The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: If you run into issues with activation of the service or its sockets, either update your selinux-policy package or turn off selinux (setenforce 0). https://bugzilla.redhat.com/show_bug.cgi?id=3D1366968 https://bugzilla.redhat.com/show_bug.cgi?id=3D1543049
{"id": "FEDORA:6F78060A97EB", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 26 Update: knot-resolver-2.1.0-1.fc26", "description": "The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: If you run into issues with activation of the service or its sockets, either update your selinux-policy package or turn off selinux (setenforce 0). https://bugzilla.redhat.com/show_bug.cgi?id=3D1366968 https://bugzilla.redhat.com/show_bug.cgi?id=3D1543049 ", "published": "2018-02-27T16:58:33", "modified": "2018-02-27T16:58:33", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VBCUXAKFTSQU5US2W6YCKAVBHXCXM7GI/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2018-1000002"], "immutableFields": [], "lastseen": "2020-12-21T08:17:54", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-1000002"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-1000002"]}, {"type": "fedora", "idList": ["FEDORA:1193F64815E8", "FEDORA:54ED760BC7BD", "FEDORA:75132604AF85", "FEDORA:B5BB8606CFDA", "FEDORA:BEE47609540F"]}, {"type": "nessus", "idList": ["FEDORA_2018-844A1E9778.NASL", "FEDORA_2018-FE5A6ED3B7.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874160", "OPENVAS:1361412562310874170", "OPENVAS:1361412562310874426", "OPENVAS:1361412562310874432", "OPENVAS:1361412562310874798", "OPENVAS:1361412562310874930"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-1000002"]}], "rev": 4}, "score": {"value": 5.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-1000002"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-1000002"]}, {"type": "fedora", "idList": ["FEDORA:1193F64815E8", "FEDORA:54ED760BC7BD", "FEDORA:75132604AF85", "FEDORA:B5BB8606CFDA", "FEDORA:BEE47609540F"]}, {"type": "nessus", "idList": ["FEDORA_2018-844A1E9778.NASL", "FEDORA_2018-FE5A6ED3B7.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874160", "OPENVAS:1361412562310874170"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-1000002"]}]}, "exploitation": null, "vulnersScore": 5.6}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "26", "arch": "any", "packageName": "knot-resolver", "packageVersion": "2.1.0", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"ubuntucve": [{"lastseen": "2021-11-22T21:38:18", "description": "Improper input validation bugs in DNSSEC validators components in Knot\nResolver (prior version 1.5.2) allow attacker in man-in-the-middle position\nto deny existence of some data in DNS via packet replay.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2018-01-22T00:00:00", "type": "ubuntucve", "title": "CVE-2018-1000002", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002"], "modified": "2018-01-22T00:00:00", "id": "UB:CVE-2018-1000002", "href": "https://ubuntu.com/security/CVE-2018-1000002", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:33:36", "description": "Knot Resolver 2.1.0 (2018-02-16) ================================\n\nIncompatible changes\n\n--------------------\n\n - stats: remove tracking of expiring records (predict uses another way)\n\n - systemd: re-use a single kresd.socket and kresd-tls.socket\n\n - ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01 (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic)\n\n - libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS\n\nBugfixes\n\n--------\n\n - detect_time_jump module: don't clear cache on suspend-resume (#284)\n\n - stats module: fix stats.list() returning nothing, regressed in 2.0.0\n\n - policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306)\n\n - cache: fix broken refresh of insecure records that were about to expire\n\n - fix the hints module on some systems, e.g. Fedora (came back on 2.0.0)\n\n - build with older gnutls (conditionally disable features)\n\n - fix the predict module to work with insecure records & cleanup code\n\nKnot Resolver 2.0.0 (2018-01-31) ================================\n\nIncompatible changes\n\n--------------------\n\n - systemd: change unit files to allow running multiple instances, deployments with single instance now must use `kresd@1.service` instead of `kresd.service`; see kresd.systemd(7) for details\n\n - systemd: the directory for cache is now /var/cache/knot-resolver\n\n - unify default directory and user to `knot-resolver`\n\n - directory with trust anchor file specified by -k option must be writeable\n\n - policy module is now loaded by default to enforce RFC 6761; see documentation for policy.PASS if you use locally-served DNS zones\n\n - drop support for alternative cache backends memcached, redis, and for Lua bindings for some specific cache operations\n\n - REORDER_RR option is not implemented (temporarily)\n\nNew features\n\n------------\n\n - aggressive caching of validated records (RFC 8198) for NSEC zones; thanks to ICANN for sponsoring this work.