ID MARADNS_2_0_06.NASL Type nessus Reporter Tenable Modified 2018-07-14T00:00:00
Description
According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain, resulting in the domain name still resolving. This type of attack is known as a 'ghost domain' attack.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(73483);
script_version("1.3");
script_cvs_date("Date: 2018/07/14 1:59:35");
script_cve_id("CVE-2012-1570");
script_bugtraq_id(52558);
script_name(english:"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching");
script_summary(english:"Checks version of MaraDNS server");
script_set_attribute(attribute:"synopsis", value:
"The DNS server running on the remote host is affected by a domain
caching vulnerability.");
script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the MaraDNS server
running on the remote host is affected by an issue when updating DNS
records in the server's cache that were revoked, possibly for
malicious reasons. A remote attacker can continually query an affected
host for the revoked domain, resulting in the domain name still
resolving. This type of attack is known as a 'ghost domain' attack.");
script_set_attribute(attribute:"see_also", value:"http://samiam.org/blog/20120322.html");
script_set_attribute(attribute:"see_also", value:"http://samiam.org/blog/20120213.html");
script_set_attribute(attribute:"see_also", value:"http://maradns.samiam.org/security.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or
apply the relevant patch.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/22");
script_set_attribute(attribute:"patch_publication_date", value:"2012/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/11");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:maradns:maradns");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"DNS");
script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
script_dependencies("maradns_version.nasl");
script_require_keys("maradns/version", "maradns/num_ver", "Settings/ParanoidReport");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
version = get_kb_item_or_exit("maradns/version");
num_ver = get_kb_item_or_exit("maradns/num_ver");
if (report_paranoia < 2) audit(AUDIT_PARANOID);
port = 53;
fix = NULL;
# < 1.3.07.15
if (version =~ "^(0|1\.[0-3])\." && ver_compare(ver:num_ver, fix:"1.3.07.15", strict:FALSE) == -1)
fix = "1.3.07.15";
# 1.4.x < 1.4.12
else if (version =~ "^1\.4\." && ver_compare(ver:num_ver, fix:"1.4.12", strict:FALSE) == -1)
fix = "1.4.12";
# 2.x < 2.0.06
else if (version =~ "^2\.0\." && ver_compare(ver:num_ver, fix:"2.0.06", strict:FALSE) == -1)
fix = "2.0.06";
else
audit(AUDIT_LISTEN_NOT_VULN, "MaraDNS", port, version, "UDP");
if (report_verbosity > 0)
{
report =
'\n Installed version : ' + version +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:port, proto:"udp", extra:report);
}
else security_warning(port:port, proto:"udp");
{"id": "MARADNS_2_0_06.NASL", "bulletinFamily": "scanner", "title": "MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching", "description": "According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain, resulting in the domain name still resolving. This type of attack is known as a 'ghost domain' attack.", "published": "2014-04-11T00:00:00", "modified": "2018-07-14T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=73483", "reporter": "Tenable", "references": ["http://samiam.org/blog/20120213.html", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20120322.html"], "cvelist": ["CVE-2012-1570"], "type": "nessus", "lastseen": "2019-02-21T01:21:02", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:maradns:maradns"], "cvelist": ["CVE-2012-1570"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-01-16T20:18:15", "references": [{"idList": ["CVE-2012-1570"], "type": "cve"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "91a2f6582d610f058de35e628e57616627e88188c8fb7de2d88a39c07fed7738", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "a6042886597545ae94c98e81ae419533", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "87d7ecb9d1bb99e3d59af94b9e17eb94", "key": "description"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "e50ef95f68291407cea3c6f3817b4791", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "560d20d9cc617a6d4bc31ec069be09b7", "key": "cvelist"}, {"hash": "12154321cde0f43d09a755cdca599d0e", "key": "sourceData"}, {"hash": "63676431299b4da828fd3c93f98ab2db", "key": "references"}, {"hash": "f1f88bed2d1c73a1bfaf5441ada5694f", "key": "href"}, {"hash": "ed5f2bdecbd4bd349d09412d1ff6a6fb", "key": "naslFamily"}, {"hash": "e0865c06f10fb8517199f40c44c781a6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73483", "id": "MARADNS_2_0_06.NASL", "lastseen": "2019-01-16T20:18:15", "modified": "2018-07-14T00:00:00", "naslFamily": "DNS", "objectVersion": "1.3", "pluginID": "73483", "published": "2014-04-11T00:00:00", "references": ["http://samiam.org/blog/20120213.html", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20120322.