AIX (IJ37226)

🗓️ 02 Mar 2022 00:00:00Reported by TenableType

AIX 7.3 TL 0 missing bind security patch (CVE-2021-25219

Reporter	Title	Published	Views	Family All 198
ALT Linux	Security fix for the ALT Linux 10 package bind version 9.11.36-alt1	8 Nov 202100:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package bind version 9.11.36-alt1	26 Nov 202100:00	–	altlinux
IBM Security Bulletins	Security Bulletin: A vulnerability in ISC BIND affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-25219)	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in BIND affects AIX (CVE-2021-25219)	16 Mar 202218:06	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Bind (CVE-2021-25219) affects Power HMC	4 Dec 202200:09	–	ibm
IBM Security Bulletins	Security Bulletin: BIND for IBM i is affected by CVE-2021-25219	22 Dec 202115:47	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	19 Jan 202313:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System [CVE-2021-25219]	26 Sep 202414:05	–	ibm
Tenable Nessus	AIX (IJ37222)	2 Mar 202200:00	–	nessus
Tenable Nessus	AIX (IJ37224)	2 Mar 202200:00	–	nessus

Source	Link
ibm	www.ibm.com/support/pages/apar/IJ37226
ibm	www.ibm.com/support/pages/node/6560382
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory bind_advisory20.asc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(158516);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/10/23");

  script_cve_id("CVE-2021-25219");

  script_name(english:"AIX (IJ37226)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AIX host is missing a security patch.");
  script_set_attribute(attribute:"description", value:
"The version of AIX installed on the remote host is prior to APAR IJ37226. It is, therefore, affected by a vulnerability
as referenced in the IJ37226 advisory.

  - In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 ->
    9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND
    9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing
    can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it
    possible for its internal data structures to grow almost infinitely, which may cause significant delays in
    client query processing. (CVE-2021-25219)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/apar/IJ37226");
  script_set_attribute(attribute:"see_also", value:"https://www.ibm.com/support/pages/node/6560382");
  script_set_attribute(attribute:"solution", value:
"Please apply the appropriate interim fix per APAR IJ37226.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25219");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"AIX Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}

include('aix.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item('Host/AIX/version') ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item('Host/AIX/lslpp') ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item('Host/AIX/emgr_failure') ) exit(0, 'This iFix check is disabled because : ' + get_kb_item('Host/AIX/emgr_failure') );

var constraints = [
    {'release': '7.3', 'ml': '00', 'sp': '01', 'patch': 'IJ37226s1b', 'package': 'bos.net.tcp.bind', 'minfilesetver': '7.3.0.0', 'maxfilesetver': '7.3.0.0'},
    {'release': '7.3', 'ml': '00', 'sp': '01', 'patch': 'IJ37226s1b', 'package': 'bos.net.tcp.bind_utils', 'minfilesetver': '7.3.0.0', 'maxfilesetver': '7.3.0.0'}
];

var flag = 0;
foreach var constraint (constraints) {
    var release = constraint['release'];
    var ml = constraint['ml'];
    var sp = constraint['sp'];
    var patch = constraint['patch'];
    var package = constraint['package'];
    var minfilesetver = constraint['minfilesetver'];
    var maxfilesetver = constraint['maxfilesetver'];
    if(aix_check_ifix(release: release, ml: ml, sp: sp, patch: patch, package: package, minfilesetver: minfilesetver, maxfilesetver: maxfilesetver) < 0) flag++;
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : aix_report_get()
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected - AIX");

23 Oct 2024 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 25

CVSS 3.15.3

EPSS0.08001