNAME before DNAME (ISC change 4558)\n[32:9.8.2-0.61.rc1]\n- Fix CVE-2016-9147 (ISC change 4510)\n- Fix regression introduced by CVE-2016-8864 (ISC change 4530)\n[32:9.8.2-0.60.rc1]\n- Restore SELinux contexts before named restart\n[32:9.8.2-0.59.rc1]\n- Use /lib or /lib64 only if directory in chroot already exists\n- Tighten NSS library pattern, escape chroot mount path\n[32:9.8.2-0.58.rc1]\n- Fix CVE-2016-8864\n[32:9.8.2-0.57.rc1]\n- Do not change lib permissions in chroot (#1321239)\n- Support WKS records in chroot (#1297562)\n[32:9.8.2-0.56.rc1]\n- Do not include patch backup in docs (fixes #1325081 patch)\n[32:9.8.2-0.55.rc1]\n- Backported relevant parts of [RT #39567] (#1259923)\n[32:9.8.2-0.54.rc1]\n- Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)\n[32:9.8.2-0.53.rc1]\n- Fix multiple realms in nsupdate script like upstream (#1313286)\n[32:9.8.2-0.52.rc1]\n- Fix multiple realm in nsupdate script (#1313286)\n[32:9.8.2-0.51.rc1]\n- Use resolver-query-timeout high enough to recover all forwarders (#1325081)\n[32:9.8.2-0.50.rc1]\n- Fix CVE-2016-2848\n[32:9.8.2-0.49.rc1]\n- Fix infinite loop in start_lookup (#1306504)\n[32:9.8.2-0.48.rc1]\n- Fix CVE-2016-2776\n[32:9.8.2-0.47.rc1]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[32:9.8.2-0.46.rc1]\n- Fix CVE-2015-8704\n[32:9.8.2-0.45.rc1]\n- Updated named.ca hints file to the latest version (#1267991)\n[32:9.8.2-0.44.rc1]\n- Fix CVE-2015-8000\n[32:9.8.2-0.43.rc1]\n- Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1227189)\n- Added the fixed tarball with configuration to Sources (Related: #1223359)\n[32:9.8.2-0.42.rc1]\n- Don't use ISC's DLV by default (#1223359)\n[32:9.8.2-0.41.rc1]\n- Added support for CAA records (#1252611)\n[32:9.8.2-0.40.rc1]\n- Fix CVE-2015-5722\n[32:9.8.2-0.39.rc1]\n- Fix CVE-2015-5477\n[32:9.8.2-0.38.rc1]\n- Fix CVE-2015-4620\n[32:9.8.2-0.37.rc1]\n- Resolves: 1215687 - DNS resolution failure in high load environment with\n SERVFAIL and 'out of memory/success' in the log\n[32:9.8.2-0.36.rc1]\n- Fix CVE-2015-1349\n[32:9.8.2-0.35.rc1]\n- Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476)\n[32:9.8.2-0.34.rc1]\n- Fix race condition when using isc__begin_beginexclusive (#1175321)\n[32:9.8.2-0.33.rc1]\n- Sanitize SDB API to better handle database errors (#1146893)\n[32:9.8.2-0.32.rc1]\n- Fix CVE-2014-8500 (#1171974)\n[32:9.8.2-0.31.rc1]\n- Fix RRL slip behavior when set to 1 (#1112356)\n- Fix issue causing bind to hang after reload if using DYNDB (#1142152)\n[32:9.8.2-0.30.rc1]\n- Use /dev/urandom when generating rndc.key file (#951255)\n[32:9.8.2-0.29.rc1]\n- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035\n[32:9.8.2-0.28.rc1]\n- Add support for TLSA resource records (#956685)\n- Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035)\n[32:9.8.2-0.27.rc1]\n- Fix segmentation fault in nsupdate when -r option is used (#1064045)\n- Fix race condition on send buffer in host tool when sending UDP query (#1008827)\n- Allow authentication using TSIG in allow-notify configuration statement (#1044545)\n- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)\n- Include updated named.ca file with root server addresses (#917356)\n- Don't generate rndc.key if there is rndc.conf on start-up (#997743)\n- Fix dig man page regarding how to disable IDN (#1023045)\n- Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876)\n[32:9.8.2-0.26.rc1]\n- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065)\n- Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033)\n- Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123)\n- Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414)\n- Fix initscript not to mount chroot filesystem is named is already running (#948743)\n- Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632)\n- Correct the installed documentation ownership (#1051283)\n[32:9.8.2-0.25.rc1]\n- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008)\n- Fix race condition when destroying a resolver fetch object (#993612)\n- Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700)\n- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)\n[32:9.8.2-0.24.rc1]\n- Fix CVE-2014-0591\n[32:9.8.2-0.23.rc1]\n- Fix gssapictx memory leak (#911167)\n[32:9.8.2-0.22.rc1]\n- fix CVE-2013-4854\n[32:9.8.2-0.21.rc1]\n- fix CVE-2013-2266\n- ship dns/rrl.h in -devel subpkg\n[32:9.8.2-0.20.rc1]\n- remove one bogus file from /usr/share/doc, introduced by RRL patch\n[32:9.8.2-0.19.rc1]\n- fix CVE-2012-5689\n[32:9.8.2-0.18.rc1]\n- add response rate limit patch (#873624)\n[32:9.8.2-0.17.rc1]\n- fix CVE-2012-5688\n[32:9.8.2-0.16.rc1]\n- initscript: silence spurious 'named.pid: No such file' error\n[32:9.8.2-0.15.rc1]\n- fix CVE-2012-5166\n[32:9.8.2-0.14.rc1]\n- allow forward{,ers} statement in static-stub zones\n[32:9.8.2-0.13.rc1]\n- fix CVE-2012-4244\n[32:9.8.2-0.12.rc1]\n- fix CVE-2012-3817\n[32:9.8.2-0.11.rc1]\n- fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165)\n[32:9.8.2-0.10.rc1]\n- fix CVE-2012-1667\n[32:9.8.2-0.9.rc1]\n- fix race condition in the resolver module\n- nslookup: return non-zero exit code when fail to get answer (#816164)\n[32:9.8.2-0.8.rc1]\n- initscript: don't umount /var/named when didn't mount it\n[32:9.8.2-0.7.rc1]\n- don't fail when logfile cannot be opened (#809084)\n[32:9.8.2-0.6.rc1]\n- fix multilib regression in bind-devel (#800053)\n[32:9.8.2-0.5.rc1]\n- fix errors reported by Coverity\n- be more strict when caching NS RRsets (CVE-2012-1033)\n[32:9.8.2-0.4.rc1]\n- load dynamic-db plugins later (#795414)\n[32:9.8.2-0.3.rc1]\n- decrease severity of various errors related to outside DNS environment\n (#788870)\n- fixed various bind-chroot packaging errors (#789886)\n- use portreserve to reserve rndc control port (#790682)\n[32:9.8.2-0.2.rc1]\n- harden dns_zone_setmasterswithkeys() to avoid INSIST failures\n- build with '--enable-fixed-rrset'\n- fix potential memory leak in code which processes rndc authentication\n (#749582)\n- generate rndc.key during (#768798)\n- nslookup: improve handling of AA responses with recursion off\n- removed obsolete bind97-rh714049.patch patch\n[32:9.8.2-0.1.rc1]\n- update to 9.8.2rc1\n- patches merged\n - bind97-rh754398.patch\n - bind97-rh700097.patch\n - bind97-rh734502.patch\n - bind97-rh746694-1.patch\n - bind97-rh746694-2.patch\n - bind97-rh739406-1.patch\n - bind97-rh739406-2.patch\n- ship DNSKEY for root zone in default configuration\n[32:9.7.3-10.P3]\n- disable atomic ops on ppc* because they caused named to hang/crash\n[32:9.7.3-9.P3]\n- fix race condition in resolver.c:validated()\n- improve error handling in zone.c:zone_refreshkeys() to avoid\n hang during shutdown\n[32:9.7.3-8.P3]\n- fix DOS against recursive servers (#754398)\n[32:9.7.3-7.P3]\n- fix memory leak in nsupdate when using SIG(0) keys\n[32:9.7.3-6.P3]\n- load/unload dyndb plugins on appropriate places to avoid crashes (#725577)\n- nsupdate could have failed if server has multiple IPs and the first\n was unreachable (#714049)\n- nsupdate returned zero when target zone didn't exist (#700097)\n- readd configtest target to initscript\n- print 'the working directory is not writable' as debug message\n- fix some Coverity warnings\n[32:9.7.3-5.P3]\n- fix rare race condition in request.c\n[32:9.7.3-4.P3]\n- update to 9.7.3-P3 (CVE-2011-2464)\n[32:9.7.3-3.P1]\n- update to 9.7.3-P1 (CVE-2011-1910)\n[32:9.7.3-2]\n- don't generate rndc.key during installation\n[32:9.7.3-1]\n- update to 9.7.3 (CVE-2011-0414)\n- patches merged\n - bind97-gsstsig.patch\n - bind97-rh664401.patch\n - bind97-rh623638.patch\n[32:9.7.2-8.P3]\n- regenerate fixed nsupdate manual page\n[32:9.7.2-7.P3]\n- improve host/dig resolv.conf parser (#rh669163)\n- improve internal test suite\n- don't mention that HMAC-MD5 is the only one TSIG algorighm\n in nsupdate manpage\n- initscript: sybsys name is always named, not named-sdb\n[32:9.7.2-6.P3]\n- named could die on exit after negotiating a GSS-TSIG key (#653486)\n- fix typo in initscript\n[32:9.7.2-5.P3]\n- include root zone DNSKEY in the bind package (#667375)\n[32:9.7.2-4.P3]\n- solve conflict between i686 and x86_64 bind-devel packages (#658045)\n- fix 'service named status' when used with named-sdb\n- fix 'krb5-self' update-policy rule processing (#664401)\n- don't check MD5, size and mtime of sysconfig/named\n[32:9.7.2-3.P3]\n- use same atomic operations on both ppc and ppc64 (#623638)\n- add new option DISABLE_ZONE_CHECKING to sysconfig/named (#623673)\n- document dig exit codes\n- add Requires: bind-libs to bind subpkgs\n- remove statement about system-config-bind from named.8 manpage (#660676)\n[32:9.7.2-2.P3]\n- host utility now honors 'attempts', 'timeout' and 'debug' options in\n resolv.conf (#622764)\n- initscript should kill only the 'correct' named process (#622785)\n- attempt to reconnect to PostgreSQL during each query if the initial\n connection failed (#623190)\n[32:9.7.2-1.P3]\n- update to 9.7.2-P3 (#623122)\n- patch bind97-managed-keyfile.patch replaced by bind97-compat-keysdir.patch\n- patches merged\n - bind97-rh554316.patch\n - bind97-rh576906.patch\n[32:9.7.0-5.P2]\n- update to 9.7.0-P2\n[32:9.7.0-4.P1]\n- fix occassional crash on keytable.c:286 (#554316)\n- active query might be destroyed in resume_dslookup() which triggered REQUIRE\n failure (#507429)\n[32:9.7.0-3.P1]\n- update to 9.7.0-P1 release\n[32:9.7.0-2]\n- improve automatic DNSSEC reconfiguration trigger\n- initscript now returns 2 in case that action doesn't exist (#523435)\n- enable/disable chroot when bind-chroot is installed/uninstalled\n[32:9.7.0-1]\n- update to production 9.7.0 release\n[32:9.7.0-0.14.rc2]\n- obsolete dnssec-conf\n- automatically update configuration from old dnssec-conf based\n- improve default configuration; enable DLV by default\n- remove obsolete triggerpostun from bind-libs subpackage\n[32:9.7.0-0.13.rc2]\n- update to 9.7.0rc2 bugfix release (CVE-2010-0097 and CVE-2010-0290)\n[32:9.7.0-0.12.rc1]\n- initscript LSB related fixes (#523435)\n- revert the 'DEBUG' feature (#510283), it causes too many problems (#545128)\n[32:9.7.0-0.11.rc1]\n- disable PKCS11 support. PKCS11 support in openssl is not available in RHEL6\n[32:9.7.0-0.10.rc1]\n- update to 9.7.0rc1\n- bind97-headers.patch merged\n- update default configuration\n[32:9.7.0-0.9.b3]\n- update to 9.7.0b3\n[32:9.7.0-0.8.b2]\n- install isc/namespace.h header\n[32:9.7.0-0.7.b2]\n- update to 9.7.0b2\n[32:9.7.0-0.6.b1]\n- update to 9.7.0b1\n- add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC\n keys\n[32:9.7.0-0.5.a3]\n- don't package named-bootconf utility, it is very outdated and unneeded\n[32:9.7.0-0.4.a3]\n- determine file size via instead of 32_details\n32_list\n32_list_to_copy\n32_list_to_copy_details\n32_list_to_copy_details.out\n32_list_to_copy_details.out_1\n32_list_to_remove_and_ln\n64_details\n64_list\n64_list_to_copy\n64_list_to_copy_details\n64_list_to_copy_details.out\n64_list_to_copy_details.out_1\n64_list_to_remove_and_ln\n6.6\n67_32_list\n67_32_list_1\n67_64_list\n67_64_list_1\n67_src_list\n67_src_list_1\nbak\nbaselist\nbaselist.out\nctllist.ELBA-2020-5554-6\nctllist.ELSA-2022-9117-6\nctllist.RHBA-2020-3543-6\nctllist.RHSA-2019-3756-6\ni386_rpms\nk\nnext.ctllist.ELSA-2015-3055-6\npending\nsav.ctllist.RHBA-2017-3213-6a\nsrc_32_list_to_copy_details\nsrc_32_list_to_copy_details.out\nsrc_32_list_to_copy_details.out_1\nsrc_64_list_to_copy_details\nsrc_64_list_to_copy_details.out\nsrc_64_list_to_copy_details.out_1\nsrc_details\nsrc_list\nsrc_list_to_copy\nsrc_list_to_copy_32\nsrc_list_to_copy_64\nsrc_list_to_remove_and_ln\nsrc_list_to_remove_and_ln_64\nsrc_rpms\nx86_64_rpms (#523682)\n[32:9.7.0-0.3.a3]\n- update to 9.7.0a3\n[32:9.7.0-0.2.a2]\n- improve chroot related documentation (#507795)\n- add NetworkManager dispatcher script to reload named when network interface is\n activated/deactivated (#490275)\n- don't set/unset named_write_master_zones SELinux boolean every time in\n initscript, modify it only when it's actually needed\n[32:9.7.0-0.1.a2]\n- update to 9.7.0a2\n- merged patches\n - bind-96-db_unregister.patch\n - bind96-rh507469.patch\n[32:9.6.1-9.P1]\n- next attempt to fix the postun trigger (#520385)\n- remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch\n[32:9.6.1-8.P1]\n- rebuilt with new openssl\n[32:9.6.1-7.P1]\n- update the patch for dynamic loading of database backends\n[32:9.6.1-6.P1]\n- 9.6.1-P1 release (CVE-2009-0696)\n- fix postun trigger (#513016, hopefully)\n[32:9.6.1-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[32:9.6.1-4]\n- remove useless bind-9.3.3rc2-rndckey.patch\n[32:9.6.1-3]\n- fix broken symlinks in bind-libs (#509635)\n- fix typos in /etc/sysconfig/named (#509650)\n- add DEBUG option to /etc/sysconfig/named (#510283)\n[32:9.6.1-2]\n- improved 'chroot automount' patches (#504596)\n- host should fail if specified server doesn't respond (#507469)\n[32:9.6.1-1]\n- 9.6.1 release\n- simplify chroot maintenance. Important files and directories are mounted into\n chroot (see /etc/sysconfig/named for more info, #504596)\n- fix doc/named.conf.default perms\n[32:9.6.1-0.4.rc1]\n- 9.6.1rc1 release\n[32:9.6.1-0.3.b1]\n- update the patch for dynamic loading of database backends\n- create %{_libdir}/bind directory\n- copy default named.conf to doc directory, shared with s-c-bind (atkac)\n[32:9.6.1-0.2.b1]\n- update the patch for dynamic loading of database backends\n- fix dns_db_unregister()\n- useradd now takes '-N' instead of '-n' (atkac, #495726)\n- print nicer error msg when zone file is actually a directory (atkac, #490837)\n[32:9.6.1-0.1.b1]\n- 9.6.1b1 release\n- patches merged\n - bind-96-isc_header.patch\n - bind-95-rh469440.patch\n - bind-96-realloc.patch\n - bind9-fedora-0001.diff\n- use -version-number instead of -version-info libtool param\n[32:9.6.0-11.1.P1]\n- logrotate configuration file now points to /var/named/data/named.run by\n default (#489986)\n[32:9.6.0-11.P1]\n- fall back to insecure mode when no supported DNSSEC algorithm is found\n instead of SERVFAIL\n- don't fall back to non-EDNS0 queries when DO bit is set\n[32:9.6.0-10.P1]\n- enable DNSSEC only if it is enabled in sysconfig/dnssec\n[32:9.6.0-9.P1]\n- add DNSSEC support to initscript, enabled it per default\n- add requires dnssec-conf\n[32:9.6.0-8.P1]\n- fire away libbind, it is now separate package\n[32:9.6.0-7.P1]\n- fixed some read buffer overflows (upstream)\n[32:9.6.0-6.P1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[32:9.6.0-5.P1]\n- update the patch for dynamic loading of database backends\n- include iterated_hash.h\n[32:9.6.0-4.P1]\n- rebuild for dependencies\n[32:9.6.0-3.P1]\n- rebuild against new openssl\n[32:9.6.0-2.P1]\n- 9.6.0-P1 release (CVE-2009-0025)\n[32:9.6.0-1]\n- Happy new year\n- 9.6.0 release\n[32:9.6.0-0.7.rc2]\n- 9.6.0rc2 release\n- bind-96-rh475120.patch merged\n[32:9.6.0-0.6.rc1]\n- add patch for dynamic loading of database backends\n[32:9.6.0-0.5.1.rc1]\n- allow to reuse address for non-random query-source ports (#475120)\n[32:9.6.0-0.5.rc1]\n- 9.6.0rc1 release\n- patches merged\n - bind-9.2.0rc3-varrun.patch\n - bind-95-sdlz-include.patch\n - bind-96-libxml2.patch\n- fixed rare use-after-free problem in host utility (#452060)\n- enabled chase of DNSSEC signature chains in dig\n[32:9.6.0-0.4.1.b1]\n- improved sample config file (#473586)\n[32:9.6.0-0.4.b1]\n- reverted previous change, koji doesn't like it\n[32:9.6.0-0.3.b1]\n- build bind-chroot as noarch\n[32:9.6.0-0.2.1.b1]\n- updates due libtool 2.2.6\n- don't pass -DLDAP_DEPRECATED to cpp, handle it directly in sources\n[32:9.6.0-0.2.b1]\n- make statistics http server working, patch backported from 9.6 HEAD\n[32:9.6.0-0.1.b1]\n- 9.6.0b1 release\n- don't build ODBC and Berkeley DB DLZ drivers\n- end of bind-chroot-admin script, copy config files to chroot manually\n- /proc doesn't have to be mounted to chroot\n- temporary use libbind from 9.5 series, noone has been released for 9.6 yet\n[32:9.5.1-0.8.4.b2]\n- dig/host: use only IPv4 addresses when -4 option is specified (#469440)\n[32:9.5.1-0.8.2.b2]\n- removed unneeded bind-9.4.1-ldap-api.patch\n[32:9.5.1-0.8.1.b2]\n- ship dns/{s,}dlz.h and isc/radix.h in bind-devel\n[32:9.5.1-0.8.b2]\n- removed bind-9.4.0-dnssec-directory.patch, it is wrong\n[32:9.5.1-0.7.b2]\n- 9.5.1b2 release\n- patches merged\n - bind95-rh454783.patch\n - bind-9.5-edns.patch\n - bind95-rh450995.patch\n - bind95-rh457175.patch\n[32:9.5.1-0.6.b1]\n- IDN output strings didn't honour locale settings (#461409)\n[32:9.5.1-0.5.b1]\n- disable transfer stats on DLZ zones (#454783)\n[32:9.5.1-0.4.b1]\n- add forgotten patch for #457175\n- build with -O2\n[32:9.5.1-0.3.b1]\n- static libraries are no longer supported\n- IP acls weren't merged correctly (#457175)\n- use fPIE on sparcv9/sparc64 (Dennis Gilmore)\n- add sparc64 to list of 64bit arches in spec (Dennis Gilmore)\n[32:9.5.1-0.2.b1]\n- updated patches due new rpm (--fuzz=0 patch parameter)\n[32:9.5.1-0.1.1.b1]\n- use %patch0 for Patch0 (#455061)\n- correct source address (#455118)\n[32:9.5.1-0.1.b1]\n- 9.5.1b1 release (CVE-2008-1447)\n- dropped bind-9.5-recv-race.patch because upstream doesn't want it\n[32:9.5.0-37.1]\n- update default named.conf statements (#452708)\n[32:9.5.0-37]\n- some compat changes to fix building on RHEL4\n[32:9.5.0-36.3]\n- fixed typo in %posttrans script\n[32:9.5.0-36.2]\n- parse inner acls correctly (#450995)\n[32:9.5.0-36.1]\n- removed dns-keygen utility in favour of rndc-confgen -a (#449287)\n- some minor sample fixes (#449274)\n[32:9.5.0-36]\n- updated to 9.5.0 final\n- use getifaddrs to find available interfaces\n[32:9.5.0-35.rc1]\n- make /var/run/named writable by named (#448277)\n- fixed one non-utf8 file\n[32:9.5.0-34.rc1]\n- fixes needed to pass package review (#225614)\n[32:9.5.0-33.1.rc1]\n- bind-chroot now depends on bind (#446477)\n[32:9.5.0-33.rc1]\n- updated to 9.5.0rc1\n- merged patches\n - bind-9.5-libcap.patch\n- make binaries readable by others (#427826)\n[32:9.5.0-32.b3]\n- reverted 'any' patch, upstream says not needed\n- log EDNS failure only when we really switch to plain EDNS (#275091)\n- detect configuration file better\n[32:9.5.0-31.1.b3]\n- addresses 0.0.0.0 and ::0 really match any (#275091, comment #28)\n[32:9.5.0-31.b3]\n- readded bind-9.5-libcap.patch\n- added bind-9.5-recv-race.patch from F8 branch (#400461)\n[32:9.5.0-30.1.b3]\n- build Berkeley DB DLZ backend\n[32:9.5.0-30.b3]\n- 9.5.0b3 release\n- dropped patches (upstream)\n - bind-9.5-transfer-segv.patch\n - bind-9.5-mudflap.patch\n - bind-9.5.0-generate-xml.patch\n - bind-9.5-libcap.patch\n[32:9.5.0-29.3.b2]\n- fixed named.conf.sample file (#437569)\n[32:9.5.0-29.2.b2]\n- fixed URLs\n[32:9.5.0-29.1.b2]\n- BuildRequires cleanup\n[32:9.5.0-29.b2]\n- rebuild without mudflap (#434159)\n[32:9.5.0-28.b2]\n- port named to use libcap library, enable threads (#433102)\n- removed some unneeded Requires\n[32:9.5.0-27.b2]\n- removed conditional build with libefence (use -fmudflapth instead)\n- fixed building of DLZ stuff (#432497)\n- do not build Berkeley DB DLZ backend\n- temporary build with --disable-linux-caps and without threads (#433102)\n- update named.ca file to affect IPv6 changes in root zone\n[32:9.5.0-26.b2]\n- build with -D_GNU_SOURCE (#431734)\n- improved fix for #253537, posttrans script is now used\n- improved fix for #400461\n- 9.5.0b2\n - bind-9.3.2b1-PIE.patch replaced by bind-9.5-PIE.patch\n - only named, named-sdb and lwresd are PIE\n - bind-9.5-sdb.patch has been updated\n - bind-9.5-libidn.patch has been updated\n - bind-9.4.0-sdb-sqlite-bld.patch replaced by bind-9.5-sdb-sqlite-bld.patch\n - removed bind-9.5-gssapi-header.patch (upstream)\n - removed bind-9.5-CVE-2008-0122.patch (upstream)\n- removed bind-9.2.2-nsl.patch\n- improved sdb_tools Makefile.in\n[32:9.5.0-25.b1]\n- fixed segfault during sending notifies (#400461)\n- rebuild with gcc 4.3 series\n[32:9.5.0-24.b1]\n- removed bind-9.3.2-prctl_set_dumpable.patch (upstream)\n- allow parallel building of libdns library\n- CVE-2008-0122\n[32:9.5.0-23.b1]\n- fixed initscript wait loop (#426382)\n- removed dependency on policycoreutils and libselinux (#426515)\n[32:9.5.0-22.b1]\n- fixed regression caused by libidn2 patch (#426348)\n[32:9.5.0-21.b1]\n- fixed typo in post section (CVE-2007-6283)\n[32:9.5.0-20.b1]\n- removed obsoleted triggers\n- CVE-2007-6283\n[32:9.5.0-19.2.b1]\n- added dst/gssapi.h to -devel subpackage (#419091)\n- improved fix for (#417431)\n[32:9.5.0-19.1.b1]\n- fixed shutdown with initscript when rndc doesn't work (#417431)\n- fixed IDN patch (#412241)\n[32:9.5.0-19.b1]\n- 9.5.0b1 (#405281, #392491)\n[32:9.5.0-18.6.a7]\n- Rebuild for deps\n[32:9.5.0-18.5.a7]\n- build with -O0\n[32:9.5.0-18.4.a7]\n- bind-9.5-random_ports.patch was removed because upstream doesn't\n like it. query-source{,v6} options are sufficient (#391931)\n- bind-chroot-admin called restorecon on /proc filesystem (#405281)\n[32:9.5.0-18.3.a7]\n- removed edns patch to keep compatibility with vanilla bind\n (#275091, comment #20)\n[32:9.5.0-18.2.a7]\n- use system port selector instead ISC's (#391931)\n[32:9.5.0-18.a7]\n- removed statement from initscript which passes -D to named\n[32:9.5.0-17.a7]\n- 9.5.0a7\n- dropped patches (upstream)\n - bind-9.5-update.patch\n - bind-9.5-pool_badfree.patch\n - bind-9.5-_res_errno.patch\n[32:9.5.0-16.5.a6]\n- added bind-sdb again, contains SDB modules and DLZ modules\n- bind-9.3.1rc1-sdb.patch replaced by bind-9.5-sdb.patch\n[32:9.5.0-16.4.a6]\n- removed Requires: openldap, postgresql, mysql, db4, unixODBC\n- new L.ROOT-SERVERS.NET address\n[32:9.5.0-16.3.a6]\n- completely disable DBUS\n[32:9.5.0-16.2.a6]\n- minor cleanup in bind-chroot-admin\n[32:9.5.0-16.1.a6]\n- fixed typo in initscript\n[32:9.5.0-16.a6]\n- disabled DBUS (dhcdbd doesn't exist & #339191)\n[32:9.5.0-15.1.a6]\n- fixed missing va_end () functions (#336601)\n- fixed memory leak when dbus initialization fails\n[32:9.5.0-15.a6]\n- corrected named.5 SDB statement (#326051)\n[32:9.5.0-14.a6]\n- added edns patch again (#275091)\n[32:9.5.0-13.a6]\n- removed