\n\n - forwarding over TLS, authenticated by SPKI pin or certificate. policy.TLS_FORWARD pipelines queries out-of-order over shared TLS connection Beware: Some resolvers do not support out-of-order query processing.\n TLS forwarding to such resolvers will lead to slower resolution or failures.\n\n - trust anchors: you may specify a read-only file via -K or --keyfile-ro\n\n - trust anchors: at build-time you may set KEYFILE_DEFAULT (read-only)\n\n - ta_sentinel module implements draft ietf-dnsop-kskroll-sentinel-00, enabled by default\n\n - serve_stale module is prototype, subject to change\n\n - extended API for Lua modules\n\nBugfixes\n\n--------\n\n - fix build on osx - regressed in 1.5.3 (different linker option name)\n\n----\n\nKnot Resolver 1.5.3 (2018-01-23) ================================\n\nBugfixes\n\n--------\n\n - fix the hints module on some systems, e.g. Fedora.\n Symptom: `undefined symbol: engine_hint_root_file`\n\nKnot Resolver 1.5.2 (2018-01-22) ================================\n\nSecurity\n\n--------\n\n - fix CVE-2018-1000002: insufficient DNSSEC validation, allowing attackers to deny existence of some data by forging packets. Some combinations pointed out in RFC 6840 sections 4.1 and 4.3 were not taken into account.\n\nBugfixes\n\n--------\n\n - memcached: fix fallout from module rename in 1.5.1\n\nKnot Resolver 1.5.1 (2017-12-12) ================================\n\nIncompatible changes\n\n--------------------\n\n - script supervisor.py was removed, please migrate to a real process manager\n\n - module ketcd was renamed to etcd for consistency\n\n - module kmemcached was renamed to memcached for consistency\n\nBugfixes\n\n--------\n\n - fix SIGPIPE crashes (#271)\n\n - tests: work around out-of-space for platforms with larger memory pages\n\n - lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0 (and 1.99.1-alpha), potentially causing problems in dns64 and workarounds modules\n\n - predict module: various fixes (!399)\n\nImprovements\n\n------------\n\n - add priming module to implement RFC 8109, enabled by default (#220)\n\n - add modules helping with system time problems, enabled by default; for details see documentation of detect_time_skew and detect_time_jump\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2018-02-28T00:00:00", "type": "nessus", "title": "Fedora 26 : knot-resolver (2018-844a1e9778)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000002"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:knot-resolver", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-844A1E9778.NASL", "href": "https://www.tenable.com/plugins/nessus/107032", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-844a1e9778.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107032);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000002\");\n script_xref(name:\"FEDORA\", value:\"2018-844a1e9778\");\n\n script_name(english:\"Fedora 26 : knot-resolver (2018-844a1e9778)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Knot Resolver 2.1.0 (2018-02-16) ================================\n\nIncompatible changes\n\n--------------------\n\n - stats: remove tracking of expiring records (predict uses\n another way)\n\n - systemd: re-use a single kresd.socket and\n kresd-tls.socket\n\n - ta_sentinel: implement protocol\n draft-ietf-dnsop-kskroll-sentinel-01 (our\n draft-ietf-dnsop-kskroll-sentinel-00 implementation had\n inverted logic)\n\n - libknot: require version 2.6.4 or newer to get bugfixes\n for DNS-over-TLS\n\nBugfixes\n\n--------\n\n - detect_time_jump module: don't clear cache on\n suspend-resume (#284)\n\n - stats module: fix stats.list() returning nothing,\n regressed in 2.0.0\n\n - policy.TLS_FORWARD: refusal when configuring with\n multiple IPs (#306)\n\n - cache: fix broken refresh of insecure records that were\n about to expire\n\n - fix the hints module on some systems, e.g. Fedora (came\n back on 2.0.0)\n\n - build with older gnutls (conditionally disable features)\n\n - fix the predict module to work with insecure records &\n cleanup code\n\nKnot Resolver 2.0.0 (2018-01-31) ================================\n\nIncompatible changes\n\n--------------------\n\n - systemd: change unit files to allow running multiple\n instances, deployments with single instance now must