FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)
2011-11-17T00:00:00
ID FREEBSD_PKG_90CC149410AC11E1B3EC0024E830109B.NASL Type nessus Reporter Tenable Modified 2018-07-11T00:00:00
Description
The Internet Systems Consortium reports :
Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9.
Because it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2014 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
# copyright notice, this list of conditions and the following
# disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
# published online in any format, converted to PDF, PostScript,
# RTF and other formats) must reproduce the above copyright
# notice, this list of conditions and the following disclaimer
# in the documentation and/or other materials provided with the
# distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
include("compat.inc");
if (description)
{
script_id(56857);
script_version("1.12");
script_cvs_date("Date: 2018/07/11 17:09:25");
script_cve_id("CVE-2011-4313");
script_bugtraq_id(50690);
script_xref(name:"FreeBSD", value:"SA-11:06.bind");
script_name(english:"FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)");
script_summary(english:"Checks for updated packages in pkg_info output");
script_set_attribute(
attribute:"synopsis",
value:
"The remote FreeBSD host is missing one or more security-related
updates."
);
script_set_attribute(
attribute:"description",
value:
"The Internet Systems Consortium reports :
Organizations across the Internet reported crashes interrupting
service on BIND 9 nameservers performing recursive queries. Affected
servers crashed after logging an error in query.c with the following
message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple
versions were reported being affected, including all currently
supported release versions of ISC BIND 9.
Because it may be possible to trigger this bug even on networks that
do not allow untrusted users to access the recursive name servers
(perhaps via specially crafted e-mail messages, and/or malicious web
sites) it is recommended that ALL operators of recursive name servers
upgrade immediately."
);
script_set_attribute(
attribute:"see_also",
value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.isc.org/software/bind/advisories/cve-2011-4313"
);
# http://www.freebsd.org/ports/portaudit/90cc1494-10ac-11e1-b3ec-0024e830109b.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?e7043cd6"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bind96");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bind97");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:bind98");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/11/16");
script_set_attribute(attribute:"patch_publication_date", value:"2011/11/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
script_family(english:"FreeBSD Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
exit(0);
}
include("audit.inc");
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (pkg_test(save_report:TRUE, pkg:"bind96<9.6.3.1.ESV.R5.1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"bind97<9.7.4.1")) flag++;
if (pkg_test(save_report:TRUE, pkg:"bind98<9.8.1.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "FREEBSD_PKG_90CC149410AC11E1B3EC0024E830109B.NASL", "bulletinFamily": "scanner", "title": "FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)", "description": "The Internet Systems Consortium reports :\n\nOrganizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9.\n\nBecause it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately.", "published": "2011-11-17T00:00:00", "modified": "2018-07-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56857", "reporter": "Tenable", "references": ["http://www.nessus.org/u?e7043cd6", "https://www.isc.org/software/bind/advisories/cve-2011-4313", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313"], "cvelist": ["CVE-2011-4313"], "type": "nessus", "lastseen": "2018-07-12T17:48:02", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2011-4313"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The Internet Systems Consortium reports :\n\nOrganizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9.\n\nBecause it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately.", "edition": 1, "enchantments": {}, "hash": "c00be7b196f76dc7bb751d212cbe96e960acc05c789a61dd9f9f1108a99ecc55", "hashmap": [{"hash": "a2567c688d4fc6d59de92cfad1ba0ce3", "key": "title"}, {"hash": "fe45aa727b58c1249bf04cfb7b4e6ae0", "key": "naslFamily"}, {"hash": "f3ef8c702797e0afc3064ac0cbfaf8d5", "key": "pluginID"}, {"hash": "14c1ce0f58e7f634112cfbb0e0d4a7ad", "key": "href"}, {"hash": "671c85044174cb5a566c7bfacf882668", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "70828e511d153246701946c464817849", "key": "sourceData"}, {"hash": "5794fcabce0bd1e1e4eb2a59b8d1563e", "key": "cvelist"}, {"hash": "bfed5d0e0b1e2e5e2b41a7cbb99cf951", "key": "references"}, {"hash": "6d82fb1b22f205cec391f9c81e0c5ef3", "key": "modified"}, {"hash": "6d61df32c0ffb9b6519c88e052c9e317", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=56857", "id": "FREEBSD_PKG_90CC149410AC11E1B3EC0024E830109B.NASL", "lastseen": "2016-09-26T17:24:28", "modified": "2014-01-27T00:00:00", "naslFamily": "FreeBSD