RHEL 7 unpatched vulnerabilities in BIND
Reporter | Title | Published | Views | Family All 187 |
---|---|---|---|---|
NVD | CVE-2013-5661 | 5 Nov 201919:15 | – | nvd |
NVD | CVE-2016-6170 | 6 Jul 201614:59 | – | nvd |
NVD | CVE-2022-3094 | 26 Jan 202321:15 | – | nvd |
Cvelist | CVE-2013-5661 | 5 Nov 201918:14 | – | cvelist |
Cvelist | CVE-2016-6170 | 6 Jul 201614:00 | – | cvelist |
Cvelist | CVE-2022-3094 An UPDATE message flood may cause named to exhaust all available memory | 25 Jan 202321:34 | – | cvelist |
UbuntuCve | CVE-2013-5661 | 5 Nov 201900:00 | – | ubuntucve |
UbuntuCve | CVE-2016-6170 | 6 Jul 201600:00 | – | ubuntucve |
UbuntuCve | CVE-2022-3094 | 25 Jan 202300:00 | – | ubuntucve |
OpenVAS | ISC BIND DNS Response Rage Limit Vulnerability (CVE-2013-5661) | 6 Sep 202100:00 | – | openvas |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory bind. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(199140);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2013-5661", "CVE-2016-6170", "CVE-2022-3094");
script_name(english:"RHEL 7 : bind (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- DNS response rate limiting can simplify cache poisoning attacks (CVE-2013-5661)
- ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS
servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly
allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows
remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE
message. (CVE-2016-6170)
- Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in
turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has
been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained
during the processing of a dynamic update from a client whose access credentials are accepted. Memory
allocated to clients that are not permitted to send updates is released immediately upon rejection. The
scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone
changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only
likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates
comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and
earlier branches are also affected, but through exhaustion of internal resources rather than memory
constraints. This may reduce performance but should not be a significant problem for most servers.
Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9
versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through
9.16.36-S1. (CVE-2022-3094)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-5661");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/07/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'bind', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'bind'}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo