Vulners
Lucene search
AIX bind Advisory : bind_advisory10.asc (IV80187) (IV80188) (IV80189) (IV80191) (IV80192)
| Reporter | Title | Published | Views | Family All 158 |
|---|---|---|---|---|
 | Security Bulletin: IBM i is affected by networking BIND vulnerabilities. | 18 Dec 201914:26 | – | ibm |
 | ISC BIND 9.x < 9.9.8-P2 / 9.9.8-S3 / 9.9.9-S3 / 9.10.3-P2 DoS | 19 Jan 201700:00 | – | nessus |
| AIX 5.3 TL 12 : bind (IV80187) (deprecated) | 26 Feb 201600:00 | – | nessus |
| AIX 6.1 TL 9 : bind (IV80188) (deprecated) | 26 Feb 201600:00 | – | nessus |
| AIX 7.1 TL 3 : bind (IV80189) (deprecated) | 26 Feb 201600:00 | – | nessus |
| AIX 7.1 TL 4 : bind (IV80191) (deprecated) | 26 Feb 201600:00 | – | nessus |
| AIX 7.2 TL 0 : bind (IV80192) (deprecated) | 26 Feb 201600:00 | – | nessus |
| Amazon Linux AMI : bind (ALAS-2015-631) | 16 Dec 201500:00 | – | nessus |
| ISC BIND 9.x < 9.9.8-P2 / 9.10.x < 9.10.3-P2 Response Parsing Class Attribute Handling DoS | 18 Dec 201500:00 | – | nessus |
| CentOS 6 / 7 : bind (CESA-2015:2655) | 17 Dec 201500:00 | – | nessus |
10
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(102122);
script_version("3.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");
script_cve_id("CVE-2015-8000");
script_bugtraq_id(79349);
script_name(english:"AIX bind Advisory : bind_advisory10.asc (IV80187) (IV80188) (IV80189) (IV80191) (IV80192)");
script_set_attribute(attribute:"synopsis", value:
"The remote AIX host has a version of bind installed that is affected
by a denial of service vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of bind installed on the remote AIX host is affected by
a denial of service vulnerability due to improper parsing of incorrect
class attributes in db.c. An unauthenticated, remote attacker can
exploit this, via a malformed class attribute, to trigger a REQUIRE
assertion failure, resulting in a denial of service condition.");
script_set_attribute(attribute:"see_also", value:"https://aix.software.ibm.com/aix/efixes/security/bind_advisory10.asc");
script_set_attribute(attribute:"solution", value:
"A fix is available and can be downloaded from the IBM AIX website.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8000");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/15");
script_set_attribute(attribute:"patch_publication_date", value:"2016/02/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix");
script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"AIX Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2025 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");
exit(0);
}
include("aix.inc");
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
oslevel = get_kb_item("Host/AIX/version");
if (isnull(oslevel)) audit(AUDIT_UNKNOWN_APP_VER, "AIX");
oslevel = oslevel - "AIX-";
oslevelcomplete = chomp(get_kb_item("Host/AIX/oslevelsp"));
if (isnull(oslevelcomplete)) audit(AUDIT_UNKNOWN_APP_VER, "AIX");
oslevelparts = split(oslevelcomplete, sep:'-', keep:0);
if ( max_index(oslevelparts) != 4 ) audit(AUDIT_UNKNOWN_APP_VER, "AIX");
ml = oslevelparts[1];
sp = oslevelparts[2];
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);
if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This AIX package check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );
flag = 0;
aix_bind_vulns = {
"5.3": {
"12": {
"09": {
"bos.net.tcp.client": {
"minfilesetver":"5.3.12.0",
"maxfilesetver":"5.3.12.10",
"patch":"(IV80187m9a|IV81278m9a|IV85298m9a|IV90056m9a|IV91253m9b|IV93366m9a|IV88957m9a|IV98825m9a)"
},
"bos.net.tcp.server": {
"minfilesetver":"5.3.12.0",
"maxfilesetver":"5.3.12.6",
"patch":"(IV80187m9a|IV81278m9a|IV85298m9a|IV90056m9a|IV91253m9b|IV93366m9a|IV88957m9a|IV98825m9a)"
}
}
}
},
"6.1": {
"09": {
"06": {
"bos.net.tcp.client": {
"minfilesetver":"6.1.9.0",
"maxfilesetver":"6.1.9.101",
"patch":"(IV80188s6a|IV81279s6a|IV84456s6a|IV84984m6a|IV89828m6a|IV91254m6b|IV93361m8a|IV79071m6a)"
}
}
}
},
"7.1": {
"03": {
"05": {
"bos.net.tcp.client": {
"minfilesetver":"7.1.3.0",
"maxfilesetver":"7.1.3.46",
"patch":"(IV80189m5a|IV81280m5a|IV84457s5a|IV85296m5a|IV89830m5a|IV91214m5b|IV82331m5a)"
}
}
},
"04": {
"01": {
"bos.net.tcp.client": {
"minfilesetver":"7.1.4.0",
"maxfilesetver":"7.1.4.0",
"patch":"(IV80191s1a|IV81281m1a|IV84458s1a|IV84947m1a|IV89829m1a|IV91255m1b|IV93363m3a)"
}
}
}
},
"7.2": {
"00": {
"01": {
"bos.net.tcp.client": {
"minfilesetver":"7.2.0.0",
"maxfilesetver":"7.2.0.0",
"patch":"(IV80192s1a|IV81282m1a|IV84459s1a|IV85297m1a|IV89831m1a|IV91256m1b|IV93403m3a)"
}
}
}
}
};
version_report = "AIX " + oslevel;
if ( empty_or_null(aix_bind_vulns[oslevel]) ) {
os_options = join( sort( keys(aix_bind_vulns) ), sep:' / ' );
audit(AUDIT_OS_NOT, os_options, version_report);
}
version_report = version_report + " ML " + ml;
if ( empty_or_null(aix_bind_vulns[oslevel][ml]) ) {
ml_options = join( sort( keys(aix_bind_vulns[oslevel]) ), sep:' / ' );
audit(AUDIT_OS_NOT, "ML " + ml_options, version_report);
}
version_report = version_report + " SP " + sp;
if ( empty_or_null(aix_bind_vulns[oslevel][ml][sp]) ) {
sp_options = join( sort( keys(aix_bind_vulns[oslevel][ml]) ), sep:' / ' );
audit(AUDIT_OS_NOT, "SP " + sp_options, version_report);
}
foreach package ( keys(aix_bind_vulns[oslevel][ml][sp]) ) {
package_info = aix_bind_vulns[oslevel][ml][sp][package];
minfilesetver = package_info["minfilesetver"];
maxfilesetver = package_info["maxfilesetver"];
patch = package_info["patch"];
if (aix_check_ifix(release:oslevel, ml:ml, sp:sp, patch:patch, package:package, minfilesetver:minfilesetver, maxfilesetver:maxfilesetver) < 0) flag++;
}
if (flag)
{
aix_report_extra = ereg_replace(string:aix_report_get(), pattern:"[()]", replace:"");
aix_report_extra = ereg_replace(string:aix_report_extra, pattern:"[|]", replace:" or ");
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : aix_report_extra
);
}
else
{
tested = aix_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bos.net.tcp.client / bos.net.tcp.server");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Dec 2025 00:00Current
7High risk
Vulners AI Score7
CVSS 25
EPSS0.68868