Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-1701.NASL
HistoryOct 23, 2020 - 12:00 a.m.

openSUSE Security Update : bind (openSUSE-2020-1701)

2020-10-2300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30

7.6 High

AI Score

Confidence

Low

JSON

This update for bind fixes the following issues :

BIND was upgraded to version 9.16.6 :

Note :

  • bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC.

Fixing security issues :

  • CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain.

  • CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure.
    (bsc#1171740)

  • CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051).

  • CVE-2018-5741: Fixed the documentation (bsc#1109160).

  • CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958).

  • CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958).

  • CVE-2020-8624: ‘update-policy’ rules of type ‘subdomain’ were incorrectly treated as ‘zonesub’ rules, which allowed keys used in ‘subdomain’ rules to update names outside of the specified subdomains. The problem was fixed by making sure ‘subdomain’ rules are again processed as described in the ARM (bsc#1175443).

  • CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443).

  • CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443).

  • CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443).

  • CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443).

Other issues fixed :

  • Add engine support to OpenSSL EdDSA implementation.

  • Add engine support to OpenSSL ECDSA implementation.

  • Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.

  • Warn about AXFR streams with inconsistent message IDs.

  • Make ISC rwlock implementation the default again.

  • Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168)

  • Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524)

  • Fixed an issue where bind was not working in FIPS mode (bsc#906079).

  • Fixed dependency issues (bsc#1118367 and bsc#1118368).

  • GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205).

  • Fixed an issue with FIPS (bsc#1128220).

  • The liblwres library is discontinued upstream and is no longer included.

  • Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713).

  • Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE.

  • The default value of ‘max-stale-ttl’ has been changed from 1 week to 12 hours.

  • Zone timers are now exported via statistics channel.

  • The ‘primary’ and ‘secondary’ keywords, when used as parameters for ‘check-names’, were not processed correctly and were being ignored.

  • ‘rndc dnstap -roll <value>’ did not limit the number of saved files to <value>.

  • Add ‘rndc dnssec -status’ command.

  • Addressed a couple of situations where named could crash.

  • Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the ‘named’ group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf]

  • Added ‘/etc/bind.keys’ to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983).

  • Removed ‘-r /dev/urandom’ from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail.
    (bsc#1173311, bsc#1176674, bsc#1170713)

  • /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313]

  • Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092).

  • Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon.

This update was imported from the SUSE:SLE-15:Update update project.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-1701.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('compat.inc');

if (description)
{
  script_id(141839);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/14");

  script_cve_id(
    "CVE-2017-3136",
    "CVE-2018-5741",
    "CVE-2019-6477",
    "CVE-2020-8616",
    "CVE-2020-8617",
    "CVE-2020-8618",
    "CVE-2020-8619",
    "CVE-2020-8620",
    "CVE-2020-8621",
    "CVE-2020-8622",
    "CVE-2020-8623",
    "CVE-2020-8624"
  );

  script_name(english:"openSUSE Security Update : bind (openSUSE-2020-1701)");

  script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"This update for bind fixes the following issues :

BIND was upgraded to version 9.16.6 :

Note :

  - bind is now more strict in regards to DNSSEC. If queries
    are not working, check for DNSSEC issues. For instance,
    if bind is used in a namserver forwarder chain, the
    forwarding DNS servers must support DNSSEC.

Fixing security issues :

  - CVE-2020-8616: Further limit the number of queries that
    can be triggered from a request. Root and TLD servers
    are no longer exempt from max-recursion-queries. Fetches
    for missing name server. (bsc#1171740) Address records
    are limited to 4 for any domain.

  - CVE-2020-8617: Replaying a TSIG BADTIME response as a
    request could trigger an assertion failure.
    (bsc#1171740)

  - CVE-2019-6477: Fixed an issue where TCP-pipelined
    queries could bypass the tcp-clients limit
    (bsc#1157051).

  - CVE-2018-5741: Fixed the documentation (bsc#1109160).

  - CVE-2020-8618: It was possible to trigger an INSIST when
    determining whether a record would fit into a TCP
    message buffer (bsc#1172958).

  - CVE-2020-8619: It was possible to trigger an INSIST in
    lib/dns/rbtdb.c:new_reference() with a particular zone
    content and query patterns (bsc#1172958).