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73483);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2012-1570\");\n script_bugtraq_id(52558);\n\n script_name(english:\"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a domain\ncaching vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.15\nif (version =~ \"^(0|1\\.[0-3])\\.\" && ver_compare(ver:num_ver, fix:\"1.3.07.15\", strict:FALSE) == -1)\n fix = \"1.3.07.15\";\n\n# 1.4.x < 1.4.12\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.12\", strict:FALSE) == -1)\n fix = \"1.4.12\";\n\n# 2.x < 2.0.06\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.06\", strict:FALSE) == -1)\n fix = \"2.0.06\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, proto:\"udp\", extra:report);\n}\nelse security_warning(port:port, proto:\"udp\");\n", "title": "MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 6, "lastseen": "2019-01-16T20:18:15"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:maradns:maradns"], "cvelist": ["CVE-2012-1570"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain, resulting in the domain name still resolving. This type of attack is known as a 'ghost domain' attack.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "d2407d6f7f7d6082bc0fb845f63049d93f1e525e588bd80c949baa1cda41c360", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "928be8dc50919543013a8acf71c0ebe7", "key": "sourceData"}, {"hash": "a6042886597545ae94c98e81ae419533", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ea15d30a137ccdfcee929d7320814cee", "key": "modified"}, {"hash": "57c776f3c5a69e3f1a942c1f75d418f8", "key": "description"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "e50ef95f68291407cea3c6f3817b4791", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "560d20d9cc617a6d4bc31ec069be09b7", "key": "cvelist"}, {"hash": "63676431299b4da828fd3c93f98ab2db", "key": "references"}, {"hash": "f1f88bed2d1c73a1bfaf5441ada5694f", "key": "href"}, {"hash": "ed5f2bdecbd4bd349d09412d1ff6a6fb", "key": "naslFamily"}, {"hash": "e0865c06f10fb8517199f40c44c781a6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73483", "id": "MARADNS_2_0_06.NASL", "lastseen": "2017-10-29T13:34:39", "modified": "2014-05-24T00:00:00", "naslFamily": "DNS", "objectVersion": "1.3", "pluginID": "73483", "published": "2014-04-11T00:00:00", "references": ["http://samiam.org/blog/20120213.html", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20120322.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73483);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/05/24 02:15:09 $\");\n\n script_cve_id(\"CVE-2012-1570\");\n script_bugtraq_id(52558);\n script_osvdb_id(80192);\n\n script_name(english:\"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a domain\ncaching vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.15\nif (version =~ \"^(0|1\\.[0-3])\\.\" && ver_compare(ver:num_ver, fix:\"1.3.07.15\", strict:FALSE) == -1)\n fix = \"1.3.07.15\";\n\n# 1.4.x < 1.4.12\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.12\", strict:FALSE) == -1)\n fix = \"1.4.12\";\n\n# 2.x < 2.0.06\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.06\", strict:FALSE) == -1)\n fix = \"2.0.06\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, proto:\"udp\", extra:report);\n}\nelse security_warning(port:port, proto:\"udp\");\n", "title": "MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:34:39"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:maradns:maradns"], "cvelist": ["CVE-2012-1570"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain, resulting in the domain name still resolving. This type of attack is known as a 'ghost