bind-9.3.3-edns.patch patch (see #275091 for reasons)\n[32:9.5.0-12.4.a6]\n- build with O2\n- removed 'autotools' patch\n- bugfixing in bind-chroot-admin (#279901)\n[32:9.5.0-12.a6]\n- bind-9.5-2119_revert.patch and bind-9.5-fix_h_errno.patch are\n obsoleted by upstream bind-9.5-_res_errno.patch\n[32:9.5.0-11.9.a6]\n- fixed wrong resolver's dispatch pool cleanup (#275011, patch from\n tmraz redhat com)\n[32:9.5.0-11.3.a6]\n- initscript failure message is now printed correctly (#277981,\n Quentin Armitage (quentin armitage org uk) )\n[32:9.5.0-11.2.a6]\n- temporary revert ISC 2119 change and add 'libbind-errno' patch\n (#254501) again\n[32:9.5.0-11.1.a6]\n- removed end dots from Summary sections (skasal@redhat.com)\n- fixed wrong file creation by autotools patch (skasal@redhat.com)\n[32:9.5.0-11.a6]\n- start using --disable-isc-spnego configure option\n - remove bind-9.5-spnego-memory_management.patch (source isn't\n compiled)\n[32:9.5.0-10.2.a6]\n- added new initscript option KEYTAB_FILE which specified where\n is located kerberos .keytab file for named service\n- obsolete temporary bind-9.5-spnego-memory_management.patch by\n bind-9.5-gssapictx-free.patch which conforms BIND coding standards\n (#251853)\n[32:9.5.0-10.a6]\n- dropped direct dependency to /etc/openldap/schema directory\n- changed hardcoded paths to macros\n- fired away code which configure LDAP server\n[32:9.5.0-9.1.a6]\n- named could crash with SRV record UPDATE (#251336)\n[32:9.5.0-9.a6]\n- disable 64bit dlz driver patch on alpha and ia64 (#251298)\n- remove wrong malloc functions from lib/dns/spnego.c (#251853)\n[32:9.5.0-8.2.a6]\n- changed licence from BSD-like to ISC\n[32:9.5.0-8.1.a6]\n- disabled named on all runlevels by default\n[32:9.5.0-8.a6]\n- minor next improvements on autotools patch\n- dig and host utilities now using libidn instead idnkit for\n IDN support\n[32:9.5.0-7.a6]\n- binutils/gcc bug rebuild (#249435)\n[32:9.5.0-6.a6]\n- updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and\n CVE-2007-2926\n- fixed building on 64bits\n[31:9.5.0a5-5]\n- integrated 'autotools' patch for testing purposes (upstream will\n accept it in future, for easier building)\n[31:9.5.0a5-4.1]\n- fixed DLZ drivers building on 64bit systems\n[31:9.5.0a5-4]\n- fixed relation between logrotated and chroot-ed named\n[31:9.5.0a5-3.9]\n- removed bind-sdb package (default named has compiled SDB backend now)\n- integrated DLZ (Dynamically loadable zones) drivers\n- integrated GSS-TSIG support (RFC 3645)\n- build with -O0 (many new features, potential core dumps will be more useful)\n[31:9.5.0a5-3.2]\n- initscript should be ready for parallel booting (#246878)\n[31:9.5.0a5-3]\n- handle integer overflow in isc_time_secondsastimet function gracefully (#247856)\n[31:9.5.0a5-2.2]\n- moved chroot configfiles into chroot subpackage (#248306)\n[31:9.5.0a5-2]\n- minor changes in default configuration\n- fix h_errno assigment during resolver initialization (unbounded recursion, #245857)\n- removed wrong patch to #150288\n[31:9.5.0a5-1]\n- updated to latest upstream\n[31:9.4.1-7]\n- marked caching-nameserver as obsolete (#244604)\n- fixed typo in initscript (causes that named doesn't detect NetworkManager\n correctly)\n- next cleanup in configuration - moved configfiles into config.tar\n- removed delay between start & stop in restart function in named.init\n[31:9.4.1-6]\n- major changes in initscript. Could be LSB compatible now\n- removed caching-nameserver subpackage. Move configs from this\n package to main bind package as default configuration and major\n configuration cleanup\n[31:9.4.1-5]\n- very minor compatibility change in bind-chroot-admin (line 215)\n- enabled IDN support by default and don't distribute IDN libraries\n- specfile cleanup\n- add dynamic directory to /var/named. This directory will be primarily used for\n dynamic DNS zones. ENABLE_ZONE_WRITE and SELinux's named_write_master_zones no longer exist\n[31:9.4.1-4]\n- removed ldap-api patch and start using deprecated API\n- fixed minor problem in bind-chroot-admin script (#241103)\n[31:9.4.1-3]\n- fixed bind-chroot-admin dynamic DNS handling (#239149)\n- updated zone-freeze patch to latest upstream\n- ldap sdb has been rewriten to latest api (#239802)\n[31:9.4.1-2.fc7]\n- test build on new build system\n[31:9.4.1-1.fc7]\n- updated to 9.4.1 which contains fix to CVE-2007-2241\n[31:9.4.0-8.fc7]\n- improved 'zone freeze patch' - if multiple zone with same name exists\n no zone is freezed\n- minor cleanup in caching-nameserver's config file\n- fixed race-condition in dbus code (#235809)\n- added forgotten restorecon statement in bind-chroot-admin\n[31:9.4.0-7.fc7]\n- removed DEBUGINFO option because with this option (default) was bind\n builded with -O0 and without this flag no debuginfo package was produced.\n (I want faster bind => -O2 + debuginfo)\n- fixed zone finding (#236426)\n[31:9.4.0-6.fc7]\n- added idn support (still under development with upstream, disabled by default)\n[31:9.4.0-5.fc7]\n- dnssec-signzone utility now doesn't ignore -d parameter\n[31:9.4.0-4.fc7]\n- removed query-source[-v6] options from caching-nameserver config\n (#209954, increase security)\n- throw away idn. It won't be ready in fc7\n[31:9.4.0-3.fc7]\n- prepared bind to merge review\n- added experimental idn support to bind-utils utils (not enabled by default yet)\n- change chroot policy in caching-nameserver post section\n- fixed bug in bind-chroot-admin - rootdir function is called properly now\n[31:9.4.0-2.fc7]\n- added experimental SQLite support (written by John Boyd \n)\n- moved bind-chroot-admin script to chroot package\n- bind-9.3.2-redhat_doc.patch is always applied (#231738)\n[31:9.4.0-1.fc7]\n- updated to 9.4.0\n- bind-chroot-admin now sets EAs correctly (#213926)\n- throw away next_server_on_referral and no_servfail_stops patches (fixed in 9.4.0)\n[31:9.3.4-7.fc7]\n- minor cleanup in bind-chroot-admin script\n[31:9.3.4-6.fc7]\n- fixed broken bind-chroot-admin script (#227995)\n[31:9.3.4-5.fc7]\n- bind-chroot-admin now uses correct chroot path (#227600)\n[31:9.3.4-4.fc7]\n- fixed conflict between bind-sdb and ldap\n- removed duplicated bind directory in bind-libs\n[31:9.3.4-3.fc7]\n- fixed building without libbind\n- fixed post section (selinux commands is now in if-endif statement)\n- prever macro has been removed from version\n[31:9.3.4-2.fc7]\n- redirected output from bind-chroot prep and %preun stages to /dev/null\n[31:9.3.4-1.fc7]\n- updated to version 9.3.4 which contains security bugfixes\n[31:9.3.3-5.fc7]\n- package bind-libbind-devel has been marked as obsolete\n[31:9.3.3-4.fc7]\n- package bind-libbind-devel has beed removed (libs has been moved to bind-devel & bind-libs)\n- Resolves: #214208\n[31:9.3.3-3]\n- fixed a multi-lib issue\n- Resolves: rhbz#222717\n[31:9.3.3-2]\n- added namedGetForwarders written in shell (#176100),\n created by Baris Cicek \n.