Lucene search

K
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.AIX_IJ44422.NASL
HistoryDec 27, 2022 - 12:00 a.m.

AIX 7.1 TL 5 : bind (IJ44422)

2022-12-2700:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
53
isc bind
denial of service
vulnerabilities
dnssec
ecdsa
eddsa
resolver code

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

75.3%

https://vulners.com/cve/CVE-2022-38178 ISC BIND is vulnerable to a denial of service, caused by a memory leak in the DNSSEC verification code for the EdDSA algorithm. By spoofing the target resolver with responses that have a malformed EdDSA signature, a remote attacker could exploit this vulnerability to cause named to crash. ISC BIND is vulnerable to a denial of service, caused by an error when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause named to crash. ISC BIND is vulnerable to a denial of service, caused by a small memory leak in the DNSSEC verification code for the ECDSA algorithm. By spoofing the target resolver with responses that have a malformed ECDSA signature, a remote attacker could exploit this vulnerability to cause named to crash. ISC BIND is vulnerable to a denial of service, caused by a flaw in resolver code. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to severely degrade the resolver’s performance, effectively denying legitimate clients access to the DNS resolution service.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory bind_advisory22.asc.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(169316);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/20");

  script_cve_id("CVE-2022-2795", "CVE-2022-3080", "CVE-2022-38177", "CVE-2022-38178");

  script_name(english:"AIX 7.1 TL 5 : bind (IJ44422)");
  script_summary(english:"Check for APAR IJ44422");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description",
    value:
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178 ISC BIND
is vulnerable to a denial of service, caused by a memory leak in the
DNSSEC verification code for the EdDSA algorithm. By spoofing the
target resolver with responses that have a malformed EdDSA signature,
a remote attacker could exploit this vulnerability to cause named to
crash. ISC BIND is vulnerable to a denial of service, caused by an
error when stale cache and stale answers are enabled, option
stale-answer-client-timeout is set to 0 and there is a stale CNAME in
the cache for an incoming query. By sending a specially-crafted
request, a remote attacker could exploit this vulnerability to cause
named to crash. ISC BIND is vulnerable to a denial of service, caused
by a small memory leak in the DNSSEC verification code for the ECDSA
algorithm. By spoofing the target resolver with responses that have a
malformed ECDSA signature, a remote attacker could exploit this
vulnerability to cause named to crash. ISC BIND is vulnerable to a
denial of service, caused by a flaw in resolver code. By flooding the
target resolver with queries, a remote attacker could exploit this
vulnerability to severely degrade the resolver's performance,
effectively denying legitimate clients access to the DNS resolution
service."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://aix.software.ibm.com/aix/efixes/security/bind_advisory22.asc"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-38178");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:7.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"7.1", ml:"05", sp:"08", patch:"IJ44422mAa", package:"bos.net.tcp.server", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.35") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"08", patch:"IJ44422mAa", package:"bos.net.tcp.client", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.42") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"09", patch:"IJ44422mAa", package:"bos.net.tcp.server", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.35") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"09", patch:"IJ44422mAa", package:"bos.net.tcp.client", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.42") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"10", patch:"IJ44422mAa", package:"bos.net.tcp.server", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.35") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"10", patch:"IJ44422mAa", package:"bos.net.tcp.client", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.42") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"11", patch:"IJ44422sBa", package:"bos.net.tcp.server", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.35") < 0) flag++;
if (aix_check_ifix(release:"7.1", ml:"05", sp:"11", patch:"IJ44422sBa", package:"bos.net.tcp.client", minfilesetver:"7.1.5.0", maxfilesetver:"7.1.5.42") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:aix_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.005

Percentile

75.3%