domain' attack.", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "15a9fa92a75c14f01d3cbc3d8960a61d725c3735a1f203522be622b0f55257b7", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "a6042886597545ae94c98e81ae419533", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "57c776f3c5a69e3f1a942c1f75d418f8", "key": "description"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "e50ef95f68291407cea3c6f3817b4791", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "560d20d9cc617a6d4bc31ec069be09b7", "key": "cvelist"}, {"hash": "12154321cde0f43d09a755cdca599d0e", "key": "sourceData"}, {"hash": "63676431299b4da828fd3c93f98ab2db", "key": "references"}, {"hash": "f1f88bed2d1c73a1bfaf5441ada5694f", "key": "href"}, {"hash": "ed5f2bdecbd4bd349d09412d1ff6a6fb", "key": "naslFamily"}, {"hash": "e0865c06f10fb8517199f40c44c781a6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73483", "id": "MARADNS_2_0_06.NASL", "lastseen": "2018-07-15T03:33:40", "modified": "2018-07-14T00:00:00", "naslFamily": "DNS", "objectVersion": "1.3", "pluginID": "73483", "published": "2014-04-11T00:00:00", "references": ["http://samiam.org/blog/20120213.html", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20120322.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73483);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2012-1570\");\n script_bugtraq_id(52558);\n\n script_name(english:\"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a domain\ncaching vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.15\nif (version =~ \"^(0|1\\.[0-3])\\.\" && ver_compare(ver:num_ver, fix:\"1.3.07.15\", strict:FALSE) == -1)\n fix = \"1.3.07.15\";\n\n# 1.4.x < 1.4.12\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.12\", strict:FALSE) == -1)\n fix = \"1.4.12\";\n\n# 2.x < 2.0.06\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.06\", strict:FALSE) == -1)\n fix = \"2.0.06\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, proto:\"udp\", extra:report);\n}\nelse security_warning(port:port, proto:\"udp\");\n", "title": "MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-07-15T03:33:40"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2012-1570"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain, resulting in the domain name still resolving. This type of attack is known as a 'ghost domain' attack.", "edition": 1, "enchantments": {}, "hash": "b80785b47ed656e9cda18659a663e9fa71b5f9e6bdf05bcefbe62ef49262a64a", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "928be8dc50919543013a8acf71c0ebe7", "key": "sourceData"}, {"hash": "a6042886597545ae94c98e81ae419533", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "ea15d30a137ccdfcee929d7320814cee", "key": "modified"}, {"hash": "57c776f3c5a69e3f1a942c1f75d418f8", "key": "description"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "560d20d9cc617a6d4bc31ec069be09b7", "key": "cvelist"}, {"hash": "63676431299b4da828fd3c93f98ab2db", "key": "references"}, {"hash": "f1f88bed2d1c73a1bfaf5441ada5694f", "key": "href"}, {"hash": "ed5f2bdecbd4bd349d09412d1ff6a6fb", "key": "naslFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "e0865c06f10fb8517199f40c44c781a6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73483", "id": "MARADNS_2_0_06.NASL", "lastseen": "2016-09-26T17:23:35", "modified": "2014-05-24T00:00:00", "naslFamily": "DNS", "objectVersion": "1.2", "pluginID": "73483", "published": "2014-04-11T00:00:00", "references": ["http://samiam.org/blog/20120213.html", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20120322.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73483);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2014/05/24 02:15:09 $\");\n\n script_cve_id(\"CVE-2012-1570\");\n script_bugtraq_id(52558);\n script_osvdb_id(80192);\n\n script_name(english:\"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a domain\ncaching vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.15\nif (version =~ \"^(0|1\\.[0-3])\\.\" && ver_compare(ver:num_ver, fix:\"1.3.07.15\", strict:FALSE) == -1)\n fix = \"1.3.07.15\";\n\n# 1.4.x < 1.4.12\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.12\", strict:FALSE) == -1)\n fix = \"1.4.12\";\n\n# 2.x < 2.0.06\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.06\", strict:FALSE) == -1)\n fix = \"2.0.06\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, proto:\"udp\", extra:report);\n}\nelse security_warning(port:port, proto:\"udp\");\n", "title": "MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:35"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:maradns:maradns"], "cvelist": ["CVE-2012-1570"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain, resulting