Local Security Checks", "objectVersion": "1.2", "pluginID": "56857", "published": "2011-11-17T00:00:00", "references": ["http://www.nessus.org/u?e7043cd6", "https://www.isc.org/software/bind/advisories/cve-2011-4313", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56857);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2014/01/27 00:45:20 $\");\n\n script_cve_id(\"CVE-2011-4313\");\n script_bugtraq_id(50690);\n script_osvdb_id(77159);\n script_xref(name:\"FreeBSD\", value:\"SA-11:06.bind\");\n\n script_name(english:\"FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Internet Systems Consortium reports :\n\nOrganizations across the Internet reported crashes interrupting\nservice on BIND 9 nameservers performing recursive queries. Affected\nservers crashed after logging an error in query.c with the following\nmessage: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple\nversions were reported being affected, including all currently\nsupported release versions of ISC BIND 9.\n\nBecause it may be possible to trigger this bug even on networks that\ndo not allow untrusted users to access the recursive name servers\n(perhaps via specially crafted e-mail messages, and/or malicious web\nsites) it is recommended that ALL operators of recursive name servers\nupgrade immediately.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/software/bind/advisories/cve-2011-4313\"\n );\n # http://www.freebsd.org/ports/portaudit/90cc1494-10ac-11e1-b3ec-0024e830109b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7043cd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind96\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind98\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind96<9.6.3.1.ESV.R5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind97<9.7.4.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind98<9.8.1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:24:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:freebsd:freebsd:bind96", "p-cpe:/a:freebsd:freebsd:bind97", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:bind98"], "cvelist": ["CVE-2011-4313"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "The Internet Systems Consortium reports :\n\nOrganizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple versions were reported being affected, including all currently supported release versions of ISC BIND 9.\n\nBecause it may be possible to trigger this bug even on networks that do not allow untrusted users to access the recursive name servers (perhaps via specially crafted e-mail messages, and/or malicious web sites) it is recommended that ALL operators of recursive name servers upgrade immediately.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "00029b1bce8d56b331b57028150ddf4749c7a00d243f32752f94b9050dcc8554", "hashmap": [{"hash": "a2567c688d4fc6d59de92cfad1ba0ce3", "key": "title"}, {"hash": "fe45aa727b58c1249bf04cfb7b4e6ae0", "key": "naslFamily"}, {"hash": "f3ef8c702797e0afc3064ac0cbfaf8d5", "key": "pluginID"}, {"hash": "14c1ce0f58e7f634112cfbb0e0d4a7ad", "key": "href"}, {"hash": "671c85044174cb5a566c7bfacf882668", "key": "published"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "70828e511d153246701946c464817849", "key": "sourceData"}, {"hash": "5794fcabce0bd1e1e4eb2a59b8d1563e", "key": "cvelist"}, {"hash": "5d4804308aa84f09656a93863bf75d56", "key": "cpe"}, {"hash": "bfed5d0e0b1e2e5e2b41a7cbb99cf951", "key": "references"}, {"hash": "6d82fb1b22f205cec391f9c81e0c5ef3", "key": "modified"}, {"hash": "6d61df32c0ffb9b6519c88e052c9e317", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=56857", "id": "FREEBSD_PKG_90CC149410AC11E1B3EC0024E830109B.NASL", "lastseen": "2017-10-29T13:37:42", "modified": "2014-01-27T00:00:00", "naslFamily": "FreeBSD Local Security Checks", "objectVersion": "1.3", "pluginID": "56857", "published": "2011-11-17T00:00:00", "references": ["http://www.nessus.org/u?e7043cd6", "https://www.isc.org/software/bind/advisories/cve-2011-4313", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56857);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2014/01/27 00:45:20 $\");\n\n script_cve_id(\"CVE-2011-4313\");\n script_bugtraq_id(50690);\n script_osvdb_id(77159);\n script_xref(name:\"FreeBSD\", value:\"SA-11:06.bind\");\n\n script_name(english:\"FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Internet Systems Consortium reports :\n\nOrganizations across the Internet reported crashes interrupting\nservice on BIND 9 nameservers performing recursive queries. Affected\nservers crashed after logging an error in query.c with the following\nmessage: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple\nversions were reported being affected, including all currently\nsupported release versions of ISC BIND 9.