use\n `kresd@1.service` instead of `kresd.service`; see\n kresd.systemd(7) for details\n\n - systemd: the directory for cache is now\n /var/cache/knot-resolver\n\n - unify default directory and user to `knot-resolver`\n\n - directory with trust anchor file specified by -k option\n must be writeable\n\n - policy module is now loaded by default to enforce RFC\n 6761; see documentation for policy.PASS if you use\n locally-served DNS zones\n\n - drop support for alternative cache backends memcached,\n redis, and for Lua bindings for some specific cache\n operations\n\n - REORDER_RR option is not implemented (temporarily)\n\nNew features\n\n------------\n\n - aggressive caching of validated records (RFC 8198) for\n NSEC zones; thanks to ICANN for sponsoring this work.\n\n - forwarding over TLS, authenticated by SPKI pin or\n certificate. policy.TLS_FORWARD pipelines queries\n out-of-order over shared TLS connection Beware: Some\n resolvers do not support out-of-order query processing.\n TLS forwarding to such resolvers will lead to slower\n resolution or failures.\n\n - trust anchors: you may specify a read-only file via -K\n or --keyfile-ro\n\n - trust anchors: at build-time you may set KEYFILE_DEFAULT\n (read-only)\n\n - ta_sentinel module implements draft\n ietf-dnsop-kskroll-sentinel-00, enabled by default\n\n - serve_stale module is prototype, subject to change\n\n - extended API for Lua modules\n\nBugfixes\n\n--------\n\n - fix build on osx - regressed in 1.5.3 (different linker\n option name)\n\n----\n\nKnot Resolver 1.5.3 (2018-01-23) ================================\n\nBugfixes\n\n--------\n\n - fix the hints module on some systems, e.g. Fedora.\n Symptom: `undefined symbol: engine_hint_root_file`\n\nKnot Resolver 1.5.2 (2018-01-22) ================================\n\nSecurity\n\n--------\n\n - fix CVE-2018-1000002: insufficient DNSSEC validation,\n allowing attackers to deny existence of some data by\n forging packets. Some combinations pointed out in RFC\n 6840 sections 4.1 and 4.3 were not taken into account.\n\nBugfixes\n\n--------\n\n - memcached: fix fallout from module rename in 1.5.1\n\nKnot Resolver 1.5.1 (2017-12-12) ================================\n\nIncompatible changes\n\n--------------------\n\n - script supervisor.py was removed, please migrate to a\n real process manager\n\n - module ketcd was renamed to etcd for consistency\n\n - module kmemcached was renamed to memcached for\n consistency\n\nBugfixes\n\n--------\n\n - fix SIGPIPE crashes (#271)\n\n - tests: work around out-of-space for platforms with\n larger memory pages\n\n - lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0\n (and 1.99.1-alpha), potentially causing problems in\n dns64 and workarounds modules\n\n - predict module: various fixes (!399)\n\nImprovements\n\n------------\n\n - add priming module to implement RFC 8109, enabled by\n default (#220)\n\n - add modules helping with system time problems, enabled\n by default; for details see documentation of\n detect_time_skew and detect_time_jump\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-844a1e9778\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected knot-resolver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:knot-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"knot-resolver-2.1.0-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"knot-resolver\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:33:09", "description": "Knot Resolver 2.1.0 (2018-02-16) ================================\n\nIncompatible changes\n\n--------------------\n\n - stats: remove tracking of expiring records (predict uses another way)\n\n - systemd: re-use a single kresd.socket and kresd-tls.socket\n\n - ta_sentinel: implement protocol draft-ietf-dnsop-kskroll-sentinel-01 (our draft-ietf-dnsop-kskroll-sentinel-00 implementation had inverted logic)\n\n - libknot: require version 2.6.4 or newer to get bugfixes for DNS-over-TLS\n\nBugfixes\n\n--------\n\n - detect_time_jump module: don't clear cache on suspend-resume (#284)\n\n - stats module: fix stats.list() returning nothing, regressed in 2.0.0\n\n - policy.TLS_FORWARD: refusal when configuring with multiple IPs (#306)\n\n - cache: fix broken refresh of insecure records that were about to expire\n\n - fix the hints module on some systems, e.g. Fedora (came back on 2.0.0)\n\n - build with older gnutls (conditionally disable features)\n\n - fix the predict module to work with insecure records & cleanup code\n\nKnot Resolver 2.0.0 (2018-01-31) ================================\n\nIncompatible changes\n\n--------------------\n\n - systemd: change unit files to allow running multiple instances, deployments