\n[31:9.3.3-1]\n- update to 9.3.3 final\n- fix for #219069: file included twice in src.rpm\n[31:9.3.3-0.1.rc3]\n- added back an interval to restart\n- renamed package, it should meet the N-V-R criteria\n- fix for #216185: bind-chroot-admin able to change root mode 750\n- added fix from #215997: incorrect permissions on dnszone.schema\n- added a notice to init script when /etc/named.conf doesn't exist (#216075)\n[30:9.3.3-6]\n- fix for #200465: named-checkzone and co. cannot be run as non-root user\n- fix for #212348: chroot'd named causes df permission denied error\n- fix for #211249, #211083 - problems with stopping named\n- fix for #212549: init script does not unmount /proc filesystem\n- fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1,\n added edns-enable options to named configuration file which can suppress\n EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options)\n- fix for #212961: bind-chroot doesn't clean up its mess on %preun\n- update to 9.3.3rc3, removed already merged patches\n[30:9.3.3-5]\n- fix for #209359: bind-libs from compatlayer CD will not\n install on ia64\n[30:9.3.3-4]\n- added fix for #210096: warning: group named does not exist - using root\n[30:9.3.3-3]\n- added fix from #209400 - Bind Init Script does not create\n the PID file always, created by Jeff Means\n- added timeout to stop section of init script.\n The default is 100 sec. and can be adjusted by NAMED_SHUTDOWN_TIMEOUT\n shell variable.\n[30:9.3.3-2]\n- removed chcon from %post script, replaced by restorecon\n (Bug 202547, comment no. 37)\n[30:9.3.3-1]\n- updated to the latest upstream (9.3.3rc2)\n[30:9.3.2-41]\n- added upstream patch for correct SIG handling - CVE-2006-4095\n[30:9.3.2-40]\n- suppressed messages from bind-chroot-admin\n- cleared notes about bind-config\n[30:9.3.2-39]\n- added fix for #203522 - 'bind-chroot-admin -e' command fails\n[30:9.3.2-38]\n- fix for #203194 - tmpfile usage\n[30:9.3.2-37]\n- fix for #202542 - /usr/sbin/bind-chroot-admin: No such file or directory\n- fix for #202547 - file_contexts: invalid context\n[30:9.3.2-36]\n- added Provides: bind-config\n[30:9.3.2-35]\n- fix bug 197493: renaming subpackage bind-config to caching-nameserver\n[30:9.3.2-34]\n- fix bug 199876: make '%exclude libbbind.*' conditional on %{LIBBIND}\n[30:9.3.2-33]\n- fix #195881, perms are not packaged correctly\n[30:9.3.2-32]\n- fix addenda to bug 189789:\n determination of selinux enabled was still not 100% correct in bind-chroot-admin\n- fix addenda to bug 196398:\n make named.init test for NetworkManager being enabled AFTER testing for -D absence;\n named.init now supports a 'DISABLE_NAMED_DBUS' /etc/sysconfig/named setting to disable\n auto-enable of named dbus support if NetworkManager enabled.\n[30:9.3.2-30]\n- fix bug 196398 - Enable -D option automatically in initscript\n if NetworkManager enabled in any runlevel.\n- fix namedGetForwarders for new dbus\n- fix bug 195881 - libbind.so should be owned by bind-libbind-devel\n[30:9.3.2-28.FC6]\n- Rebuild against new dbus\n[30:9.3.2-27.FC6]\n- rebuild with fixed glibc-kernheaders\n[30:9.3.2-26.FC6.1]\n- rebuild\n[30:9.3.2-26.FC6]\n- fix bugs 191093, 189789\n- backport selected fixes from upstream bind9 'v9_3_3b1' CVS version:\n ( see http://www.isc.org/sw/bind9.3.php 'Fixes' ):\n o change 2024 / bug 16027:\n named emitted spurious 'zone serial unchanged' messages on reload\n o change 2013 / bug 15941:\n handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully\n o change 2009 / bug 15808: coverity fixes\n o change 1997 / bug 15818:\n named was failing to replace negative cache entries when a positive one\n for the type was learnt\n o change 1994 / bug 15694: OpenSSL 0.9.8 support\n o change 1991 / bug 15813:\n The configuration data, once read, should be treated as readonly.\n o misc. validator fixes\n o misc. resolver fixes\n o misc. dns fixes\n o misc. isc fixes\n o misc. libbind fixes\n o misc. isccfg fix\n o misc. lwres fix\n o misc. named fixes\n o misc. dig fixes\n o misc. nsupdate fix\n o misc. tests fixes\n[30:9.3.2-24.FC6]\n- and actually put the devel symlinks in the right subpackage\n[30:9.3.2-23.FC6]\n- rebuild for -devel deps\n[30:9.3.2-22]\n- apply upstream patch for ncache_adderesult segfault bug 173961 addenda\n- fix bug 188382: rpm --verify permissions inconsistencies\n- fix bug 189186: use /sbin/service instead of initscript\n- rebuild for new gcc, glibc-kernheaders\n[30:9.3.2-20]\n- fix resolver.c ncache_adderesult segfault reported in addenda to bug 173961\n (upstream bugs #15642, #15528 ?)\n- allow named ability to generate core dumps after setuid (upstream bug #15753)\n[30:9.3.2-18]\n- fix bug 187529: make bind-chroot-admin deal with subdirectories properly\n[30:9.3.2-16]\n- fix bug 187286:\n prevent host(1) printing duplicate 'is an alias for' messages\n for the default AAAA and MX lookups as well as for the A lookup\n (it now uses the CNAME returned for the A lookup for the AAAA and MX lookups).\n This is upstream bug #15702 fixed in the unreleased bind-9.3.3\n- fix bug 187333: fix SOURCE24 and SOURCE25 transposition\n[30:9.3.2-14]\n- fix bug 186577: remove -L/usr/lib from libbind.pc and more .spec file cleanup\n- add '%doc' sample configuration files in /usr/share/doc/bind*/sample\n- rebuild with new gcc and glibc\n[30:9.3.2-12]\n- fix typo in initscript\n- fix Requires(post): policycoreutils in sub-packages\n[30.9.3.2-10]\n- fix bug 185969: more .spec file cleanup\n[30.9.3.2-8]\n- Do not allow package to be installed if named:25 userid creation fails\n- Give libbind a pkg-config file\n- remove restorecon from bind-chroot-admin (not required).\n- fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };)\n[30:9.3.2-7]\n- fix issues with bind-chroot-admin\n[30:9.3.2-6]\n- replace caching-nameserver with bind-config sub-package\n- fix bug 177595: handle case where is a link in initscript\n- fix bug 177001: bind-config creates symlinks OK now\n- fix bug 176388: named.conf is now never replaced by any RPM\n- fix bug 176248: remove unecessary creation of rpmsave links\n- fix bug 174925: no replacement of named.conf\n- fix bug 173963: existing named.conf never modified\n- major .spec file cleanup\n[30:9.3.2-4.1]\n- bump again for double-long bug on ppc(64)\n[30:9.3.2-4]\n- regenerate redhat_doc patch for non-DBUS builds\n- allow dbus builds to work with dbus version < 0.6 (bz #179816)\n[30:9.3.2-3]\n- try supporting without dbus support\n[30:9.3.2-2.1]\n- Rebuild for new gcc, glibc, glibc-kernheaders\n[30:9.3.2-2]\n- fix bug 177854: temporary fix for broken kernel-2.6.15-1854+\n /proc/net/if_inet6 format\n[30:9.3.2-1]\n- Upgrade to 9.3.2, released today\n[28:9.3.2rc1-2]\n- fix bug 176100: do not Require: perl just for namedGetForwarders !\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[28:9.3.2rc-1]\n- Upgrade to upstream version 9.3.2rc1\n- fix namedSetForwarders -> namedGetForwarders SOURCE14 typo\n[24:9.3.1-26]\n- rebuild for new dbus 0.6 dependency; remove use of\n DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT\n[24:9.3.1-24]\n- allow D-BUS support to work in bind-chroot environment:\n workaround latest selinux policy by mounting /var/run/dbus/\n under chroot instead of /var/run/dbus/system-bus-socket\n[24:9.3.1-22]\n- fix bug 172632 - remove .la files\n- ship namedGetForwarders and namedSetForwarders scripts\n- fix detection of -D option in chroot\n[24:9.3.1-21]\n- rebuilt with new openssl\n[24.9.3.1-20]\n- Allow the -D enable D-BUS option to be used within bind-chroot .\n- fix bug 171226: supply some documentation for pgsql SDB .\n[24:9.3.1-18]\n- fix bug 169969: do NOT call dbus_svc_dispatch() in dbus_mgr_init_dbus() -\n task->state != task_ready and will cause Abort in task.c if process\n is waiting for NameOwnerChanged to do a SetForwarders\n[24:9.3.1-16]\n- Fix reconnecting to dbus-daemon after it stops & restarts .