\n\nBecause it may be possible to trigger this bug even on networks that\ndo not allow untrusted users to access the recursive name servers\n(perhaps via specially crafted e-mail messages, and/or malicious web\nsites) it is recommended that ALL operators of recursive name servers\nupgrade immediately.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/software/bind/advisories/cve-2011-4313\"\n );\n # http://www.freebsd.org/ports/portaudit/90cc1494-10ac-11e1-b3ec-0024e830109b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7043cd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind96\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind98\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind96<9.6.3.1.ESV.R5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind97<9.7.4.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind98<9.8.1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:37:42"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "5d4804308aa84f09656a93863bf75d56"}, {"key": "cvelist", "hash": "5794fcabce0bd1e1e4eb2a59b8d1563e"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "6d61df32c0ffb9b6519c88e052c9e317"}, {"key": "href", "hash": "14c1ce0f58e7f634112cfbb0e0d4a7ad"}, {"key": "modified", "hash": "e3da22819dd9cc8296d561d46b4d725a"}, {"key": "naslFamily", "hash": "fe45aa727b58c1249bf04cfb7b4e6ae0"}, {"key": "pluginID", "hash": "f3ef8c702797e0afc3064ac0cbfaf8d5"}, {"key": "published", "hash": "671c85044174cb5a566c7bfacf882668"}, {"key": "references", "hash": "bfed5d0e0b1e2e5e2b41a7cbb99cf951"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "3976b86475e4f7045659d3bc6228035a"}, {"key": "title", "hash": "a2567c688d4fc6d59de92cfad1ba0ce3"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "c0fd7bb592d47f19688a57955f8897d2c15f81283b3760ac1c8c729a1e572b06", "viewCount": 0, "enchantments": {"vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2014 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56857);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2011-4313\");\n script_bugtraq_id(50690);\n script_xref(name:\"FreeBSD\", value:\"SA-11:06.bind\");\n\n script_name(english:\"FreeBSD : BIND -- Remote DOS (90cc1494-10ac-11e1-b3ec-0024e830109b)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Internet Systems Consortium reports :\n\nOrganizations across the Internet reported crashes interrupting\nservice on BIND 9 nameservers performing recursive queries. Affected\nservers crashed after logging an error in query.c with the following\nmessage: 'INSIST(! dns_rdataset_isassociated(sigrdataset))' Multiple\nversions were reported being affected, including all currently\nsupported release versions of ISC BIND 9.\n\nBecause it may be possible to trigger this bug even on networks that\ndo not allow untrusted users to access the recursive name servers\n(perhaps via specially crafted e-mail messages, and/or malicious web\nsites) it is recommended that ALL operators of recursive name servers\nupgrade immediately.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/software/bind/advisories/cve-2011-4313\"\n );\n # http://www.freebsd.org/ports/portaudit/90cc1494-10ac-11e1-b3ec-0024e830109b.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7043cd6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind96\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind98\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind96<9.6.3.1.ESV.R5.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind97<9.7.4.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind98<9.8.1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "pluginID": "56857", "cpe": ["p-cpe:/a:freebsd:freebsd:bind96", "p-cpe:/a:freebsd:freebsd:bind97", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:bind98"]}
{"result": {"cve": [{"id": "CVE-2011-4313", "type": "cve", "title": "CVE-2011-4313", "description": "query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.", "published": "2011-11-29T12:55:02", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4313", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-01-06T12:20:56"}], "f5": [{"id": "F5:K14204", "type": "f5", "title": "BIND vulnerability CVE-2011-4313", "description": "\nF5 Product Development has assigned ID 372590 to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/services/customer-support/ihealth/>) may list Heuristic H389449 on the **Diagnostics** > **Identified **> **High **screen.\n\nTo find out whether F5 has determined that your release is vulnerable, and to obtain information about releases or hotfixes that resolve the vulnerability, refer to the following table: \n\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 9.4.0 - 9.4.8 HF4 \n10.0.0 - 10.2.3 \n11.0.0 - 11.1.0 \n| 9.4.8 HF5 \n10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.4.0 \n| BIND \nBIG-IP AAM | None | 11.4.0 | None \nBIG-IP AFM | None | 11.3.0 - 11.4.0 \n| None \nBIG-IP Analytics | None | 11.0.0 - 1.4.0 \n| None \nBIG-IP APM | 10.1.0 - 10.2.3 \n11.0.0 - 11.1.0 \n| 10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.4.0 \n| BIND \nBIG-IP ASM | 9.4.0 - 9.4.8 HF4 \n10.0.0 - 10.2.3 \n11.0.0 - 11.1.0 \n| 9.4.8 HF5 \n10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.4.0 \n| BIND \nBIG-IP Edge Gateway \n| 10.1.0 - 10.2.3 \n11.0.0 - 11.1.0 | 10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.4.0 \n| BIND \nBIG-IP GTM | 9.4.0 - 9.4.8 HF4 \n10.0.0 - 10.2.3 \n11.0.0 - 11.1.0 \n| 9.4.8 HF5 \n10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.4.0 \n| BIND \nBIG-IP Link Controller | 9.4.0 - 9.4.8 HF4 \n10.0.0 - 10.2.3 \n11.0.0 - 11.1.0 | 9.4.8 HF5 \n10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.4.0 \n| BIND \nBIG-IP PEM | None \n| 11.3.0 - 11.4.0 \n| None \nBIG-IP PSM | 9.4.5 - 9.4.8 HF4 \n10.0.0 - 10.2.3 \n11.0.0 - 11.1.0 | 9.4.8 HF5 \n10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.4.0 \n| BIND \nBIG-IP WebAccelerator | 9.4.0- 9.4.8 HF4 \n10.0.0 - 10.2.3 \n11.0.0 - 11.1.0 | 9.4.8 HF5 \n10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.3.0 \n| BIND \nBIG-IP WOM | 10.0.0 - 10.2.3 \n11.0.0 - 11.1.0 \n| 10.2.1 HF4 \n10.2.2 HF4 \n10.2.3 HF1 \n10.2.4 \n11.1.0 HF1 \n11.2.0 - 11.3.0 \n| BIND \nARX | None | 5.x \n6.x \n| None \nEnterprise Manager | None \n| 1.0.0 - 1.8.0* \n2.0.0 - 2.3.0* \n3.x \n| None \nFirePass | None | 6.x \n7.x \n| None \n \n* F5 Product Development has determined that these Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled.\n\nTo eliminate this vulnerability, upgrade to a version that is listed in the **Versions known to be not vulnerable** column in the previous table.\n\n * [Common Vulnerabilities and Exposures (CVE-2011-4313)](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents.](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x)](<https://support.f5.com/csp/article/K13123>)\n * [K10025: Managing BIG-IP product hotfixes (10.x)](<https://support.f5.com/csp/article/K10025>)\n * [K6845: Managing BIG-IP product hotfixes (9.x)](<https://support.f5.com/csp/article/K6845>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n", "published": "2013-02-13T01:34:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K14204", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-06-08T00:16:38"}, {"id": "SOL14204", "type": "f5", "title": "SOL14204 - BIND vulnerability CVE-2011-4313", "description": "* F5 Product Development has determined that these Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled.\n\nRecommended action\n\nTo eliminate this vulnerability, upgrade to a version that is listed in the **Versions known to be not vulnerable** column in the previous table.\n\nSupplemental Information\n\n * [Common Vulnerabilities and Exposures (CVE-2011-4313)](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313>)\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL10025: Managing BIG-IP product hotfixes (10.x)\n * SOL6845: Managing BIG-IP product hotfixes (9.x)\n * SOL9502: BIG-IP hotfix matrix\n", "published": "2013-02-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/14000/200/sol14204.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-26T17:23:26"}], "cert": [{"id": "VU:606539", "type": "cert", "title": "ISC BIND 9 resolver denial of service vulnerability", "description": "### Overview\n\nISC BIND 9 resolver contains a remote packet denial of service vulnerability after logging an error in query.c.\n\n### Description\n\nAccording to [ISC](<http://www.isc.org/software/bind/advisories/cve-2011-4313>): \n\n_An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. ISC is working on determining the ultimate cause by which a record with this particular inconsistency is cached.At this time we are making available a patch which makes named recover gracefully from the inconsistency, preventing the abnormal exit. \n \nThe patch has two components. When a client query is handled, the code which processes the response to the client has to ask the cache for the records for the name that is being queried. The first component of the patch prevents the cache from returning the inconsistent data. The second component prevents named from crashing if it detects that it has been given an inconsistent answer of this nature._ \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker can cause the BIND 9 resolver to crash creating a denial of service condition. \n \n--- \n \n### Solution\n\n \n**Apply an update** \n \nUsers who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors. \n \nThis vulnerability is addressed in ISC BIND versions 9.4-ESV-R5-P1, 9.6-ESV-R5-P1, 9.7.4-P1 and 9.8.1-P1. Users of BIND from the original source distribution should upgrade to this version. \n \nSee also <http://www.isc.org/software/bind/advisories/cve-2011-4313> \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nDebian GNU/Linux| | -| 06 Jan 2012 \nFedora Project| | -| 06 Jan 2012 \nHewlett-Packard Company| | -| 06 Jan 2012 \nInternet Systems Consortium| | -| 16 Nov 2011 \nMandriva S. A.| | -| 06 Jan 2012 \nOracle Corporation| | -| 28 Nov 2011 \nRed Hat, Inc.| | -| 06 Jan 2012 \nSUSE Linux| | -| 06 Jan 2012 \nUbuntu| | -| 06 Jan 2012 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23606539 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.isc.org/software/bind/advisories/cve-2011-4313>\n * <https://www.isc.org/software/bind/981-p1>\n * <https://www.isc.org/software/bind/974-p1>\n * <https://www.isc.org/software/bind/96-esv-r5-p1>\n * <https://www.isc.org/software/bind/94-esv-r5-p1>\n\n### Credit\n\nThanks to Internet Systems Consortium for reporting this vulnerability.