in the domain name still resolving. This type of attack is known as a 'ghost domain' attack.", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "94c228c57b7f69819d771b01c982300881f7eef385160b48084d7700c8c004da", "hashmap": [{"hash": "a6042886597545ae94c98e81ae419533", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "57c776f3c5a69e3f1a942c1f75d418f8", "key": "description"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "e50ef95f68291407cea3c6f3817b4791", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "560d20d9cc617a6d4bc31ec069be09b7", "key": "cvelist"}, {"hash": "12154321cde0f43d09a755cdca599d0e", "key": "sourceData"}, {"hash": "63676431299b4da828fd3c93f98ab2db", "key": "references"}, {"hash": "f1f88bed2d1c73a1bfaf5441ada5694f", "key": "href"}, {"hash": "ed5f2bdecbd4bd349d09412d1ff6a6fb", "key": "naslFamily"}, {"hash": "e0865c06f10fb8517199f40c44c781a6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73483", "id": "MARADNS_2_0_06.NASL", "lastseen": "2018-08-30T19:33:03", "modified": "2018-07-14T00:00:00", "naslFamily": "DNS", "objectVersion": "1.3", "pluginID": "73483", "published": "2014-04-11T00:00:00", "references": ["http://samiam.org/blog/20120213.html", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20120322.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73483);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2012-1570\");\n script_bugtraq_id(52558);\n\n script_name(english:\"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a domain\ncaching vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.15\nif (version =~ \"^(0|1\\.[0-3])\\.\" && ver_compare(ver:num_ver, fix:\"1.3.07.15\", strict:FALSE) == -1)\n fix = \"1.3.07.15\";\n\n# 1.4.x < 1.4.12\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.12\", strict:FALSE) == -1)\n fix = \"1.4.12\";\n\n# 2.x < 2.0.06\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.06\", strict:FALSE) == -1)\n fix = \"2.0.06\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, proto:\"udp\", extra:report);\n}\nelse security_warning(port:port, proto:\"udp\");\n", "title": "MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:33:03"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/a:maradns:maradns"], "cvelist": ["CVE-2012-1570"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "According to its self-reported version number, the MaraDNS server running on the remote host is affected by an issue when updating DNS records in the server's cache that were revoked, possibly for malicious reasons. A remote attacker can continually query an affected host for the revoked domain, resulting in the domain name still resolving. This type of attack is known as a 'ghost domain' attack.", "edition": 5, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "15a9fa92a75c14f01d3cbc3d8960a61d725c3735a1f203522be622b0f55257b7", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "a6042886597545ae94c98e81ae419533", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d7a2f84f623d9565d812c51123462905", "key": "modified"}, {"hash": "57c776f3c5a69e3f1a942c1f75d418f8", "key": "description"}, {"hash": "4abde03e8661f024b72277a032d82960", "key": "published"}, {"hash": "e50ef95f68291407cea3c6f3817b4791", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "560d20d9cc617a6d4bc31ec069be09b7", "key": "cvelist"}, {"hash": "12154321cde0f43d09a755cdca599d0e", "key": "sourceData"}, {"hash": "63676431299b4da828fd3c93f98ab2db", "key": "references"}, {"hash": "f1f88bed2d1c73a1bfaf5441ada5694f", "key": "href"}, {"hash": "ed5f2bdecbd4bd349d09412d1ff6a6fb", "key": "naslFamily"}, {"hash": "e0865c06f10fb8517199f40c44c781a6", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=73483", "id": "MARADNS_2_0_06.NASL", "lastseen": "2018-09-01T23:35:52", "modified": "2018-07-14T00:00:00", "naslFamily": "DNS", "objectVersion": "1.3", "pluginID": "73483", "published": "2014-04-11T00:00:00", "references": ["http://samiam.org/blog/20120213.html", "http://maradns.samiam.org/security.html", "http://samiam.org/blog/20120322.html"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73483);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2012-1570\");\n script_bugtraq_id(52558);\n\n script_name(english:\"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a domain\ncaching vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.15\nif (version =~ \"^(0|1\\.[0-3])\\.