  - CVE-2020-8624: 'update-policy' rules of type 'subdomain'
    were incorrectly treated as 'zonesub' rules, which
    allowed keys used in 'subdomain' rules to update names
    outside of the specified subdomains. The problem was
    fixed by making sure 'subdomain' rules are again
    processed as described in the ARM (bsc#1175443).

  - CVE-2020-8623: When BIND 9 was compiled with native
    PKCS#11 support, it was possible to trigger an assertion
    failure in code determining the number of bits in the
    PKCS#11 RSA public key with a specially crafted packet
    (bsc#1175443).

  - CVE-2020-8621: named could crash in certain query
    resolution scenarios where QNAME minimization and
    forwarding were both enabled (bsc#1175443).

  - CVE-2020-8620: It was possible to trigger an assertion
    failure by sending a specially crafted large TCP DNS
    message (bsc#1175443).

  - CVE-2020-8622: It was possible to trigger an assertion
    failure when verifying the response to a TSIG-signed
    request (bsc#1175443).

Other issues fixed :

  - Add engine support to OpenSSL EdDSA implementation.

  - Add engine support to OpenSSL ECDSA implementation.

  - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0.

  - Warn about AXFR streams with inconsistent message IDs.

  - Make ISC rwlock implementation the default again.

  - Fixed issues when using cookie-secrets for AES and SHA2
    (bsc#1161168)

  - Installed the default files in /var/lib/named and
    created chroot environment on systems using
    transactional-updates (bsc#1100369, fate#325524)

  - Fixed an issue where bind was not working in FIPS mode
    (bsc#906079).

  - Fixed dependency issues (bsc#1118367 and bsc#1118368).

  - GeoIP support is now discontinued, now GeoIP2 is
    used(bsc#1156205).

  - Fixed an issue with FIPS (bsc#1128220).

  - The liblwres library is discontinued upstream and is no
    longer included.

  - Added service dependency on NTP to make sure the clock
    is accurate when bind is starts (bsc#1170667,
    bsc#1170713).

  - Reject DS records at the zone apex when loading master
    files. Log but otherwise ignore attempts to add DS
    records at the zone apex via UPDATE.

  - The default value of 'max-stale-ttl' has been changed
    from 1 week to 12 hours.

  - Zone timers are now exported via statistics channel.

  - The 'primary' and 'secondary' keywords, when used as
    parameters for 'check-names', were not processed
    correctly and were being ignored.

  - 'rndc dnstap -roll <value>' did not limit the number of
    saved files to <value>.

  - Add 'rndc dnssec -status' command.

  - Addressed a couple of situations where named could
    crash.

  - Changed /var/lib/named to owner root:named and perms
    rwxrwxr-t so that named, being a/the only member of the
    'named' group has full r/w access yet cannot change
    directories owned by root in the case of a compromized
    named. [bsc#1173307, bind-chrootenv.conf]

  - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in
    /etc/sysconfig/named to suppress warning message re
    missing file (bsc#1173983).

  - Removed '-r /dev/urandom' from all invocations of
    rndc-confgen (init/named system/lwresd.init
    system/named.init in vendor-files) as this option is
    deprecated and causes rndc-confgen to fail.
    (bsc#1173311, bsc#1176674, bsc#1170713)

  - /usr/bin/genDDNSkey: Removing the use of the -r option
    in the call of /usr/sbin/dnssec-keygen as BIND now uses
    the random number functions provided by the crypto
    library (i.e., OpenSSL or a PKCS#11 provider) as a
    source of randomness rather than /dev/random. Therefore
    the -r command line option no longer has any effect on
    dnssec-keygen. Leaving the option in genDDNSkey as to
    not break compatibility. Patch provided by Stefan
    Eisenwiener. [bsc#1171313]

  - Put libns into a separate subpackage to avoid file
    conflicts in the libisc subpackage due to different
    sonums (bsc#1176092).

  - Require /sbin/start_daemon: both init scripts, the one
    used in systemd context as well as legacy sysv, make use
    of start_daemon.