\n[24:9.3.1-14]\n- When forwarder nameservers are changed with D-BUS, flush the cache.\n[24:9.3.1-12]\n- fix bug 168302: use %{__cc} for compiling dns-keygen\n- fix bug 167682: bind-chroot directory permissions\n- fix issues with -D dbus option when dbus service not running or disabled\n[24:9.3.1-12]\n- fix bug 167062: named should be started after syslogd by default\n[24:9.3.1-11]\n- fix bug 166227: host: don't do default AAAA and MX lookups with '-t a' option\n[24:9.3.1-10]\n- Build with D-BUS patch by default; D-BUS support enabled with named -D option\n- Enable D-BUS for named_sdb also\n- fix sdb pgsql's zonetodb.c: must use isc_hash_create() before dns_db_create()\n- update fix for bug 160914 : test for RD=1 and ARCOUNT=0 also before trying next server\n- fix named.init script to handle named_sdb properly\n- fix named.init script checkconfig() to handle named '-c' option\n and make configtest, test, check configcheck synonyms\n[24:9.3.1-8]\n- fix named.init script bugs 163598, 163409, 151852(addendum)\n[24:9.3.1-7]\n- fix bug 160914: resolver utilities should try next server on empty referral\n (now that glibc bug 162625 is fixed)\n host and nslookup now by default try next server on SERVFAIL\n (host now has '-s' option to disable, and nslookup given\n '[no]fail' option similar to dig's [no]fail option).\n- rebuild and re-test with new glibc & gcc (all tests passed).\n[24:9.3.1-6]\n- fix bug 157950: dig / host / nslookup should reject invalid resolv.conf\n files and not use uninitialized garbage nameserver values\n (ISC bug 14841 raised).\n[24:9.3.1-4_FC4]\n- Fix SDB LDAP\n[24:9.3.1-4]\n- Fix bug 157601: give named.init a configtest function\n- Fix bug 156797: named.init should check SELinux booleans.local before booleans\n- Fix bug 154335: if no controls in named.conf, stop named with -TERM sig, not rndc\n- Fix bug 155848: add NOTES section to named.8 man-page with info on all Red Hat\n BIND quirks and SELinux DDNS / slave zone file configuration\n- D-BUS patches NOT applied until dhcdbd is in FC\n[24:9.3.1-4_dbus]\n- Enhancement to allow dynamic forwarder table management and\n- DHCP forwarder auto-configuration with D-BUS\n[24:9.3.1-2_FC4]\n- Rebuild for bind-sdb libpq.so.3 dependency\n- fix bug 150981: don't install libbind man-pages if no libbind\n- fix bug 151852: mount proc on /proc to allow sysconf(...)\n to work and correct number of CPUs to be determined\n[24:9.3.1-1_FC4]\n- Upgrade to ISC BIND 9.3.1 (final release) released today.\n[22.9.3.1rc1-5]\n- fix bug 150288: h_errno not being accessed / set correctly in libbind\n- add libbind man-pages from bind-8.4.6\n[22:9.3.1rc1-4]\n- Rebuild with gcc4 / glibc-2.3.4-14.\n[22:9.3.1rc1-3]\n- configure with --with-pic to get PIC libraries\n[22:9.3.1rc1-2]\n- fix bug 149183: don't use getifaddrs() .\n[22:9.3.1rc1-1]\n- Upgrade to 9.3.1rc1\n- Add Simplified Database Backend (SDB) sub-package ( bind-sdb )\n- add named_sdb - ldap + pgsql + dir database backend support with\n- 'ENABLE_SDB' named.sysconfig option\n- Add BIND resolver library & includes sub-package ( libbind-devel)\n- fix bug 147824 / 147073 / 145664: ENABLE_ZONE_WRITE in named.init\n- fix bug 146084 : shutup restorecon\n[22:9.3.0-2]\n- Fix bug 143438: named.init will now make correct ownership of /var/named\n- based on 'named_write_master_zones' SELinux boolean.\n- Fix bug 143744: dig & nsupdate IPv6 timeout (dup of 140528)\n[9.3.0-1]\n- Upgrade BIND to 9.3.0 in Rawhide / FC4 (bugs 134529, 133654...)\n[20:9.2.4-4]\n- Fix bugs 140528 and 141113:\n- 2 second timeouts when IPv6 not configured and root nameserver's\n- AAAA addresses are queried\n[20:9.2.4-2]\n- Fix bug 136243: bind-chroot %post must run restorecon -R /var/named/chroot\n- Fix bug 135175: named.init must return non-zero if named is not run\n- Fix bug 134060: bind-chroot %post must use mktemp, not /tmp/named\n- Fix bug 133423: bind-chroot %files entries should have been %dirs\n[20:9.2.4-1]\n- BIND 9.2.4 (final release) released - source code actually\n- identical to 9.2.4rc8, with only version number change.\n[10:9.2.4rc8-14]\n- Upgrade to upstream bind-9.2.4rc8 .\n- Progress: Finally! Hooray! ISC bind now distributes:\n- o named.conf(5) and nslookup(8) manpages\n- 'bind-manpages.bz2' source can now disappear\n- (could this have something to do with ISC bug I raised about this?)\n- o 'deprecation_msg' global has vanished\n- bind-9.2.3rc3-deprecation_msg_shut_up.diff.bz2 can disappear\n[10:9.2.4rc8-14]\n- Fix bug 106572/132385: copy /etc/localtime to chroot on start\n[10:9.2.4rc7-12_EL3]\n- Fix bug 132303: if ROOTDIR line was replaced after upgrade from\n- bind-chroot-9.2.2-21, restart named\n[10:9.2.4rc7-11_EL3]\n- Fix bug 131803: replace ROOTDIR line removed by broken\n- bind-chroot 9.2.2-21's '%postun'; added %triggerpostun for bind-chroot\n[10:9.2.4rc7-10_EL3]\n- Fix bugs 130121 & 130981 for RHEL-3\n[10:9.2.4rc7-10]\n- Fix bug 130121: add '%ghost' entries for files included in previous\n- bind-chroot & not in current - ie. named.conf, rndc.key, dev/* -\n- that RPM removed after upgrade .\n* Thu Aug 26 2004 Jason Vas Dias \n- Fix bug 130981: add '-t' option to named-checkconf invocation in\n- named.init if chroot installed.\n* Wed Aug 25 2004 Jason Vas Dias \n- Remove resolver(5) manpage now in man-pages (bug 130792);\n- Don't create /dev/ entries in bind-chroot if already there (bug 127556);\n- fix bind-devel Requires (bug 130919)\n- Set default location for dumpdb & stats files to /var/named/data\n* Tue Aug 24 2004 Jason Vas Dias \n- Fix devel Requires for bug 130738 & fix version\n* Tue Aug 24 2004 Jason Vas Dias \n- Fix errors on clean install if named group does not exist\n- (bug 130777)\n* Thu Aug 19 2004 Jason Vas Dias \n- Upgrade to bind-9.2.4rc7; applied initscript fix\n- for bug 102035.\n* Mon Aug 09 2004 Jason Vas Dias \n- Fixed bug 129289: bind-chroot install / deinstall\n- on install, existing config files 'safe_replace'd\n- with links to chroot copies; on uninstall, moved back.\n* Fri Aug 06 2004 Jason Vas Dias \n- Fixed bug 129258: '/var/tmp' typo in spec\n* Wed Jul 28 2004 Jason Vas Dias \n- Fixed bug 127124 : 'Requires: kernel >= 2.4'\n- causes problems with Linux VServers\n* Tue Jul 27 2004 Jason Vas Dias \n- Fixed bug 127555 : chroot tar missing var/named/slaves\n* Fri Jul 16 2004 Jason Vas Dias \n- Upgraded to ISC version 9.2.4rc6\n* Fri Jul 16 2004 Jason Vas Dias \n- Fixed named.init generation of error messages on\n- 'service named stop' and 'service named reload'\n- as per bug 127775\n[9.2.3-19]\n- Bump for rhel 3.0 U3\n[9.2.3-18]\n- remove disable-linux-caps\n[9.2.3-17]\n- Update RHEL3 to latest bind\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[9.2.3-15]\n- Remove device files from chroot, Named uses the system one\n[9.2.3-14]\n- Move RFC to devel package\n[9.2.3-13]\n- Fix location of restorecon\n[9.2.3-12]\n- Tighten security on config files. Should be owned by root\n[9.2.3-11]\n- Update key patch to include conf-keygen\n[9.2.3-10]\n- fix chroot to only happen once.\n- fix init script to do kill insteall of killall\n[9.2.3-9]\n- Add fix for SELinux security context\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n* Sat Feb 28 2004 Florian La Roche \n- run ldconfig for libs subrpm\n* Mon Feb 23 2004 Tim Waugh \n- Use ':' instead of '.' as separator for chown.