\n\nThis document was written by Michael Orlando.\n\n### Other Information\n\n * CVE IDs: [CVE-2011-4313](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4313>)\n * Date Public: 16 Nov 2011\n * Date First Published: 22 Nov 2011\n * Date Last Updated: 06 Jan 2012\n * Severity Metric: 21.92\n * Document Revision: 11\n\n", "published": "2011-11-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/606539", "cvelist": ["CVE-2011-4313", "CVE-2011-4313"], "lastseen": "2016-02-03T09:12:43"}], "freebsd": [{"id": "90CC1494-10AC-11E1-B3EC-0024E830109B", "type": "freebsd", "title": "BIND -- Remote DOS", "description": "\nThe Internet Systems Consortium reports:\n\nOrganizations across the Internet reported crashes interrupting\n\t service on BIND 9 nameservers performing recursive queries.\n\t Affected servers crashed after logging an error in query.c with\n\t the following message: \"INSIST(! dns_rdataset_isassociated(sigrdataset))\"\n\t Multiple versions were reported being affected, including all\n\t currently supported release versions of ISC BIND 9.\nBecause it may be possible to trigger this bug even on networks\n\t that do not allow untrusted users to access the recursive name\n\t servers (perhaps via specially crafted e-mail messages, and/or\n\t malicious web sites) it is recommended that ALL operators of\n\t recursive name servers upgrade immediately.\n\n", "published": "2011-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/90cc1494-10ac-11e1-b3ec-0024e830109b.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-26T17:24:42"}], "ubuntu": [{"id": "USN-1264-1", "type": "ubuntu", "title": "Bind vulnerability", "description": "It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.", "published": "2011-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1264-1/", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-03-29T18:17:07"}], "openvas": [{"id": "OPENVAS:1361412562310881312", "type": "openvas", "title": "CentOS Update for bind CESA-2011:1458 centos5 x86_64", "description": "Check for the Version of bind", "published": "2012-07-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881312", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-04-06T11:19:50"}, {"id": "OPENVAS:136141256231070561", "type": "openvas", "title": "Debian Security Advisory DSA 2347-1 (bind9)", "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 2347-1.", "published": "2012-02-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070561", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-04-06T11:20:04"}, {"id": "OPENVAS:70599", "type": "openvas", "title": "FreeBSD Ports: bind96", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2012-02-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70599", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-07-02T21:10:44"}, {"id": "OPENVAS:831495", "type": "openvas", "title": "Mandriva Update for bind MDVSA-2011:176 (bind)", "description": "Check for the Version of bind", "published": "2011-11-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831495", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-07-24T12:55:51"}, {"id": "OPENVAS:1361412562310881048", "type": "openvas", "title": "CentOS Update for bind CESA-2011:1496 centos4 i386", "description": "Check for the Version of bind", "published": "2011-12-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881048", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-04-09T11:37:24"}, {"id": "OPENVAS:1361412562310831496", "type": "openvas", "title": "Mandriva Update for bind MDVSA-2011:176-1 (bind)", "description": "Check for the Version of bind", "published": "2011-11-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831496", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-04-09T11:35:31"}, {"id": "OPENVAS:1361412562310881045", "type": "openvas", "title": "CentOS Update for bind CESA-2011:1458 centos5 i386", "description": "Check for the Version of bind", "published": "2011-11-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881045", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-04-09T11:37:54"}, {"id": "OPENVAS:881048", "type": "openvas", "title": "CentOS Update for bind CESA-2011:1496 centos4 i386", "description": "Check for the Version of bind", "published": "2011-12-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881048", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-07-25T10:55:45"}, {"id": "OPENVAS:870515", "type": "openvas", "title": "RedHat Update for bind RHSA-2011:1458-01", "description": "Check for the Version of bind", "published": "2011-11-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870515", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-07-27T10:55:22"}, {"id": "OPENVAS:881044", "type": "openvas", "title": "CentOS Update for bind97 CESA-2011:1459 centos5 i386", "description": "Check for the Version of bind97", "published": "2011-11-21T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881044", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-07-25T10:55:32"}], "nessus": [{"id": "REDHAT-RHSA-2011-1459.NASL", "type": "nessus", "title": "RHEL 5 : bind97 (RHSA-2011:1459)", "description": "Updated bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion.\n(CVE-2011-4313)\n\nUsers of bind97 are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "published": "2011-11-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56867", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-29T13:45:06"}, {"id": "CENTOS_RHSA-2011-1458.NASL", "type": "nessus", "title": "CentOS 5 : bind (CESA-2011:1458)", "description": "Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion.\n(CVE-2011-4313)\n\nUsers of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "published": "2011-11-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56879", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-07-03T09:57:44"}, {"id": "SUSE_BIND-7851.NASL", "type": "nessus", "title": "SuSE 10 Security Update : bind (ZYPP Patch Number 7851)", "description": "This update fixes the issue that specially crafted DNS queries could crash the bind name server. (CVE-2011-4313)\n\nAdditionally, a syntax check warning complaining about every include file that only provides a snippet for the overall configuration has been removed.", "published": "2011-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=57162", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-29T13:37:45"}, {"id": "UBUNTU_USN-1264-1.NASL", "type": "nessus", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : bind9 vulnerability (USN-1264-1)", "description": "It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-11-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56861", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-29T13:38:47"}, {"id": "BIND9_981_P1.NASL", "type": "nessus", "title": "ISC BIND 9 Query.c Logging Resolver Denial of Service", "description": "According to its self-reported version number, the remote installation of BIND is potentially affected by a denial of service vulnerability. An unidentified network event causes BIND9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure. \n\nNote that Nessus has only relied on the version itself and has not attempted to determine whether or not the install is actually affected.", "published": "2011-11-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56862", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-06-29T06:19:03"}, {"id": "F5_BIGIP_SOL14204.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : BIND vulnerability (SOL14204)", "description": "ISC reports that query.c in BIND may allow remote attackers to cause a denial-of-service (assertion failure and named exit). The vulnerability uses unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.\nThe affected versions of BIND are as follows :", "published": "2014-10-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78144", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-07-12T18:27:04"}, {"id": "SL_20111117_BIND_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion.\n(CVE-2011-4313)\n\nUsers of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "published": "2012-08-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=61178", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-29T13:41:50"}, {"id": "CENTOS_RHSA-2011-1496.NASL", "type": "nessus", "title": "CentOS 4 : bind (CESA-2011:1496)", "description": "Updated bind packages that fix one security issue are now available for Red Hat Enterprise Linux 4.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion.\n(CVE-2011-4313)\n\nUsers of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "published": "2011-11-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56973", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-29T13:39:32"}, {"id": "OPENSUSE-2011-13.NASL", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2011-13)", "description": "- Cache lookup could return RRSIG data associated with nonexistent records, leading to an assertion failure.\n (bnc#730995) CVE-2011-4313", "published": "2014-06-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74518", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-29T13:41:30"}, {"id": "FEDORA_2011-16036.NASL", "type": "nessus", "title": "Fedora 15 : bind-9.8.1-3.P1.fc15 (2011-16036)", "description": "Update to the 9.8.1-P1 security release which fixes CVE-2011-4313.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2011-11-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=56952", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-29T13:43:53"}], "oraclelinux": [{"id": "ELSA-2011-1496", "type": "oraclelinux", "title": "bind security update", "description": "[20:9.2.4-38]\n- fix CVE-2011-4313", "published": "2011-11-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-1496.