This update was imported from the SUSE:SLE-15:Update update project.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100369");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1109160");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118367");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118368");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1128220");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1156205");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1157051");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1161168");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1170667");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1170713");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1171313");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1171740");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1172958");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1173307");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1173311");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1173983");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1175443");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1176092");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1176674");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=906079");
  script_set_attribute(attribute:"see_also", value:"https://features.opensuse.org/325524");
  script_set_attribute(attribute:"solution", value:
"Update the affected bind packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8624");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-5741");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-chrootenv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-devel-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:bind-utils-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbind9-1600");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbind9-1600-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbind9-1600-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libbind9-1600-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdns1605");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdns1605-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdns1605-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libdns1605-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libirs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libirs1601");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libirs1601-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libirs1601-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libirs1601-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisc1606");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisc1606-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisc1606-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisc1606-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccc1600");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccc1600-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccc1600-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccc1600-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccfg1600");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccfg1600-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccfg1600-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libisccfg1600-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libns1604");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libns1604-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libns1604-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libns1604-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuv-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuv-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuv1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuv1-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuv1-32bit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libuv1-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sysuser-shadow");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sysuser-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"bind-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"bind-chrootenv-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"bind-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"bind-debugsource-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"bind-devel-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"bind-utils-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"bind-utils-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libbind9-1600-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libbind9-1600-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libdns1605-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libdns1605-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libirs-devel-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libirs1601-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libirs1601-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libisc1606-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libisc1606-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libisccc1600-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libisccc1600-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libisccfg1600-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libisccfg1600-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libns1604-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libns1604-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libuv-debugsource-1.18.0-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libuv-devel-1.18.0-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libuv1-1.18.0-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"libuv1-debuginfo-1.18.0-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"python3-bind-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"sysuser-shadow-2.0-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"sysuser-tools-2.0-lp151.4.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"bind-devel-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libbind9-1600-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libbind9-1600-32bit-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdns1605-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libdns1605-32bit-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libirs1601-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libirs1601-32bit-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libisc1606-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libisc1606-32bit-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libisccc1600-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libisccc1600-32bit-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libisccfg1600-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libisccfg1600-32bit-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libns1604-32bit-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libns1604-32bit-debuginfo-9.16.6-lp151.11.9.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libuv1-32bit-1.18.0-lp151.3.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"libuv1-32bit-debuginfo-1.18.0-lp151.3.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc");
}
VendorProductVersionCPE
novellopensuse15.1cpe:/o:novell:opensuse:15.1
novellopensusebindp-cpe:/a:novell:opensuse:bind
novellopensusebind-chrootenvp-cpe:/a:novell:opensuse:bind-chrootenv
novellopensusebind-debuginfop-cpe:/a:novell:opensuse:bind-debuginfo
novellopensusebind-debugsourcep-cpe:/a:novell:opensuse:bind-debugsource
novellopensusebind-develp-cpe:/a:novell:opensuse:bind-devel
novellopensusebind-devel-32bitp-cpe:/a:novell:opensuse:bind-devel-32bit
novellopensusebind-utilsp-cpe:/a:novell:opensuse:bind-utils
novellopensusebind-utils-debuginfop-cpe:/a:novell:opensuse:bind-utils-debuginfo
novellopensuselibbind9-1600p-cpe:/a:novell:opensuse:libbind9-1600
Rows per page:
1-10 of 471