\n[9.2.3-7]\n- Add COPYRIGHT\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[9.2.3-5]\n- Add defattr to libs\n[9.2.3-4]\n- Break out library package\n[9.2.3-3]\n- Fix condrestart\n[9.2.3-2]\n- Move libisc and libdns to bind from bind-util\n[9.2.3-1]\n- Move to 9.2.3\n[9.2.2.P3-10]\n- Add PIE support\n[9.2.2.P3-9]\n- Add /var/named/slaves directory\n* Sun Oct 12 2003 Florian La Roche \n- do not link against libnsl, not needed for Linux\n[9.2.2.P3-6]\n- Fix local time in log file\n[9.2.2.P3-5]\n- Try again\n[9.2.2.P3-4]\n- Fix handling of chroot -/dev/random\n[9.2.2.P3-3]\n- Stop hammering stuff on update of chroot environment\n[9.2.2.P3-2]\n- Fix chroot directory to grab all subdirectories\n[9.2.2.P3-1]\n- New patch to support for 'delegation-only'\n[9.2.2-23]\n- patch support for 'delegation-only'\n[9.2.2-22]\n- Update to build on RHL\n[9.2.2-21]\n- Install libraries as exec so debug info will be pulled\n[9.2.2-20]\n- Remove BSDCOMPAT (BZ 99454)\n[9.2.2-19]\n- Update to build on RHL\n[9.2.2-18]\n- Change protections on /var/named and /var/chroot/named\n[9.2.2-17]\n- Update to build on RHL\n[9.2.2-16]\n- Update to build on RHEL\n* Wed Jun 04 2003 Elliot Lee \n- rebuilt\n[9.2.2-14]\n- Update to build on RHEL\n[9.2.2-13]\n- Fix config description of named.conf in chroot\n- Change named.init script to check for existence of /etc/sysconfig/network\n[9.2.2-12]\n- Update to build on RHEL\n[9.2.2-11]\n- Update to build on RHEL\n[9.2.2-10]\n- Fix echo OK on starting/stopping service\n[9.2.2-9]\n- Update to build on RHEL\n[9.2.2-8]\n- Fix echo on startup\n[9.2.2-7]\n- Fix problems with chroot environment\n- Eliminate posix threads\n[9.2.2-6]\n- Fix build problems\n[9.2.2-5]\n- Fix build on beehive\n[9.2.2-4]\n- build bind-chroot kit\n[9.2.2-3]\n- Change configure to use proper threads model\n[9.2.2-2]\n- update to 9.2.2\n[9.2.2-1]\n- update to 9.2.2\n[9.2.1-16]\n- Put a sleep in restart to make sure stop completes\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[9.2.1-14]\n- Separate /etc/rndc.key to separate file\n[9.2.1-13]\n- Use openssl's pkgconfig data, if available, at build-time.\n[9.2.1-12]\n- Fix log rotate to use service named reload\n- Change service named reload to give success/failure message [73770]\n- Fix File checking [75710]\n- Begin change to automatically run in CHROOT environment\n[9.2.1-10]\n- Fix startup script to work like all others.\n[9.2.1-9]\n- Fix configure to build on x86_64 platforms\n* Wed Aug 07 2002 Karsten Hopp \n- fix #70583, doesn't build on IA64\n[9.2.1-8]\n- bind-utils shouldn't require bind\n[9.2.1-7]\n- fix name of pidfine in logrotate script (#68842)\n- fix owner of logfile in logrotate script (#41391)\n- fix nslookup and named.conf man pages (output on stderr)\n (#63553, #63560, #63561, #54889, #57457)\n- add rfc1912 (#50005)\n- gzip all rfc's\n- fix typo in keygen.c (#54870)\n- added missing manpages (#64065)\n- shutdown named properly with rndc stop (#62492)\n- /sbin/nologin instead of /bin/false (#68607)\n- move nsupdate to bind-utils (where the manpage already was) (#66209, #66381)\n- don't kill initscript when rndc fails (reload) (#58750)\n[9.2.1-5]\n- Fix #65975\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Thu May 23 2002 Tim Powers \n- automated rebuild\n[9.2.1-2]\n- Move libisccc, lib isccfg and liblwres from bind-utils to bind,\n they're not required if you aren't running a nameserver.\n* Fri May 03 2002 Florian La Roche \n- update to 9.2.1 release\n[9.2.0-8]\n- Merge 30+ bug fixes from 9.2.1rc1 code\n[9.2.0-7]\n- Don't exit if /etc/named.conf doesn't exist if we're running\n chroot (#60868)\n- Revert Elliot's changes, we do require specific glibc/glibc-kernheaders\n versions or bug #58335 will be back. 'It compiles, therefore it works'\n isn't always true.\n[9.2.0-6]\n- Fix BuildRequires (we don't need specific glibc/glibc-kernheaders\nversions).\n- Use _smp_mflags\n[9.2.0-4]\n- rebuild, require recent autoconf, automake (#58335)\n* Fri Jan 25 2002 Tim Powers \n- rebuild against new libssl\n* Wed Jan 09 2002 Tim Powers \n- automated rebuild\n[9.2.0-1]\n- 9.2.0\n[9.2.0-0.rc10.2]\n- 9.2.0rc10\n[9.2.0-0.rc8.2]\n- Fix up rndc.conf (#55574)\n[9.2.0-0.rc8.1]\n- rc8\n- Enforce --enable-threads\n[9.2.0-0.rc7.1]\n- 9.2.0rc7\n- Use rndc status for 'service named status', it's supposed to actually\n work in 9.2.x.\n[9.2.0-0.rc5.1]\n- 9.2.0rc5\n- Fix rpm --rebuild with ancient libtool versions (#53938, #54257)\n[9.2.0-0.rc4.1]\n- 9.2.0rc4\n[9.2.0-0.rc3.1]\n- 9.2.0rc3\n- remove ttl patch, I don't think we need this for 8.0.\n- remove dig.1.bz2 from the bind8-manpages tar file, 9.2 has a new dig man page\n- add lwres* man pages to -devel\n[9.1.3-4]\n- Make sure /etc/rndc.conf isn't world-readable even after the\n %post script inserted a random key (#53009)\n[9.1.3-3]\n- Add build dependencies (#49368)\n- Make sure running service named start several times doesn't create\n useless processes (#47596)\n- Work around the named parent process returning 0 even if the config\n file is broken (it's parsed later by the child processes) (#45484)\n[9.1.3-2]\n- Don't use rndc status, it's not yet implemented (#48839)\n* Sun Jul 08 2001 Florian La Roche \n- update to 9.1.3 release\n[9.1.3-0.rc3.1]\n- Fix up rndc configuration and improve security (#46586)\n[9.1.3-0.rc2.2]\n- Sync with caching-nameserver-7.1-6\n[9.1.3-0.rc2.1]\n- Update to rc2\n[9.1.3-0.rc1.3]\n- Remove resolv.conf(5) man page, it's now in man-pages\n[9.1.3-0.rc1.2]\n- Add named.conf man page from bind 8.x (outdated, but better than nothing,\n - Rename the rndc key (#42895)\n- Add dnssec* man pages\n[9.1.3-0.rc1.1]\n- 9.1.3rc1\n- s/Copyright/License/\n[9.1.2-1]\n- 9.1.2 final. No changes between 9.1.2-0.rc1.1 and this one, except for\n the version number, though.\n[9.1.2-0.rc1.1]\n- 9.1.2rc1\n[9.1.1-1]\n- 9.1.1\n[9.1.0-10]\n- Merge fixes from 9.1.1rc5\n[9.1.0-9]\n- Work around bind 8 -> bind 9 migration problem when using buggy zone files:\n accept zones without a TTL, but spew out a big fat warning. (#31393)\n* Thu Mar 08 2001 Bernhard Rosenkraenzer \n- Add fixes from rc4\n* Fri Mar 02 2001 Nalin Dahyabhai \n- rebuild in new environment\n* Thu Mar 01 2001 Bernhard Rosenkraenzer \n- killall -HUP named if rndc reload fails (#30113)\n* Tue Feb 27 2001 Bernhard Rosenkraenzer \n- Merge some fixes from 9.1.1rc3\n* Tue Feb 20 2001 Bernhard Rosenkraenzer \n- Don't use the standard rndc key from the documentation, instead, create a random one\n at installation time (#26358)\n- Make /etc/rndc.conf readable by user named only, it contains secret keys\n* Tue Feb 20 2001 Bernhard Rosenkraenzer \n- 9.1.1 probably won't be out in time, revert to 9.1.0 and apply fixes\n from 9.1.1rc2\n- bind requires bind-utils (#28317)\n* Tue Feb 13 2001 Bernhard Rosenkraenzer \n- Update to rc2, fixes 2 more bugs\n- Fix build with glibc >= 2.2.1-7\n* Thu Feb 08 2001 Bernhard Rosenkraenzer \n- Update to 9.1.1rc1; fixes 17 bugs (14 of them affecting us;\n 1 was fixed in a Red Hat patch already, 2 others are portability\n improvements)\n* Wed Feb 07 2001 Bernhard Rosenkraenzer \n- Remove initscripts 5.54 requirement (#26489)\n* Mon Jan 29 2001 Bernhard Rosenkraenzer \n- Add named-checkconf, named-checkzone (#25170)\n* Mon