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-04T11:16:46"}, {"id": "ELSA-2011-1459", "type": "oraclelinux", "title": "bind97 security update", "description": "[32:9.7.0-6.P2.4]\n- fix DOS against recursive servers (#754398)", "published": "2011-11-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-1459.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-04T11:16:13"}, {"id": "ELSA-2011-1458", "type": "oraclelinux", "title": "bind security update", "description": "[32:9.7.3-2.3.P3]\n- fix DOS against recursive servers (#754398)\n[32:9.7.3-2.2.P3]\n- update to 9.7.3-P3 (CVE-2011-2464)\n[32:9.7.3-2.1.P1]\n- update to 9.7.3-P1 (CVE-2011-1910)", "published": "2011-11-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2011-1458.html", "cvelist": ["CVE-2011-2464", "CVE-2011-4313", "CVE-2011-1910"], "lastseen": "2016-09-04T11:16:27"}], "debian": [{"id": "DSA-2347", "type": "debian", "title": "bind9 -- improper assert", "description": "It was discovered that BIND, a DNS server, crashes while processing certain sequences of recursive DNS queries, leading to a denial of service. Authoritative-only server configurations are not affected by this issue.\n\nFor the oldstable distribution (lenny), this problem has been fixed in version 1:9.6.ESV.R4+dfsg-0+lenny4.\n\nFor the stable distribution (squeeze), this problem has been fixed in version 1:9.7.3.dfsg-1~squeeze4.\n\nWe recommend that you upgrade your bind9 packages.", "published": "2011-11-16T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-2347", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-02T18:20:41"}], "amazon": [{"id": "ALAS-2011-24", "type": "amazon", "title": "Important: bind", "description": "**Issue Overview:**\n\nA flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion.\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n bind-9.7.3-2.11.amzn1.i686 \n bind-debuginfo-9.7.3-2.11.amzn1.i686 \n bind-utils-9.7.3-2.11.amzn1.i686 \n bind-sdb-9.7.3-2.11.amzn1.i686 \n bind-chroot-9.7.3-2.11.amzn1.i686 \n bind-libs-9.7.3-2.11.amzn1.i686 \n bind-devel-9.7.3-2.11.amzn1.i686 \n \n src: \n bind-9.7.3-2.11.amzn1.src \n \n x86_64: \n bind-libs-9.7.3-2.11.amzn1.x86_64 \n bind-devel-9.7.3-2.11.amzn1.x86_64 \n bind-9.7.3-2.11.amzn1.x86_64 \n bind-debuginfo-9.7.3-2.11.amzn1.x86_64 \n bind-chroot-9.7.3-2.11.amzn1.x86_64 \n bind-sdb-9.7.3-2.11.amzn1.x86_64 \n bind-utils-9.7.3-2.11.amzn1.x86_64 \n \n \n", "published": "2011-11-30T21:59:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2011-24.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-28T21:04:01"}], "centos": [{"id": "CESA-2011:1458", "type": "centos", "title": "bind, caching security update", "description": "**CentOS Errata and Security Advisory** CESA-2011:1458\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which\ncaused it to cache an invalid record. A remote attacker could use this\nflaw to send repeated queries for this invalid record, causing the\nresolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313)\n\nUsers of bind are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018207.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018208.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-sdb\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1458.html", "published": "2011-11-18T08:24:22", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2011-November/018207.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-03T18:24:34"}, {"id": "CESA-2011:1496", "type": "centos", "title": "bind security update", "description": "**CentOS Errata and Security Advisory** CESA-2011:1496\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which\ncaused it to cache an invalid record. A remote attacker could use this\nflaw to send repeated queries for this invalid record, causing the\nresolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313)\n\nUsers of bind are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018259.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018260.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1496.html", "published": "2011-11-29T13:31:45", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2011-November/018259.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-03T18:24:25"}, {"id": "CESA-2011:1459", "type": "centos", "title": "bind97 security update", "description": "**CentOS Errata and Security Advisory** CESA-2011:1459\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which\ncaused it to cache an invalid record. A remote attacker could use this\nflaw to send repeated queries for this invalid record, causing the\nresolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313)\n\nUsers of bind97 are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018209.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-November/018210.html\n\n**Affected packages:**\nbind97\nbind97-chroot\nbind97-devel\nbind97-libs\nbind97-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-1459.html", "published": "2011-11-18T08:25:41", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2011-November/018209.