Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_CVE-2023-6516.NASLHistoryJul 03, 2024 - 12:00 a.m.
CBL Mariner 2.0 Security Update: bind (CVE-2023-6516)
2024-07-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
cbl mariner 2.0
security update
bind
cve-2023-6516
vulnerability
cache database
named
recursive resolver
maintenance
cleanup events
max-cache-size
nessus
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.6
Confidence
High
The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6516 advisory.
- To keep its cache database efficient,
namedrunning as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance,namedMay not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configuredmax-cache-sizelimit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1. (CVE-2023-6516)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(201700);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/07/26");
script_cve_id("CVE-2023-6516");
script_xref(name:"IAVA", value:"2024-A-0103-S");
script_name(english:"CBL Mariner 2.0 Security Update: bind (CVE-2023-6516)");
script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of bind installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected
by a vulnerability as referenced in the CVE-2023-6516 advisory.
- To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to
clean up the database. It uses several methods, including some that are asynchronous: a small chunk of
memory pointing to the cache element that can be cleaned up is first allocated and then queued for later
processing. It was discovered that if the resolver is continuously processing query patterns triggering
this type of cache-database maintenance, `named` May not be able to handle the cleanup events in a timely
manner. This in turn enables the list of queued cleanup events to grow infinitely large over time,
allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9
versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1. (CVE-2023-6516)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2023-6516");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-6516");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/07/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-chroot");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-dlz-filesystem");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-dlz-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-dlz-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-dlz-sqlite3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-dnssec-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-dnssec-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-license");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-pkcs11");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-pkcs11-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-pkcs11-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-pkcs11-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:bind-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:python3-bind");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MarinerOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);
if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);
var pkgs = [
{'reference':'bind-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-chroot-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-chroot-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-debuginfo-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-debuginfo-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-devel-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-devel-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-filesystem-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-filesystem-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-ldap-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-ldap-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-mysql-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-mysql-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-sqlite3-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dlz-sqlite3-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dnssec-doc-9.16.48-1.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dnssec-doc-9.16.48-1.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dnssec-utils-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-dnssec-utils-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-libs-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-libs-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-license-9.16.48-1.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-license-9.16.48-1.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-devel-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-devel-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-libs-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-libs-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-utils-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-pkcs11-utils-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-utils-9.16.48-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bind-utils-9.16.48-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-bind-9.16.48-1.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-bind-9.16.48-1.cm2', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind / bind-chroot / bind-debuginfo / bind-devel / etc');
}
Related
redhatcve
redhatcve
CVE-2023-6516
2024-02-14 20:32:22
cvelist
cvelist
alpinelinux
alpinelinux
CVE-2023-6516
2024-02-13 14:15:46
cbl_mariner
cbl_mariner
CVE-2023-6516 affecting package bind for versions less than 9.16.48-1
2024-03-05 17:52:42
CVE-2023-6516 affecting package bind for versions less than 9.19.21-1
2024-03-19 17:21:46
openvas
openvas
ISC BIND DoS Vulnerability (CVE-2023-6516) - Linux
2024-02-14 00:00:00
ISC BIND DoS Vulnerability (CVE-2023-6516) - Windows
2024-02-14 00:00:00
Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1759)
2024-05-30 00:00:00
cgr
cgr
CVE-2023-6516 vulnerabilities
2024-05-19 03:07:16
vulnrichment
vulnrichment
cve
cve
CVE-2023-6516
2024-02-13 14:15:46
osv
osv
CVE-2023-6516
2024-02-13 14:15:46
CGA-qf93-7p9p-9xr2
2024-06-06 12:26:18
Security update for bind
2024-06-11 10:12:55
wolfi
wolfi
CVE-2023-6516 vulnerabilities
2024-09-28 03:12:03
f5
f5
K000138991 : BIND vulnerability CVE-2023-6516
2024-03-22 00:00:00
debiancve
debiancve
CVE-2023-6516
2024-02-13 14:15:46
prion
prion
Type confusion
2024-02-13 14:15:00
nvd
nvd
CVE-2023-6516
2024-02-13 14:15:46
veracode
veracode
Denial Of Service
2024-02-17 11:24:32
nessus
nessus
EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1759)
2024-05-30 00:00:00
EulerOS 2.0 SP12 : bind (EulerOS-SA-2024-1736)
2024-05-30 00:00:00
ubuntucve
ubuntucve
CVE-2023-6516
2024-02-13 00:00:00
slackware
slackware
[slackware-security] bind
2024-02-13 19:35:21
ubuntu
ubuntu
Bind vulnerabilities
2024-02-19 00:00:00
ibm
ibm
oraclelinux
oraclelinux
bind security update
2024-05-07 00:00:00
bind9.16 security update
2024-04-11 00:00:00
bind security update
2024-04-11 00:00:00
redhat
redhat
(RHSA-2024:1803) Important: bind and bind-dyndb-ldap security updates
2024-04-15 00:59:23
(RHSA-2024:1781) Important: bind9.16 security update
2024-04-11 10:36:46
(RHSA-2024:1800) Important: bind and bind-dyndb-ldap security updates
2024-04-15 00:59:14
fedora
fedora
[SECURITY] Fedora 39 Update: bind-dyndb-ldap-11.10-24.fc39
2024-02-19 02:29:30
[SECURITY] Fedora 39 Update: bind-9.18.24-1.fc39
2024-02-19 02:29:30
[SECURITY] Fedora 38 Update: bind-dyndb-ldap-11.10-23.fc38
2024-03-04 01:27:18
almalinux
almalinux
Important: bind security update
2024-04-11 00:00:00
Important: bind security update
2024-04-30 00:00:00
Important: bind9.16 security update
2024-04-11 00:00:00
debian
debian
[SECURITY] [DSA 5621-1] bind9 security update
2024-02-14 07:58:57
rocky
rocky
bind security update
2024-05-10 14:32:38
bind9.16 security update
2024-05-06 13:04:21
aix
aix
AIX is vulnerable to denial of service due to ISC BIND
2024-06-04 16:06:25
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0563
2024-02-13 00:00:00
Important Photon OS Security Update - PHSA-2024-3.0-0727
2024-02-15 00:00:00
hp
hp
HP ThinPro 8.0 SP 9 Security Updates
2024-06-17 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.6
Confidence
High
Related for MARINER_CVE-2023-6516.NASL