Jan 29 2001 Trond Eivind Glomsrod \n- use echo, not gprintf\n* Wed Jan 24 2001 Bernhard Rosenkraenzer \n- Fix problems with \n Patch from Daniel Roesen \n Bug #24890\n* Thu Jan 18 2001 Bernhard Rosenkraenzer \n- 9.1.0 final\n* Sat Jan 13 2001 Bernhard Rosenkraenzer \n- 9.1.0rc1\n- i18nify init script\n- bzip2 source to save space\n* Thu Jan 11 2001 Bernhard Rosenkraenzer \n- Fix %postun script\n* Tue Jan 09 2001 Bernhard Rosenkraenzer \n- 9.1.0b3\n* Mon Jan 08 2001 Bernhard Rosenkraenzer \n- Add named.conf man page from bind8 (#23503)\n* Sun Jan 07 2001 Bernhard Rosenkraenzer \n- Make /etc/rndc.conf and /etc/sysconfig/named noreplace\n- Make devel require bind = %{version} rather than just bind\n* Sun Jan 07 2001 Bernhard Rosenkraenzer \n- Fix init script for real\n* Sat Jan 06 2001 Bernhard Rosenkraenzer \n- Fix init script when ROOTDIR is not set\n* Thu Jan 04 2001 Bernhard Rosenkraenzer \n- Add hooks for setting up named to run chroot (RFE #23246)\n- Fix up requirements\n* Fri Dec 29 2000 Bernhard Rosenkraenzer \n- 9.1.0b2\n* Wed Dec 20 2000 Bernhard Rosenkraenzer \n- Move run files to /var/run/named/ - /var/run isn't writable\n by the user we're running as. (Bug #20665)\n* Tue Dec 19 2000 Bernhard Rosenkraenzer \n- Fix reverse lookups (#22272)\n- Run ldconfig in %post utils\n* Tue Dec 12 2000 Karsten Hopp \n- fixed logrotate script (wrong path to kill)\n- include header files in -devel package\n- bugzilla #22049, #19147, 21606\n* Fri Dec 08 2000 Bernhard Rosenkraenzer \n- 9.1.0b1 (9.1.0 is in our timeframe and less buggy)\n* Mon Nov 13 2000 Bernhard Rosenkraenzer \n- 9.0.1\n* Mon Oct 30 2000 Bernhard Rosenkraenzer \n- Fix initscript (Bug #19956)\n- Add sample rndc.conf (Bug #19956)\n- Fix build with tar 1.13.18\n* Tue Oct 10 2000 Bernhard Rosenkraenzer \n- Add some missing man pages (taken from bind8) (Bug #18794)\n* Sun Sep 17 2000 Bernhard Rosenkraenzer \n- 9.0.0 final\n* Wed Aug 30 2000 Bernhard Rosenkraenzer \n- rc5\n- fix up nslookup\n* Thu Aug 24 2000 Bernhard Rosenkraenzer \n- rc4\n* Thu Jul 13 2000 Bernhard Rosenkraenzer \n- 9.0.0rc1\n* Wed Jul 12 2000 Prospector \n- automatic rebuild\n* Sun Jul 09 2000 Florian La Roche \n- add 'exit 0' for uninstall case\n* Fri Jul 07 2000 Florian La Roche \n- add prereq init.d and cleanup install section\n* Fri Jun 30 2000 Trond Eivind Glomsrod \n- fix the init script\n* Wed Jun 28 2000 Nalin Dahyabhai \n- make libbind.a and nslookup.help readable again by setting INSTALL_LIB to ''\n* Mon Jun 26 2000 Bernhard Rosenkranzer \n- Fix up the initscript (Bug #13033)\n- Fix build with current glibc (Bug #12755)\n- /etc/rc.d/init.d -> /etc/init.d\n- use %{_mandir} rather than /usr/share/man\n* Mon Jun 19 2000 Bill Nottingham \n- fix conflict with man-pages\n- remove compatibilty chkconfig links\n- initscript munging\n* Wed Jun 14 2000 Nalin Dahyabhai \n- modify logrotate setup to use PID file\n- temporarily disable optimization by unsetting at build-time\n- actually bump the release this time\n* Sun Jun 04 2000 Bernhard Rosenkraenzer \n- FHS compliance\n* Mon Apr 17 2000 Nalin Dahyabhai \n- clean up restart patch\n* Mon Apr 10 2000 Nalin Dahyabhai \n- provide /var/named (fix for bugs #9847, #10205)\n- preserve args when restarted via ndc(8) (bug #10227)\n- make resolv.conf(5) a link to resolver(5) (bug #10245)\n- fix SYSTYPE bug in all makefiles\n- move creation of named user from %post into %pre\n* Mon Feb 28 2000 Bernhard Rosenkranzer \n- Fix TTL (patch from ISC, Bug #9820)\n* Wed Feb 16 2000 Bernhard Rosenkranzer \n- fix typo in spec (it's %post, without a leading blank) introduced in -6\n- change SYSTYPE to linux\n* Fri Feb 11 2000 Bill Nottingham \n- pick a standard < 100 uid/gid for named\n* Fri Feb 04 2000 Elliot Lee \n- Pass named a '-u named' parameter by default, and add/remove user.\n* Thu Feb 03 2000 Bernhard Rosenkraenzer \n- fix host mx bug (Bug #9021)\n* Mon Jan 31 2000 Cristian Gafton \n- rebuild to fix dependencies\n- man pages are compressed\n* Wed Jan 19 2000 Bernhard Rosenkraenzer \n- It's /usr/bin/killall, not /usr/sbin/killall (Bug #8063)\n* Mon Jan 17 2000 Bernhard Rosenkraenzer \n- Fix up location of named-bootconf.pl and make it executable\n (Bug #8028)\n- bind-devel requires bind\n* Mon Nov 15 1999 Bernhard Rosenkraenzer \n- update to 8.2.2-P5\n* Wed Nov 10 1999 Bill Nottingham \n- update to 8.2.2-P3\n* Tue Oct 12 1999 Cristian Gafton \n- add patch to stop a cache only server from complaining about lame servers\n on every request.\n* Fri Sep 24 1999 Preston Brown \n- use real stop and start in named.init for restart, not ndc restart, it has\n problems when named has changed during a package update... (# 4890)\n* Fri Sep 10 1999 Bill Nottingham \n- chkconfig --del in %preun, not %postun\n* Mon Aug 16 1999 Bill Nottingham \n- initscript munging\n* Mon Jul 26 1999 Bill Nottingham \n- fix installed chkconfig links to match init file\n* Sat Jul 03 1999 Jeff Johnson \n- conflict with new (in man-1.24) man pages (#3876,#3877).\n* Tue Jun 29 1999 Bill Nottingham \n- fix named.logrotate (wrong %SOURCE)\n* Fri Jun 25 1999 Jeff Johnson \n- update to 8.2.1.\n- add named.logrotate (#3571).\n- hack around egcs-1.1.2 -m486 bug (#3413, #3485).\n- vet file list.\n* Fri Jun 18 1999 Bill Nottingham \n- don't run by default\n* Sun May 30 1999 Jeff Johnson \n- nslookup fixes (#2463).\n- missing files (#3152).\n* Sat May 01 1999 Stepan Kasal \n- nslookup patched:\n to count numRecords properly\n to fix subsequent calls to ls -d\n to parse 'view' and 'finger' commands properly\n the view hack updated for bind-8 (using sed)\n* Wed Mar 31 1999 Bill Nottingham \n- add ISC patch\n- add quick hack to make host not crash\n- add more docs\n* Fri Mar 26 1999 Cristian Gafton \n- add probing information in the init file to keep linuxconf happy\n- dont strip libbind\n* Sun Mar 21 1999 Cristian Gafton \n- auto rebuild in the new build environment (release 3)\n* Wed Mar 17 1999 Preston Brown \n- removed 'done' output at named shutdown.\n* Tue Mar 16 1999 Cristian Gafton \n- version 8.2\n* Wed Dec 30 1998 Cristian Gafton \n- patch to use the __FDS_BITS macro\n- build for glibc 2.1\n* Wed Sep 23 1998 Jeff Johnson \n- change named.restart to /usr/sbin/ndc restart\n* Sat Sep 19 1998 Jeff Johnson \n- install man pages correctly.\n- change K10named to K45named.\n* Wed Aug 12 1998 Jeff Johnson \n- don't start if /etc/named.conf doesn't exist.\n* Sat Aug 08 1998 Jeff Johnson \n- autmagically create /etc/named.conf from /etc/named.boot in %post\n- remove echo in %post\n* Wed Jun 10 1998 Jeff Johnson \n- merge in 5.1 mods\n* Sun Apr 12 1998 Manuel J. Galan \n- Several essential modifications to build and install correctly.\n- Modified 'ndc' to avoid deprecated use of '-'\n* Mon Dec 22 1997 Scott Lampert \n- Used buildroot\n- patched bin/named/ns_udp.c to use \n for include\n on Redhat 5.0 instead of ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2022-02-03T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740", "CVE-2018-5741", "CVE-2018-5743", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-8622", "CVE-2020-8625", "CVE-2021-25215"], "modified": "2022-02-03T00:00:00", "id": "ELSA-2022-9117", "href": "http://linux.oracle.com/errata/ELSA-2022-9117.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
[SECURITY] Fedora 27 Update: bind-9.11.2-1.P1.fc27