References

Related

nessus 78
suse 2
openvas 43
oraclelinux 6
cisa 3
gentoo 1
ubuntu 3
debian 6
redhat 14
osv 4
ibm 9
mageia 2
altlinux 6
amazon 3
fedora 10
centos 1
slackware 2
photon 2
archlinux 2
aix 1
attackerkb 1
nessus
nessus
openSUSE Security Update : bind (openSUSE-2020-1699)
2020-10-20 00:00:00
SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2020:2914-1)
2020-12-09 00:00:00
GLSA-202008-19 : BIND: Multiple vulnerabilities
2020-08-31 00:00:00
suse
suse
Security update for bind (moderate)
2020-10-19 00:00:00
Security update for bind (moderate)
2020-10-20 00:00:00
openvas
openvas
openSUSE: Security Advisory for bind (openSUSE-SU-2020:1699-1)
2020-10-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2914-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for bind (openSUSE-SU-2020:1701-1)
2020-10-21 00:00:00
oraclelinux
oraclelinux
bind security, bug fix, and enhancement update
2020-11-10 00:00:00
bind security and bug fix update
2020-11-17 00:00:00
bind security update
2021-03-02 00:00:00
cisa
cisa
ISC Releases Security Advisories for BIND
2020-08-21 00:00:00
ISC Releases Security Advisory for BIND
2020-05-20 00:00:00
ISC Releases Security Advisories for BIND
2020-06-18 00:00:00
gentoo
gentoo
BIND: Multiple vulnerabilities
2020-08-29 00:00:00
ubuntu
ubuntu
Bind vulnerabilities
2020-08-21 00:00:00
Bind vulnerabilities
2020-05-20 00:00:00
Bind vulnerabilities
2020-06-17 00:00:00
debian
debian
[SECURITY] [DSA 4752-1] bind9 security update
2020-08-27 18:05:23
[SECURITY] [DSA 4752-1] bind9 security update
2020-08-27 18:05:23
[SECURITY] [DSA 4689-1] bind9 security update
2020-05-19 19:48:14
redhat
redhat
(RHSA-2020:4500) Moderate: bind security, bug fix, and enhancement update
2020-11-03 12:10:19
(RHSA-2020:5203) Moderate: bind security update
2020-11-24 09:50:37
(RHSA-2020:5011) Moderate: bind security and bug fix update
2020-11-10 09:39:22
osv
osv
bind9 - security update
2020-08-27 00:00:00
bind9 - security update
2020-05-30 00:00:00
bind9 - security update
2020-08-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in bind affects IBM Integrated Analytics System
2020-11-10 11:19:41
Security Bulletin: IBM MQ Appliance is affected by multiple BIND vulnerabilities (CVE-2020-8622, CVE-2020-8623, CVE-2020-8624)
2021-02-17 10:09:26
Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console (CVE-2020-8622, CVE-2020-8623 and CVE-2020-8624)
2021-09-22 23:38:15
mageia
mageia
Updated bind packages fix security vulnerability
2020-06-15 10:54:40
Updated bind packages fix security vulnerability
2021-01-17 19:07:01
altlinux
altlinux
Security fix for the ALT Linux 9 package bind version 9.11.22-alt1
2020-08-26 00:00:00
Security fix for the ALT Linux 8 package bind version 9.10.8.P1-alt3
2020-08-24 00:00:00
Security fix for the ALT Linux 10 package bind version 9.11.22-alt1
2020-08-21 00:00:00
amazon
amazon
Medium: bind
2020-12-08 20:55:00
Important: bind
2020-05-19 18:32:00
Important: bind
2020-05-22 20:57:00
fedora
fedora
[SECURITY] Fedora 32 Update: bind-9.11.22-1.fc32
2020-08-26 14:53:13
[SECURITY] Fedora 32 Update: bind-dyndb-ldap-11.3-2.fc32
2020-08-26 14:53:14
[SECURITY] Fedora 31 Update: bind-dyndb-ldap-11.2-4.fc31
2020-08-29 16:31:21
centos
centos
bind security update
2020-11-18 17:37:54
slackware
slackware
[slackware-security] bind
2020-08-21 21:02:31
[slackware-security] bind
2020-05-19 20:19:54
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0115
2020-07-16 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0320
2020-09-04 00:00:00
archlinux
archlinux
[ASA-202006-13] bind: denial of service
2020-06-28 00:00:00
[ASA-202005-13] bind: denial of service
2020-05-20 00:00:00
aix
aix
There are vulnerabilities in BIND that impact AIX.,There are vulnerabilities in BIND that impact VIOS.
2020-08-21 15:48:15
attackerkb
attackerkb
CVE-2020-8616: NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities
2020-05-19 00:00:00

7.6 High

AI Score

Confidence

Low

JSON
Related for OPENSUSE-2020-1701.NASL
nessus78suse2openvas43oraclelinux6cisa3gentoo1ubuntu3debian6redhat14osv4ibm9mageia2altlinux6amazon3fedora10centos1slackware2photon2archlinux2aix1attackerkb1