Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2568.NASLHistoryFeb 22, 2021 - 12:00 a.m.
Debian DLA-2568-1 : bind9 security update
2021-02-2200:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
It was discovered that there was a buffer overflow attack in the bind9 DNS server caused by an issue in the GSSAPI (‘Generic Security Services’) security policy negotiation.
For Debian 9 ‘Stretch’, this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u8.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2568-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(146736);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/03/02");
script_cve_id("CVE-2020-8625");
script_name(english:"Debian DLA-2568-1 : bind9 security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that there was a buffer overflow attack in the bind9
DNS server caused by an issue in the GSSAPI ('Generic Security
Services') security policy negotiation.
For Debian 9 'Stretch', this problem has been fixed in version
1:9.10.3.dfsg.P4-12.3+deb9u8.
We recommend that you upgrade your bind9 packages.
For the detailed security status of bind9 please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/bind9
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2021/02/msg00029.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/stretch/bind9"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/source-package/bind9"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8625");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9-host");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dnsutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:host");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbind-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbind-export-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libbind9-140");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdns-export162");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdns-export162-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libdns162");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libirs-export141");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libirs-export141-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libirs141");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisc-export160");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisc-export160-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisc160");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisccc-export140");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisccc-export140-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisccc140");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisccfg-export140");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisccfg-export140-udeb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libisccfg140");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:liblwres141");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lwresd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/02/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/22");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"9.0", prefix:"bind9", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"bind9-doc", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"bind9-host", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"bind9utils", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"dnsutils", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"host", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libbind-dev", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libbind-export-dev", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libbind9-140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libdns-export162", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libdns-export162-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libdns162", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libirs-export141", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libirs-export141-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libirs141", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisc-export160", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisc-export160-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisc160", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisccc-export140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisccc-export140-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisccc140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisccfg-export140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisccfg-export140-udeb", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"libisccfg140", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"liblwres141", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (deb_check(release:"9.0", prefix:"lwresd", reference:"1:9.10.3.dfsg.P4-12.3+deb9u8")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | bind9 | p-cpe:/a:debian:debian_linux:bind9 |
| debian | debian_linux | bind9-doc | p-cpe:/a:debian:debian_linux:bind9-doc |
| debian | debian_linux | bind9-host | p-cpe:/a:debian:debian_linux:bind9-host |
| debian | debian_linux | bind9utils | p-cpe:/a:debian:debian_linux:bind9utils |
| debian | debian_linux | dnsutils | p-cpe:/a:debian:debian_linux:dnsutils |
| debian | debian_linux | host | p-cpe:/a:debian:debian_linux:host |
| debian | debian_linux | libbind-dev | p-cpe:/a:debian:debian_linux:libbind-dev |
| debian | debian_linux | libbind-export-dev | p-cpe:/a:debian:debian_linux:libbind-export-dev |
| debian | debian_linux | libbind9-140 | p-cpe:/a:debian:debian_linux:libbind9-140 |
| debian | debian_linux | libdns-export162 | p-cpe:/a:debian:debian_linux:libdns-export162 |
Related
suse
suse
Security update for bind (important)
2021-03-03 00:00:00
nessus
nessus
RHEL 8 : bind (RHSA-2021:0922)
2021-03-17 00:00:00
Oracle Linux 6 : bind (ELSA-2021-9117)
2021-03-18 00:00:00
RHEL 8 : bind (RHSA-2021:0670)
2021-03-01 00:00:00
ubuntucve
ubuntucve
CVE-2020-8625
2021-02-17 00:00:00
centos
centos
bind security update
2021-03-02 16:40:18
alpinelinux
alpinelinux
CVE-2020-8625
2021-02-17 23:15:00
amazon
amazon
Important: bind
2021-03-18 01:13:00
Important: bind
2021-03-18 17:22:00
archlinux
archlinux
[ASA-202102-40] bind: arbitrary code execution
2021-02-27 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package bind version 9.11.28-alt1
2021-03-04 00:00:00
Security fix for the ALT Linux 10 package bind version 9.11.28-alt1
2021-02-18 00:00:00
zdi
zdi
osv
osv
CVE-2020-8625
2021-02-17 23:15:13
bind9 - security update
2021-02-18 00:00:00
bind9 vulnerability
2021-03-01 18:12:48
debian
debian
[SECURITY] [DLA 2568-1] bind9 security update
2021-02-19 08:50:42
[SECURITY] [DSA 4857-1] bind9 security update
2021-02-18 21:42:20
[SECURITY] [DSA 4857-1] bind9 security update
2021-02-18 21:42:37
redhat
redhat
(RHSA-2021:0672) Important: bind security update
2021-03-01 13:55:00
(RHSA-2021:0671) Important: bind security update
2021-03-01 13:54:52
(RHSA-2021:0693) Important: bind security update
2021-03-02 11:28:47
openvas
openvas
ISC BIND Buffer Overflow Vulnerability (CVE-2020-8625) - Windows
2021-02-18 00:00:00
Fedora: Security Advisory for bind (FEDORA-2021-8b4744f152)
2021-03-20 00:00:00
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2021-1865)
2021-05-19 00:00:00
cve
cve
CVE-2020-8625
2021-02-17 23:15:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2020-8625
2021-09-21 22:00:10
f5
f5
K13591074 : BIND vulnerability CVE-2020-8625
2021-03-05 00:00:00
almalinux
almalinux
Important: bind security update
2021-03-01 13:54:46
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0370
2021-03-12 00:00:00
Important Photon OS Security Update - PHSA-2021-0370
2021-03-12 00:00:00
Important Photon OS Security Update - PHSA-2021-0207
2021-03-15 00:00:00
prion
prion
Default configuration
2021-02-17 23:15:00
ubuntu
ubuntu
Bind vulnerability
2021-03-01 00:00:00
Bind vulnerability
2021-02-18 00:00:00
debiancve
debiancve
CVE-2020-8625
2021-02-17 23:15:00
redhatcve
redhatcve
CVE-2020-8625
2021-02-18 15:33:37
mageia
mageia
Updated bind packages fix security vulnerability
2021-03-04 19:53:32
cvelist
cvelist
oraclelinux
oraclelinux
bind security update
2021-03-18 00:00:00
bind security update
2021-03-02 00:00:00
bind security update
2021-03-02 00:00:00
veracode
veracode
Remote Code Execution
2021-02-18 21:52:26
fedora
fedora
[SECURITY] Fedora 32 Update: bind-9.11.28-1.fc32
2021-03-03 23:26:54
[SECURITY] Fedora 33 Update: bind-9.11.28-1.fc33
2021-03-03 23:15:50
[SECURITY] Fedora 34 Update: bind-9.16.11-5.fc34
2021-03-19 20:20:10
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2020-8625 affecting package bind 9.16.3-3
2021-04-06 23:50:08
checkpoint_advisories
checkpoint_advisories
ISC BIND Invalid TKEY Query Denial Of Service (CVE-2015-5477; CVE-2020-8625)
2015-08-01 00:00:00
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00
Related for DEBIAN_DLA-2568.NASL