AIX 6.1 TL 0 : bind (IZ56315)

2013-01-24T00:00:00
ID AIX_IZ56315.NASL
Type nessus
Reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
Modified 2020-09-02T00:00:00

Description

AIX 'named' is an implementation of BIND (Berkeley Internet Name Domain) providing server functionality for the Domain Name System (DNS) Protocol. AIX currently ships and supports three versions of BIND: 4, 8, and 9.

There is an error in the handling of dynamic update messages in BIND 9. A crafted update packet from a remote user can cause a master server to assert and exit. The successful exploitation of this vulnerability allows a remote, unauthenticated user to make a master DNS server assert and exit.

The following command is vulnerable :

/usr/sbin/named9.

                                        
                                            #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The text in the description was extracted from AIX Security
# Advisory bind_advisory.asc.
#

include("compat.inc");

if (description)
{
  script_id(63794);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/16 14:12:52");

  script_cve_id("CVE-2009-0696");

  script_name(english:"AIX 6.1 TL 0 : bind (IZ56315)");
  script_summary(english:"Check for APAR IZ56315");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote AIX host is missing a security patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"AIX 'named' is an implementation of BIND (Berkeley Internet Name
Domain) providing server functionality for the Domain Name System
(DNS) Protocol. AIX currently ships and supports three versions of
BIND: 4, 8, and 9.

There is an error in the handling of dynamic update messages in BIND
9. A crafted update packet from a remote user can cause a master
server to assert and exit. The successful exploitation of this
vulnerability allows a remote, unauthenticated user to make a master
DNS server assert and exit.

The following command is vulnerable :

/usr/sbin/named9."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.isc.org/node/474"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://aix.software.ibm.com/aix/efixes/security/bind_advisory.asc"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Install the appropriate interim fix."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(16);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:ibm:aix:6.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/08/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
  script_family(english:"AIX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/AIX/lslpp", "Host/local_checks_enabled", "Host/AIX/version");

  exit(0);
}



include("audit.inc");
include("global_settings.inc");
include("aix.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if ( ! get_kb_item("Host/AIX/version") ) audit(AUDIT_OS_NOT, "AIX");
if ( ! get_kb_item("Host/AIX/lslpp") ) audit(AUDIT_PACKAGE_LIST_MISSING);

if ( get_kb_item("Host/AIX/emgr_failure" ) ) exit(0, "This iFix check is disabled because : "+get_kb_item("Host/AIX/emgr_failure") );

flag = 0;

if (aix_check_ifix(release:"6.1", ml:"00", patch:"IZ56315_00", package:"bos.net.tcp.server", minfilesetver:"6.1.0.0", maxfilesetver:"6.1.0.8") < 0) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");