Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2054.NASL
HistoryJun 08, 2010 - 12:00 a.m.

Debian DSA-2054-1 : bind9 - DNS cache poisoning

2010-06-0800:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
JSON

Several cache-poisoning vulnerabilities have been discovered in BIND.
These vulnerabilities apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default.

The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2010-0097 BIND does not properly validate DNSSEC NSEC records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

  • CVE-2010-0290 When processing crafted responses containing CNAME or DNAME records, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.

  • CVE-2010-0382 When processing certain responses containing out-of-bailiwick data, BIND is subject to a DNS cache poisoning vulnerability, provided that DNSSEC validation is enabled and trust anchors have been installed.

In addition, this update introduce a more conservative query behavior in the presence of repeated DNSSEC validation failures, addressing the ‘roll over and die’ phenomenon. The new version also supports the cryptographic algorithm used by the upcoming signed ICANN DNS root (RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence algorithm used by some signed top-level domains.

This update is based on a new upstream version of BIND 9, 9.6-ESV-R1.
Because of the scope of changes, extra care is recommended when installing the update. Due to ABI changes, new Debian packages are included, and the update has to be installed using ‘apt-get dist-upgrade’ (or an equivalent aptitude command).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2054. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(46829);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2010-0097", "CVE-2010-0290", "CVE-2010-0382");
  script_bugtraq_id(37118, 37865);
  script_xref(name:"DSA", value:"2054");

  script_name(english:"Debian DSA-2054-1 : bind9 - DNS cache poisoning");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several cache-poisoning vulnerabilities have been discovered in BIND.
These vulnerabilities apply only if DNSSEC validation is enabled and
trust anchors have been installed, which is not the default.

The Common Vulnerabilities and Exposures project identifies the
following problems :

  - CVE-2010-0097
    BIND does not properly validate DNSSEC NSEC records,
    which allows remote attackers to add the Authenticated
    Data (AD) flag to a forged NXDOMAIN response for an
    existing domain.

  - CVE-2010-0290
    When processing crafted responses containing CNAME or
    DNAME records, BIND is subject to a DNS cache poisoning
    vulnerability, provided that DNSSEC validation is
    enabled and trust anchors have been installed.

  - CVE-2010-0382
    When processing certain responses containing
    out-of-bailiwick data, BIND is subject to a DNS cache
    poisoning vulnerability, provided that DNSSEC validation
    is enabled and trust anchors have been installed.

In addition, this update introduce a more conservative query behavior
in the presence of repeated DNSSEC validation failures, addressing the
'roll over and die' phenomenon. The new version also supports the
cryptographic algorithm used by the upcoming signed ICANN DNS root
(RSASHA256 from RFC 5702), and the NSEC3 secure denial of existence
algorithm used by some signed top-level domains.

This update is based on a new upstream version of BIND 9, 9.6-ESV-R1.
Because of the scope of changes, extra care is recommended when
installing the update. Due to ABI changes, new Debian packages are
included, and the update has to be installed using 'apt-get
dist-upgrade' (or an equivalent aptitude command)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-0097"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-0290"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-0382"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2010/dsa-2054"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the bind9 packages.

For the stable distribution (lenny), these problems have been fixed in
version 1:9.6.ESV.R1+dfsg-0+lenny1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:bind9");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/06/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"bind9", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"bind9-doc", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"bind9-host", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"bind9utils", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"dnsutils", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libbind-dev", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libbind9-50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libdns55", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libisc52", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libisccc50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"libisccfg50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"liblwres50", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;
if (deb_check(release:"5.0", prefix:"lwresd", reference:"1:9.6.ESV.R1+dfsg-0+lenny1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxbind9p-cpe:/a:debian:debian_linux:bind9
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0