with single instance now must use `kresd@1.service` instead of `kresd.service`; see kresd.systemd(7) for details\n\n - systemd: the directory for cache is now /var/cache/knot-resolver\n\n - unify default directory and user to `knot-resolver`\n\n - directory with trust anchor file specified by -k option must be writeable\n\n - policy module is now loaded by default to enforce RFC 6761; see documentation for policy.PASS if you use locally-served DNS zones\n\n - drop support for alternative cache backends memcached, redis, and for Lua bindings for some specific cache operations\n\n - REORDER_RR option is not implemented (temporarily)\n\nNew features\n\n------------\n\n - aggressive caching of validated records (RFC 8198) for NSEC zones; thanks to ICANN for sponsoring this work.\n\n - forwarding over TLS, authenticated by SPKI pin or certificate. policy.TLS_FORWARD pipelines queries out-of-order over shared TLS connection Beware: Some resolvers do not support out-of-order query processing.\n TLS forwarding to such resolvers will lead to slower resolution or failures.\n\n - trust anchors: you may specify a read-only file via -K or --keyfile-ro\n\n - trust anchors: at build-time you may set KEYFILE_DEFAULT (read-only)\n\n - ta_sentinel module implements draft ietf-dnsop-kskroll-sentinel-00, enabled by default\n\n - serve_stale module is prototype, subject to change\n\n - extended API for Lua modules\n\nBugfixes\n\n--------\n\n - fix build on osx - regressed in 1.5.3 (different linker option name)\n\n----\n\nKnot Resolver 1.5.3 (2018-01-23) ================================\n\nBugfixes\n\n--------\n\n - fix the hints module on some systems, e.g. Fedora.\n Symptom: `undefined symbol: engine_hint_root_file`\n\nKnot Resolver 1.5.2 (2018-01-22) ================================\n\nSecurity\n\n--------\n\n - fix CVE-2018-1000002: insufficient DNSSEC validation, allowing attackers to deny existence of some data by forging packets. Some combinations pointed out in RFC 6840 sections 4.1 and 4.3 were not taken into account.\n\nBugfixes\n\n--------\n\n - memcached: fix fallout from module rename in 1.5.1\n\nKnot Resolver 1.5.1 (2017-12-12) ================================\n\nIncompatible changes\n\n--------------------\n\n - script supervisor.py was removed, please migrate to a real process manager\n\n - module ketcd was renamed to etcd for consistency\n\n - module kmemcached was renamed to memcached for consistency\n\nBugfixes\n\n--------\n\n - fix SIGPIPE crashes (#271)\n\n - tests: work around out-of-space for platforms with larger memory pages\n\n - lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0 (and 1.99.1-alpha), potentially causing problems in dns64 and workarounds modules\n\n - predict module: various fixes (!399)\n\nImprovements\n\n------------\n\n - add priming module to implement RFC 8109, enabled by default (#220)\n\n - add modules helping with system time problems, enabled by default; for details see documentation of detect_time_skew and detect_time_jump\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 3.7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}, "published": "2018-02-28T00:00:00", "type": "nessus", "title": "Fedora 27 : knot-resolver (2018-fe5a6ed3b7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000002"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:knot-resolver", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-FE5A6ED3B7.NASL", "href": "https://www.tenable.com/plugins/nessus/107041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fe5a6ed3b7.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107041);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-1000002\");\n script_xref(name:\"FEDORA\", value:\"2018-fe5a6ed3b7\");\n\n script_name(english:\"Fedora 27 : knot-resolver (2018-fe5a6ed3b7)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Knot Resolver 2.1.0 (2018-02-16) ================================\n\nIncompatible changes\n\n--------------------\n\n - stats: remove tracking of expiring records (predict uses\n another way)\n\n - systemd: re-use a single kresd.socket and\n kresd-tls.socket\n\n - ta_sentinel: implement protocol\n draft-ietf-dnsop-kskroll-sentinel-01 (our\n draft-ietf-dnsop-kskroll-sentinel-00 implementation had\n inverted logic)\n\n - libknot: require version 2.6.4 or newer to get bugfixes\n for DNS-over-TLS\n\nBugfixes\n\n--------\n\n - detect_time_jump module: don't clear cache on\n suspend-resume (#284)\n\n - stats module: fix stats.list() returning nothing,\n regressed in 2.0.0\n\n - policy.TLS_FORWARD: refusal when configuring with\n multiple IPs (#306)\n\n - cache: fix broken refresh of insecure records that were\n about