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-10-03T18:25:02"}], "redhat": [{"id": "RHSA-2011:1458", "type": "redhat", "title": "(RHSA-2011:1458) Important: bind security update", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which\ncaused it to cache an invalid record. A remote attacker could use this\nflaw to send repeated queries for this invalid record, causing the\nresolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313)\n\nUsers of bind are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n", "published": "2011-11-17T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1458", "cvelist": ["CVE-2011-4313"], "lastseen": "2018-06-12T21:09:09"}, {"id": "RHSA-2011:1496", "type": "redhat", "title": "(RHSA-2011:1496) Important: bind security update", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which\ncaused it to cache an invalid record. A remote attacker could use this\nflaw to send repeated queries for this invalid record, causing the\nresolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313)\n\nUsers of bind are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n", "published": "2011-11-29T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1496", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-09-09T07:19:44"}, {"id": "RHSA-2011:1459", "type": "redhat", "title": "(RHSA-2011:1459) Important: bind97 security update", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS queries, which\ncaused it to cache an invalid record. A remote attacker could use this\nflaw to send repeated queries for this invalid record, causing the\nresolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313)\n\nUsers of bind97 are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n", "published": "2011-11-17T05:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2011:1459", "cvelist": ["CVE-2011-4313"], "lastseen": "2017-09-09T07:19:15"}], "suse": [{"id": "SUSE-SU-2011:1270-1", "type": "suse", "title": "Security update for bind (important)", "description": "This update fixes the issue that specially crafted DNS\n queries could crash the bind name server. (CVE-2011-4313\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313</a>\n > )\n", "published": "2011-11-22T02:08:16", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00028.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-04T12:43:04"}, {"id": "OPENSUSE-SU-2011:1272-1", "type": "suse", "title": "bind (important)", "description": "specially crafted DNS queries could crash the bind name\n server (CVE-2011-4313).\n\n", "published": "2011-11-22T13:08:45", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-04T12:43:04"}, {"id": "SUSE-SU-2011:1268-1", "type": "suse", "title": "Security update for bind (important)", "description": "This update for bind fixes the issue that specially crafted\n DNS queries could crash the bind name server\n (CVE-2011-4313\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313</a>\n > ) .\n\n Additionally, a syntax check warning for include files as\n that one is failing on every include file that only\n provides a snippet for the overall configuration has been\n removed.\n", "published": "2011-11-22T01:08:39", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00027.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-04T11:43:03"}, {"id": "SUSE-SU-2011:1270-2", "type": "suse", "title": "Security update for bind (important)", "description": "This update fixes the issue that specially crafted DNS\n queries could crash the bind name server. (CVE-2011-4313\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313</a>\n > )\n", "published": "2011-11-23T05:08:36", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00031.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-04T12:14:51"}, {"id": "SUSE-SU-2011:1270-3", "type": "suse", "title": "Security update for bind (important)", "description": "The following bug has been fixed:\n\n * specially crafted DNS queries could crash the bind\n name server (CVE-2011-4313).\n", "published": "2011-11-30T18:08:19", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00033.html", "cvelist": ["CVE-2011-4313"], "lastseen": "2016-09-04T11:49:45"}], "gentoo": [{"id": "GLSA-201206-01", "type": "gentoo", "title": "BIND: Multiple vulnerabilities", "description": "### Background\n\nBIND is the Berkeley Internet Name Domain Server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow remote attackers to cause a Denial of Service (daemon crash) via a DNS query, to bypass intended access restrictions, to incorrectly cache a ncache entry and a rrsig for the same type and to incorrectly mark zone data as insecure. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll bind users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/bind-9.7.4_p1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since December 22, 2011. It is likely that your system is already no longer affected by this issue.", "published": "2012-06-02T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201206-01", "cvelist": ["CVE-2011-0414", "CVE-2011-2464", "CVE-2010-3615", "CVE-2011-2465", "CVE-2010-3614", "CVE-2010-3613", "CVE-2011-4313", "CVE-2010-3762", "CVE-2011-1910"], "lastseen": "2016-09-06T19:46:55"}]}}
