Lucene search

K
nessusThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.BIND9_980_P4.NASL
HistoryJul 07, 2011 - 12:00 a.m.

ISC BIND 9 Unspecified Packet Processing Remote DoS

2011-07-0700:00:00
This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
www.tenable.com
11

According to its self-reported version number, the remote installation of BIND is potentially affected by a denial of service vulnerability. If an attacker sends a specially crafted request to a BIND server it may cause the name server process to crash.

Note that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually vulnerable.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(55534);
  script_version("1.7");
  script_cvs_date("Date: 2018/09/17 21:46:53");

  script_cve_id("CVE-2011-2464");
  script_bugtraq_id(48566);
  script_xref(name:"CERT", value:"142646");
  script_xref(name:"Secunia", value:"45185");

  script_name(english:"ISC BIND 9 Unspecified Packet Processing Remote DoS");
  script_summary(english:"Checks version of BIND.");

  script_set_attribute(attribute:"synopsis", value:
"The remote name server may be affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the remote
installation of BIND is potentially affected by a denial of service
vulnerability.  If an attacker sends a specially crafted request to a
BIND server it may cause the name server process to crash. 

Note that Nessus has only relied on the version itself and has not
attempted to determine whether or not the install is actually
vulnerable.");

  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae0ba8c4");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1bd57ee2");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?76bd7779");
  script_set_attribute(attribute:"see_also", value:"http://www.isc.org/software/bind/advisories/cve-2011-2464");

  script_set_attribute(attribute:"solution", value:
"Upgrade to BIND 9.6-ESV-R4-P3 / 9.7.3-P3 / 9.8.0-P4 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-2464");
  script_set_attribute(attribute:"cvss_score_rationale", value:"The issue causes ISC BIND to crash, which warrants an Availability impact score of Complete.");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/07/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/07");

  script_set_attribute(attribute:"cpe", value:"cpe:/a:isc:bind");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"DNS");

  script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");

  script_dependencies("bind_version.nasl");
  script_require_keys("bind/version", "Settings/ParanoidReport");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

if (report_paranoia < 2)
  exit(1, "This plugin only runs if 'Report paranoia' is set to 'Paranoid'.");

ver = get_kb_item_or_exit("bind/version");

# Check whether BIND is vulnerable, and recommend an upgrade.
fix = NULL;
if (ver =~ "^9\.5\.3(b|rc)1($|[^0-9])" || ver =~ "^9\.6(\.3$|-ESV-R(4($|-P[12]($|[^0-9]))|3($|[^0-9])))")
  fix = "9.6-ESV-R4-P3";
else if (ver =~ "^9\.7\.([0-2]|3($|-P[12]($|[^0-9])))" || ver == "9.7.4b1")
  fix = "9.7.3-P3";
else if (ver =~ "^9\.8\.0($|-P[1-3]($|[^0-9]))" || ver == "9.8.1b1")
  fix = "9.8.0-P4";

if (isnull(fix))
  exit(0, "BIND version " + ver + " is running on UDP port 53 and thus is not affected.");

if (report_verbosity > 0)
{
  report =
    '\n  Installed version : ' + ver +
    '\n  Fixed version     : ' + fix +
    '\n';
  security_hole(port:53, proto:"udp", extra:report);
} else security_hole(port:53, proto:"udp");
VendorProductVersion
iscbind