to expire\n\n - fix the hints module on some systems, e.g. Fedora (came\n back on 2.0.0)\n\n - build with older gnutls (conditionally disable features)\n\n - fix the predict module to work with insecure records &\n cleanup code\n\nKnot Resolver 2.0.0 (2018-01-31) ================================\n\nIncompatible changes\n\n--------------------\n\n - systemd: change unit files to allow running multiple\n instances, deployments with single instance now must use\n `kresd@1.service` instead of `kresd.service`; see\n kresd.systemd(7) for details\n\n - systemd: the directory for cache is now\n /var/cache/knot-resolver\n\n - unify default directory and user to `knot-resolver`\n\n - directory with trust anchor file specified by -k option\n must be writeable\n\n - policy module is now loaded by default to enforce RFC\n 6761; see documentation for policy.PASS if you use\n locally-served DNS zones\n\n - drop support for alternative cache backends memcached,\n redis, and for Lua bindings for some specific cache\n operations\n\n - REORDER_RR option is not implemented (temporarily)\n\nNew features\n\n------------\n\n - aggressive caching of validated records (RFC 8198) for\n NSEC zones; thanks to ICANN for sponsoring this work.\n\n - forwarding over TLS, authenticated by SPKI pin or\n certificate. policy.TLS_FORWARD pipelines queries\n out-of-order over shared TLS connection Beware: Some\n resolvers do not support out-of-order query processing.\n TLS forwarding to such resolvers will lead to slower\n resolution or failures.\n\n - trust anchors: you may specify a read-only file via -K\n or --keyfile-ro\n\n - trust anchors: at build-time you may set KEYFILE_DEFAULT\n (read-only)\n\n - ta_sentinel module implements draft\n ietf-dnsop-kskroll-sentinel-00, enabled by default\n\n - serve_stale module is prototype, subject to change\n\n - extended API for Lua modules\n\nBugfixes\n\n--------\n\n - fix build on osx - regressed in 1.5.3 (different linker\n option name)\n\n----\n\nKnot Resolver 1.5.3 (2018-01-23) ================================\n\nBugfixes\n\n--------\n\n - fix the hints module on some systems, e.g. Fedora.\n Symptom: `undefined symbol: engine_hint_root_file`\n\nKnot Resolver 1.5.2 (2018-01-22) ================================\n\nSecurity\n\n--------\n\n - fix CVE-2018-1000002: insufficient DNSSEC validation,\n allowing attackers to deny existence of some data by\n forging packets. Some combinations pointed out in RFC\n 6840 sections 4.1 and 4.3 were not taken into account.\n\nBugfixes\n\n--------\n\n - memcached: fix fallout from module rename in 1.5.1\n\nKnot Resolver 1.5.1 (2017-12-12) ================================\n\nIncompatible changes\n\n--------------------\n\n - script supervisor.py was removed, please migrate to a\n real process manager\n\n - module ketcd was renamed to etcd for consistency\n\n - module kmemcached was renamed to memcached for\n consistency\n\nBugfixes\n\n--------\n\n - fix SIGPIPE crashes (#271)\n\n - tests: work around out-of-space for platforms with\n larger memory pages\n\n - lua: fix mistakes in bindings affecting 1.4.0 and 1.5.0\n (and 1.99.1-alpha), potentially causing problems in\n dns64 and workarounds modules\n\n - predict module: various fixes (!399)\n\nImprovements\n\n------------\n\n - add priming module to implement RFC 8109, enabled by\n default (#220)\n\n - add modules helping with system time problems, enabled\n by default; for details see documentation of\n detect_time_skew and detect_time_jump\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe5a6ed3b7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected knot-resolver package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:knot-resolver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"knot-resolver-2.1.0-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"knot-resolver\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-28T00:00:00", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2018-fe5a6ed3b7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000002"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874160", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874160", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_fe5a6ed3b7_knot-resolver_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for knot-resolver FEDORA-2018-fe5a6ed3b7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874160\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-28 08:39:55 +0100 (Wed, 28 Feb 2018)\");\n script_cve_id(\"CVE-2018-1000002\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2018-fe5a6ed3b7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"knot-resolver