Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1376.NASL
HistoryMay 14, 2019 - 12:00 a.m.

EulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376)

2019-05-1400:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

According to the versions of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  • A denial of service flaw was discovered in bind versions that include the ‘deny-answer-aliases’ feature. This flaw may allow a remote attacker to trigger an INSIST assert in named leading to termination of the process and a denial of service condition.(CVE-2018-5740)

  • A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request.(CVE-2017-3145)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(124879);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2017-3145",
    "CVE-2018-5740"
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : bind (EulerOS-SA-2019-1376)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the bind packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerabilities :

  - A denial of service flaw was discovered in bind
    versions that include the 'deny-answer-aliases'
    feature. This flaw may allow a remote attacker to
    trigger an INSIST assert in named leading to
    termination of the process and a denial of service
    condition.(CVE-2018-5740)

  - A use-after-free flaw leading to denial of service was
    found in the way BIND internally handled cleanup
    operations on upstream recursion fetch contexts. A
    remote attacker could potentially use this flaw to make
    named, acting as a DNSSEC validating resolver, exit
    unexpectedly with an assertion failure via a specially
    crafted DNS request.(CVE-2017-3145)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1376
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a6e2bb7e");
  script_set_attribute(attribute:"solution", value:
"Update the affected bind packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs-lite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-license");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["bind-libs-9.9.4-61.1.h2",
        "bind-libs-lite-9.9.4-61.1.h2",
        "bind-license-9.9.4-61.1.h2",
        "bind-utils-9.9.4-61.1.h2"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind");
}
VendorProductVersionCPE
huaweieulerosbind-libsp-cpe:/a:huawei:euleros:bind-libs
huaweieulerosbind-libs-litep-cpe:/a:huawei:euleros:bind-libs-lite
huaweieulerosbind-licensep-cpe:/a:huawei:euleros:bind-license
huaweieulerosbind-utilsp-cpe:/a:huawei:euleros:bind-utils
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.1.0

Related

openvas 50
fedora 10
nessus 63
redhatcve 2
ibm 8
slackware 2
mageia 3
checkpoint_advisories 1
veracode 4
prion 2
ubuntu 4
centos 4
amazon 4
ubuntucve 2
debiancve 2
osv 6
cve 2
alpinelinux 2
oraclelinux 4
f5 2
redhat 6
debian 5
altlinux 3
suse 5
archlinux 1
cloudfoundry 1
gentoo 1
openvas
openvas
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1376)
2020-01-23 00:00:00
Fedora Update for bind FEDORA-2018-90f8fbd58e
2018-08-23 00:00:00
Slackware: Security Advisory (SSA:2018-222-01)
2022-04-21 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: bind-9.11.4-2.P1.fc27
2018-08-22 10:44:07
[SECURITY] Fedora 27 Update: bind-dyndb-ldap-11.1-8.fc27
2018-01-23 21:53:31
[SECURITY] Fedora 27 Update: bind-9.11.2-1.P1.fc27
2018-01-23 21:53:31
nessus
nessus
Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20180827)
2018-08-28 00:00:00
EulerOS Virtualization 2.5.0 : bind (EulerOS-SA-2018-1343)
2018-10-26 00:00:00
RHEL 7 : bind (RHSA-2018:2570)
2018-08-28 00:00:00
redhatcve
redhatcve
CVE-2018-5740
2022-01-13 06:42:03
CVE-2017-3145
2019-10-09 22:44:46
ibm
ibm
Security Bulletin: Publicly disclosed vulnerability from BIND affect IBM Netezza Host Management
2019-10-18 03:36:34
Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5740
2019-12-18 14:26:38
Security Bulletin: A vulnerability in ISC Bind affects PowerKVM
2018-12-17 14:55:02
slackware
slackware
[slackware-security] bind
2018-08-10 23:54:53
[slackware-security] bind
2018-01-17 21:36:38
mageia
mageia
Updated bind packages fix security vulnerability
2018-08-24 02:35:07
Updated bind packages fix security vulnerability
2018-01-25 01:37:59
Updated bind packages fix security vulnerability
2018-01-25 01:37:59
checkpoint_advisories
checkpoint_advisories
ISC BIND deny-answer-aliases Assertion Failure Denial of Service (CVE-2018-5740)
2019-02-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-17 06:06:16
Denial Of Service (DoS)
2019-01-15 09:25:37
Denial Of Service (DoS)
2018-05-09 10:48:03
prion
prion
Design/Logic Flaw
2019-01-16 20:29:00
Design/Logic Flaw
2019-01-16 20:29:00
ubuntu
ubuntu
Bind vulnerability
2018-09-20 00:00:00
Bind vulnerability
2018-10-01 00:00:00
Bind vulnerability
2018-01-17 00:00:00
centos
centos
bind security update
2018-08-28 15:48:00
bind security update
2018-08-28 15:39:55
bind security update
2018-01-22 14:11:38
amazon
amazon
Important: bind
2018-09-20 18:45:00
Important: bind
2018-09-19 17:17:00
Important: bind
2018-02-20 21:02:00
ubuntucve
ubuntucve
CVE-2018-5740
2018-08-09 00:00:00
CVE-2017-3145
2018-01-16 00:00:00
debiancve
debiancve
CVE-2018-5740
2019-01-16 20:29:00
CVE-2017-3145
2019-01-16 20:29:00
osv
osv
CVE-2018-5740
2019-01-16 20:29:01
bind9 - security update
2018-08-30 00:00:00
bind9 - security update
2018-01-21 00:00:00
cve
cve
CVE-2018-5740
2019-01-16 20:29:00
CVE-2017-3145
2019-01-16 20:29:00
alpinelinux
alpinelinux
CVE-2018-5740
2019-01-16 20:29:00
CVE-2017-3145
2019-01-16 20:29:00
oraclelinux
oraclelinux
bind security update
2018-08-27 00:00:00
bind security update
2018-08-27 00:00:00
bind security update
2018-01-22 00:00:00
f5
f5
K98528405 : BIG-IP BIND vulnerability CVE-2018-5740
2018-08-27 00:00:00
K08613310 : BIND vulnerability CVE-2017-3145
2018-01-23 00:00:00
redhat
redhat
(RHSA-2018:2571) Important: bind security update
2018-08-27 14:11:31
(RHSA-2018:2570) Important: bind security update
2018-08-27 14:10:35
(RHSA-2018:0488) Important: bind security update
2018-03-12 18:09:34
debian
debian
[SECURITY] [DLA 1485-1] bind9 security update
2018-08-30 20:15:31
[SECURITY] [DLA 1255-1] bind9 security update
2018-01-21 21:44:35
[SECURITY] [DSA 4089-1] bind9 security update
2018-01-16 22:05:58
altlinux
altlinux
Security fix for the ALT Linux 9 package bind version 9.11.2.P1-alt1
2018-01-17 00:00:00
Security fix for the ALT Linux 9 package bind version 9.11.4.P1-alt1
2018-08-13 00:00:00
Security fix for the ALT Linux 8 package bind version 9.10.8.P1-alt1
2019-08-26 00:00:00
suse
suse
Security update for bind (important)
2018-02-05 12:11:02
Security update for bind (important)
2018-02-01 00:13:25
Security update for bind (important)
2018-01-30 21:08:26
archlinux
archlinux
[ASA-201801-16] bind: denial of service
2018-01-18 00:00:00
cloudfoundry
cloudfoundry
USN-3535-1: Bind vulnerability | Cloud Foundry
2018-01-24 00:00:00
gentoo
gentoo
BIND: Multiple vulnerabilities
2019-03-14 00:00:00
JSON
Related for EULEROS_SA-2019-1376.NASL
openvas50fedora10nessus63redhatcve2ibm8slackware2mageia3checkpoint_advisories1veracode4prion2ubuntu4centos4amazon4ubuntucve2debiancve2osv6cve2alpinelinux2oraclelinux4f52redhat6debian5altlinux3suse5archlinux1cloudfoundry1gentoo1