\" && ver_compare(ver:num_ver, fix:\"1.3.07.15\", strict:FALSE) == -1)\n fix = \"1.3.07.15\";\n\n# 1.4.x < 1.4.12\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.12\", strict:FALSE) == -1)\n fix = \"1.4.12\";\n\n# 2.x < 2.0.06\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.06\", strict:FALSE) == -1)\n fix = \"2.0.06\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, proto:\"udp\", extra:report);\n}\nelse security_warning(port:port, proto:\"udp\");\n", "title": "MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2018-09-01T23:35:52"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "e50ef95f68291407cea3c6f3817b4791"}, {"key": "cvelist", "hash": "560d20d9cc617a6d4bc31ec069be09b7"}, {"key": "cvss", "hash": "956b0cce3d9454921494ef535bcdf2a4"}, {"key": "description", "hash": "57c776f3c5a69e3f1a942c1f75d418f8"}, {"key": "href", "hash": "f1f88bed2d1c73a1bfaf5441ada5694f"}, {"key": "modified", "hash": "d7a2f84f623d9565d812c51123462905"}, {"key": "naslFamily", "hash": "ed5f2bdecbd4bd349d09412d1ff6a6fb"}, {"key": "pluginID", "hash": "e0865c06f10fb8517199f40c44c781a6"}, {"key": "published", "hash": "4abde03e8661f024b72277a032d82960"}, {"key": "references", "hash": "63676431299b4da828fd3c93f98ab2db"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "12154321cde0f43d09a755cdca599d0e"}, {"key": "title", "hash": "a6042886597545ae94c98e81ae419533"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "15a9fa92a75c14f01d3cbc3d8960a61d725c3735a1f203522be622b0f55257b7", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1570"]}], "modified": "2019-02-21T01:21:02"}, "score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73483);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2012-1570\");\n script_bugtraq_id(52558);\n\n script_name(english:\"MaraDNS < 1.3.07.15 / 1.4.x < 1.4.12 / 2.0.x < 2.0.06 Persistent Ghost Domain Caching\");\n script_summary(english:\"Checks version of MaraDNS server\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The DNS server running on the remote host is affected by a domain\ncaching vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the MaraDNS server\nrunning on the remote host is affected by an issue when updating DNS\nrecords in the server's cache that were revoked, possibly for\nmalicious reasons. A remote attacker can continually query an affected\nhost for the revoked domain, resulting in the domain name still\nresolving. This type of attack is known as a 'ghost domain' attack.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120322.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://samiam.org/blog/20120213.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://maradns.samiam.org/security.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MaraDNS version 1.3.07.15 / 1.4.12 / 2.0.06 or later or\napply the relevant patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/11\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:maradns:maradns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"maradns_version.nasl\");\n script_require_keys(\"maradns/version\", \"maradns/num_ver\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"maradns/version\");\nnum_ver = get_kb_item_or_exit(\"maradns/num_ver\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nport = 53;\nfix = NULL;\n\n# < 1.3.07.15\nif (version =~ \"^(0|1\\.[0-3])\\.\" && ver_compare(ver:num_ver, fix:\"1.3.07.15\", strict:FALSE) == -1)\n fix = \"1.3.07.15\";\n\n# 1.4.x < 1.4.12\nelse if (version =~ \"^1\\.4\\.\" && ver_compare(ver:num_ver, fix:\"1.4.12\", strict:FALSE) == -1)\n fix = \"1.4.12\";\n\n# 2.x < 2.0.06\nelse if (version =~ \"^2\\.0\\.\" && ver_compare(ver:num_ver, fix:\"2.0.06\", strict:FALSE) == -1)\n fix = \"2.0.06\";\n\nelse\n audit(AUDIT_LISTEN_NOT_VULN, \"MaraDNS\", port, version, \"UDP\");\n\n\nif (report_verbosity > 0)\n{\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_warning(port:port, proto:\"udp\", extra:report);\n}\nelse security_warning(port:port, proto:\"udp\");\n", "naslFamily": "DNS", "pluginID": "73483", "cpe": ["cpe:/a:maradns:maradns"], "scheme": null}
{"cve": [{"lastseen": "2017-12-13T12:05:03", "bulletinFamily": "NVD", "description": "The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack.", "modified": "2017-12-12T21:29:05", "published": "2012-03-28T06:55:00", "id": "CVE-2012-1570", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1570", "title": "CVE-2012-1570", "type": "cve", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}