on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-fe5a6ed3b7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC4SDFU5PFTIGXAOCBCWOZHEOAYD57SR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~2.1.0~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-02-28T00:00:00", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2018-844a1e9778", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000002"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874170", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874170", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_844a1e9778_knot-resolver_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for knot-resolver FEDORA-2018-844a1e9778\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874170\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-28 08:40:45 +0100 (Wed, 28 Feb 2018)\");\n script_cve_id(\"CVE-2018-1000002\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2018-844a1e9778\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"knot-resolver on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-844a1e9778\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VBCUXAKFTSQU5US2W6YCKAVBHXCXM7GI\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~2.1.0~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-07-15T00:00:00", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2018-50d055a5af", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1110", "CVE-2018-1000002"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874798", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_50d055a5af_knot-resolver_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for knot-resolver FEDORA-2018-50d055a5af\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874798\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-15 06:01:01 +0200 (Sun, 15 Jul 2018)\");\n script_cve_id(\"CVE-2018-1110\", \"CVE-2018-1000002\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2018-50d055a5af\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"knot-resolver on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-50d055a5af\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ENFQ3EREOJL2DIQMAJKJDUBJZSBFXWA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~2.4.0~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2018-a120d509ab", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1110", "CVE-2018-1000002"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874432", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a120d509ab_knot-resolver_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for knot-resolver FEDORA-2018-a120d509ab\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874432\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 06:07:12 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-1110\", \"CVE-2018-1000002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2018-a120d509ab\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"knot-resolver on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a120d509ab\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVCDWD5NAN7DS3K6ZVLZSXJ3G5YNNJA\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~2.3.0~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-12T00:00:00", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2018-0c0671072b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1110", "CVE-2018-1000002"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874426", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_0c0671072b_knot-resolver_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for knot-resolver FEDORA-2018-0c0671072b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874426\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-12 06:00:39 +0200 (Sat, 12 May 2018)\");\n script_cve_id(\"CVE-2018-1110\", \"CVE-2018-1000002\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2018-0c0671072b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"knot-resolver on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-0c0671072b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5F6ABNMPJLOC2QCYLPJVVL5BNRZJIXFK\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~2.3.0~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:33:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-08-15T00:00:00", "type": "openvas", "title": "Fedora Update for knot-resolver FEDORA-2018-eb9ca8b218", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1110", "CVE-2018-10920", "CVE-2018-1000002"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874930", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874930", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_eb9ca8b218_knot-resolver_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for