#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(170823);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/30");
script_cve_id(
"CVE-2020-8622",
"CVE-2020-8625",
"CVE-2021-25214",
"CVE-2021-25215",
"CVE-2021-25219"
);
script_name(english:"EulerOS Virtualization 3.0.2.2 : bind (EulerOS-SA-2023-1244)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :
- In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the
BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating
the server receiving the TSIG-signed request, could send a truncated response to that request, triggering
an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to
correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and
message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
(CVE-2020-8622)
- BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG
features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed,
but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or
tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-
TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server
environments that combine BIND servers with Active Directory domain controllers. The most likely outcome
of a successful exploitation of the vulnerability is a crash of the named process. However, remote code
execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11,
and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition.
Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)
- In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and
9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11
of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR
triggering the flaw described above, the named process will terminate due to a failed assertion the next
time the transferred secondary zone is refreshed. (CVE-2021-25214)
- In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 ->
9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND
9.17 development branch, when a vulnerable version of named receives a query for a record triggering the
flaw described above, the named process will terminate due to a failed assertion check. The vulnerability
affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other
versions of BIND 9. (CVE-2021-25215)
- In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 ->
9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND
9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing
can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it
possible for its internal data structures to grow almost infinitely, which may cause significant delays in
client query processing. (CVE-2021-25219)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1244
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a6d8a7b");
script_set_attribute(attribute:"solution", value:
"Update the affected bind packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8625");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/20");
script_set_attribute(attribute:"patch_publication_date", value:"2023/01/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-libs-lite");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-license");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bind-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"bind-libs-9.9.4-61.1.h17.eulerosv2r7",
"bind-libs-lite-9.9.4-61.1.h17.eulerosv2r7",
"bind-license-9.9.4-61.1.h17.eulerosv2r7",
"bind-utils-9.9.4-61.1.h17.eulerosv2r7"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation