NewStart CGSL MAIN 6.06 : bind Multiple Vulnerabilities (NS-SA-2023-0134)

2023-11-0800:00:00

www.tenable.com

newstart cgsl

main 6.06

bind packages

multiple vulnerabilities

dns resolution service

cve-2021-25220

cve-2022-2795

nessus scanner

6.9 Medium

AI Score

Confidence

High

JSON

The remote NewStart CGSL host, running version MAIN 6.06, has bind packages installed that are affected by multiple vulnerabilities:

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. (CVE-2021-25220)
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver’s performance, effectively denying legitimate clients access to the DNS resolution service.
(CVE-2022-2795)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2023-0134. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(185389);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/14");

  script_cve_id("CVE-2021-25220", "CVE-2022-2795");
  script_xref(name:"IAVA", value:"2022-A-0387-S");
  script_xref(name:"IAVA", value:"2023-A-0500");
  script_xref(name:"IAVA", value:"2022-A-0122-S");

  script_name(english:"NewStart CGSL MAIN 6.06 : bind Multiple Vulnerabilities (NS-SA-2023-0134)");

  script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.06, has bind packages installed that are affected by multiple
vulnerabilities:

  - BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 ->
    9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including
    Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
    The cache could become poisoned with incorrect records leading to queries being made to the wrong servers,
    which might also result in false information being returned to clients. (CVE-2021-25220)

  - By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the
    resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
    (CVE-2022-2795)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/notice/NS-SA-2023-0134");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2021-25220");
  script_set_attribute(attribute:"see_also", value:"https://security.gd-linux.com/info/CVE-2022-2795");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-25220");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/11/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-chroot");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-export-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-export-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-libs-lite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-license");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-lite-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-pkcs11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-pkcs11-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-pkcs11-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-pkcs11-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-sdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-sdb-chroot");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bind-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python3-bind");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (os_release !~ "CGSL MAIN 6.06")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.06');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

var flag = 0;

var pkgs = {
  'CGSL MAIN 6.06': [
    'bind-9.11.36-8.zncgsl6',
    'bind-chroot-9.11.36-8.zncgsl6',
    'bind-devel-9.11.36-8.zncgsl6',
    'bind-export-devel-9.11.36-8.zncgsl6',
    'bind-export-libs-9.11.36-8.zncgsl6',
    'bind-libs-9.11.36-8.zncgsl6',
    'bind-libs-lite-9.11.36-8.zncgsl6',
    'bind-license-9.11.36-8.zncgsl6',
    'bind-lite-devel-9.11.36-8.zncgsl6',
    'bind-pkcs11-9.11.36-8.zncgsl6',
    'bind-pkcs11-devel-9.11.36-8.zncgsl6',
    'bind-pkcs11-libs-9.11.36-8.zncgsl6',
    'bind-pkcs11-utils-9.11.36-8.zncgsl6',
    'bind-sdb-9.11.36-8.zncgsl6',
    'bind-sdb-chroot-9.11.36-8.zncgsl6',
    'bind-utils-9.11.36-8.zncgsl6',
    'python3-bind-9.11.36-8.zncgsl6'
  ]
};
var pkg_list = pkgs[os_release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind');
}

VendorProductVersionCPE
ztecgsl_mainbindp-cpe:/a:zte:cgsl_main:bind
ztecgsl_mainbind-chrootp-cpe:/a:zte:cgsl_main:bind-chroot
ztecgsl_mainbind-develp-cpe:/a:zte:cgsl_main:bind-devel
ztecgsl_mainbind-libsp-cpe:/a:zte:cgsl_main:bind-libs
ztecgsl_mainbind-libs-litep-cpe:/a:zte:cgsl_main:bind-libs-lite
ztecgsl_mainbind-licensep-cpe:/a:zte:cgsl_main:bind-license
ztecgsl_mainbind-lite-develp-cpe:/a:zte:cgsl_main:bind-lite-devel
ztecgsl_mainbind-pkcs11p-cpe:/a:zte:cgsl_main:bind-pkcs11
ztecgsl_mainbind-pkcs11-develp-cpe:/a:zte:cgsl_main:bind-pkcs11-devel
ztecgsl_mainbind-pkcs11-libsp-cpe:/a:zte:cgsl_main:bind-pkcs11-libs

Vendor	Product	Version	CPE
zte	cgsl_main	bind	p-cpe:/a:zte:cgsl_main:bind
zte	cgsl_main	bind-chroot	p-cpe:/a:zte:cgsl_main:bind-chroot
zte	cgsl_main	bind-devel	p-cpe:/a:zte:cgsl_main:bind-devel
zte	cgsl_main	bind-libs	p-cpe:/a:zte:cgsl_main:bind-libs
zte	cgsl_main	bind-libs-lite	p-cpe:/a:zte:cgsl_main:bind-libs-lite
zte	cgsl_main	bind-license	p-cpe:/a:zte:cgsl_main:bind-license
zte	cgsl_main	bind-lite-devel	p-cpe:/a:zte:cgsl_main:bind-lite-devel
zte	cgsl_main	bind-pkcs11	p-cpe:/a:zte:cgsl_main:bind-pkcs11
zte	cgsl_main	bind-pkcs11-devel	p-cpe:/a:zte:cgsl_main:bind-pkcs11-devel
zte	cgsl_main	bind-pkcs11-libs	p-cpe:/a:zte:cgsl_main:bind-pkcs11-libs