knot-resolver FEDORA-2018-eb9ca8b218\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874930\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-08-15 06:35:34 +0200 (Wed, 15 Aug 2018)\");\n script_cve_id(\"CVE-2018-10920\", \"CVE-2018-1110\", \"CVE-2018-1000002\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for knot-resolver FEDORA-2018-eb9ca8b218\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'knot-resolver'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"knot-resolver on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-eb9ca8b218\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ESZGJSHNQHB6SHEWXTJ6GK7VMU2SLLQE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"knot-resolver\", rpm:\"knot-resolver~2.4.1~1.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2022-06-15T02:00:09", "description": "Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-01-22T18:29:00", "type": "debiancve", "title": "CVE-2018-1000002", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002"], "modified": "2018-01-22T18:29:00", "id": "DEBIANCVE:CVE-2018-1000002", "href": "https://security-tracker.debian.org/tracker/CVE-2018-1000002", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: If you run into issues with activation of the service or its sockets, either update your selinux-policy package or turn off selinux (setenforce 0). https://bugzilla.redhat.com/show_bug.cgi?id=3D1366968 https://bugzilla.redhat.com/show_bug.cgi?id=3D1543049 ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 3.7, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2018-02-27T17:30:46", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: knot-resolver-2.1.0-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002"], "modified": "2018-02-27T17:30:46", "id": "FEDORA:54ED760BC7BD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KC4SDFU5PFTIGXAOCBCWOZHEOAYD57SR/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-03T12:44:39", "description": "The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd(a)1.service ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-05-10T19:10:30", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: knot-resolver-2.3.0-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002", "CVE-2018-1110"], "modified": "2018-05-10T19:10:30", "id": "FEDORA:75132604AF85", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5F6ABNMPJLOC2QCYLPJVVL5BNRZJIXFK/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-03T12:44:39", "description": "The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd(a)1.service ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-05-10T19:16:08", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: knot-resolver-2.3.0-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002", "CVE-2018-1110"], "modified": "2018-05-10T19:16:08", "id": "FEDORA:BEE47609540F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7KVCDWD5NAN7DS3K6ZVLZSXJ3G5YNNJA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-03T12:44:39", "description": "The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd(a)1.service ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-07-12T13:47:42", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: knot-resolver-2.4.0-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002", "CVE-2018-1110"], "modified": "2018-07-12T13:47:42", "id": "FEDORA:B5BB8606CFDA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7ENFQ3EREOJL2DIQMAJKJDUBJZSBFXWA/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "The Knot DNS Resolver is a caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is pre-configured as local caching resolver. To start using it, start a single kresd instance: $ systemctl start kresd(a)1.service ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2018-08-14T20:21:51", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: knot-resolver-2.4.1-1.fc27", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002", "CVE-2018-10920", "CVE-2018-1110"], "modified": "2018-08-14T20:21:51", "id": "FEDORA:1193F64815E8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ESZGJSHNQHB6SHEWXTJ6GK7VMU2SLLQE/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T11:46:26", "description": "Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-01-22T18:29:00", "type": "cve", "title": "CVE-2018-1000002", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000002"], "modified": "2019-11-06T17:36:00", "cpe": [], "id": "CVE-2018-1000002", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000002", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}]}
[SECURITY] Fedora 26 Update: knot-resolver-2.1.0-1.fc26