Related

openvas 32
osv 1
debian 2
redhat 2
nessus 31
centos 1
oraclelinux 1
gentoo 1
securityvulns 5
ubuntu 1
f5 6
veracode 2
cert 1
cve 3
ubuntucve 3
prion 3
debiancve 3
slackware 1
fedora 2
altlinux 4
suse 1
vmware 2
openvas
openvas
Debian Security Advisory DSA 2054-2 (bind9)
2010-07-06 00:00:00
Debian Security Advisory DSA 2054-1 (bind9)
2010-06-10 00:00:00
Debian: Security Advisory (DSA-2054-1)
2010-07-06 00:00:00
osv
osv
bind9 - cache poisoning
2010-06-04 00:00:00
debian
debian
[SECURITY] [DSA 2054-2] New bind9 packages fix cache poisoning
2010-06-15 20:05:57
[SECURITY] [DSA 2054-1] New bind9 packages fix cache poisoning
2010-06-04 19:22:30
redhat
redhat
(RHSA-2010:0062) Moderate: bind security update
2010-01-20 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : bind (MDVSA-2010:021)
2010-01-21 00:00:00
RHEL 5 : bind (RHSA-2010:0062)
2010-01-21 00:00:00
CentOS 5 : bind (CESA-2010:0062)
2010-01-21 00:00:00
centos
centos
bind, caching security update
2010-01-20 17:59:57
oraclelinux
oraclelinux
bind security update
2010-01-20 00:00:00
gentoo
gentoo
BIND: Multiple vulnerabilities
2010-06-01 00:00:00
securityvulns
securityvulns
rPSA-2010-0018-1 bind bind-utils caching-nameserver
2010-03-17 00:00:00
bind DNS server cache poisoning
2010-03-17 00:00:00
[ MDVSA-2010:021 ] bind
2010-01-21 00:00:00
ubuntu
ubuntu
Bind vulnerabilities
2010-01-20 00:00:00
f5
f5
SOL15787 - BIND vulnerability CVE-2010-0382
2014-11-03 00:00:00
K17025 : BIND DNSSEC vulnerability CVE-2010-0097
2015-07-30 00:00:00
SOL17025 - BIND DNSSEC vulnerability CVE-2010-0097
2015-07-30 00:00:00
veracode
veracode
Cache Poisoning Attack
2020-04-10 00:41:37
Cache Poisoning Attack
2020-04-10 00:41:38
cert
cert
BIND 9 DNSSEC validation code could cause fake NXDOMAIN responses
2010-01-19 00:00:00
cve
cve
CVE-2010-0097
2010-01-22 22:00:00
CVE-2010-0382
2010-01-22 22:00:00
CVE-2010-0290
2010-01-22 22:00:00
ubuntucve
ubuntucve
CVE-2010-0097
2010-01-19 00:00:00
CVE-2010-0382
2010-01-22 00:00:00
CVE-2010-0290
2010-01-19 00:00:00
prion
prion
Code injection
2010-01-22 22:00:00
Code injection
2010-01-22 22:00:00
Design/Logic Flaw
2010-01-22 22:00:00
debiancve
debiancve
CVE-2010-0097
2010-01-22 22:00:00
CVE-2010-0382
2010-01-22 22:00:00
CVE-2010-0290
2010-01-22 22:00:00
slackware
slackware
[slackware-security] bind
2010-06-25 18:32:41
fedora
fedora
[SECURITY] Fedora 12 Update: bind-9.6.1-15.P3.fc12
2010-01-21 00:14:47
[SECURITY] Fedora 11 Update: bind-9.6.1-9.P3.fc11
2010-01-21 00:13:26
altlinux
altlinux
Security fix for the ALT Linux 6 package bind version 9.3.6-alt7
2011-12-16 00:00:00
Security fix for the ALT Linux 7 package bind version 9.3.6-alt7
2011-12-16 00:00:00
Security fix for the ALT Linux 9 package bind version 9.3.6-alt7
2011-12-16 00:00:00
suse
suse
remote code execution in acroread
2010-01-26 16:40:23
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
JSON
Related for DEBIAN_DSA-2054.NASL
openvas32osv1debian2redhat2nessus31centos1oraclelinux1gentoo1securityvulns5ubuntu1f56veracode2cert1cve3ubuntucve3prion3debiancve3slackware1fedora2altlinux4suse1vmware2