Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2020-14400-1.NASL
HistoryJun 10, 2021 - 12:00 a.m.

SUSE SLES11 Security Update : bind (SUSE-SU-2020:14400-1)

2021-06-1000:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
JSON

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14400-1 advisory.

  • To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request.
    Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.
    (CVE-2018-5741)

  • A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)

  • Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. (CVE-2020-8617)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2020:14400-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(150635);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/01/21");

  script_cve_id("CVE-2018-5741", "CVE-2020-8616", "CVE-2020-8617");
  script_xref(name:"SuSE", value:"SUSE-SU-2020:14400-1");
  script_xref(name:"IAVA", value:"2018-A-0303-S");
  script_xref(name:"IAVA", value:"2020-A-0217-S");

  script_name(english:"SUSE SLES11 Security Update : bind (SUSE-SU-2020:14400-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in
the SUSE-SU-2020:14400-1 advisory.

  - To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone,
    BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of
    updates that can be performed by a client, depending on the key used when sending the update request.
    Unfortunately, some rule types were not initially documented, and when documentation for them was added to
    the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that
    time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect
    documentation could mislead operators into believing that policies they had configured were more
    restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.
    (CVE-2018-5741)

  - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches
    performed when processing referrals can, through the use of specially crafted referrals, cause a recursing
    server to issue a very large number of fetches in an attempt to process the referral. This has at least
    two potential effects: The performance of the recursing server can potentially be degraded by the
    additional work required to perform these fetches, and The attacker can exploit this behavior to use the
    recursing server as a reflector in a reflection attack with a high amplification factor. (CVE-2020-8616)

  - Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an
    inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the
    server. Since BIND, by default, configures a local session key even on servers whose configuration does
    not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating
    from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately
    exits. Prior to the introduction of the check the server would continue operating in an inconsistent
    state, with potentially harmful results. (CVE-2020-8617)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1033843");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1092283");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1109160");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171740");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172220");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172680");
  # https://lists.suse.com/pipermail/sle-security-updates/2020-June/006991.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d22f7404");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-5741");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-8616");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-8617");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5741");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-chrootenv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-libs-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:bind-utils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE ' + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);

pkgs = [
    {'reference':'bind-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'bind-chrootenv-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'bind-doc-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'bind-libs-32bit-9.9.6P1-0.51.20', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'bind-libs-32bit-9.9.6P1-0.51.20', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'bind-libs-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'bind-utils-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-11.4'},
    {'reference':'bind-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'bind-chrootenv-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'bind-doc-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'bind-libs-32bit-9.9.6P1-0.51.20', 'sp':'4', 'cpu':'s390x', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'bind-libs-32bit-9.9.6P1-0.51.20', 'sp':'4', 'cpu':'x86_64', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'bind-libs-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'},
    {'reference':'bind-utils-9.9.6P1-0.51.20', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-11.4'}
];

flag = 0;
foreach package_array ( pkgs ) {
  reference = NULL;
  release = NULL;
  sp = NULL;
  cpu = NULL;
  exists_check = NULL;
  rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && release && exists_check) {
    if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
  else if (reference && release) {
    if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind / bind-chrootenv / bind-doc / bind-libs / bind-libs-32bit / etc');
}
VendorProductVersionCPE
novellsuse_linuxbindp-cpe:/a:novell:suse_linux:bind
novellsuse_linuxbind-chrootenvp-cpe:/a:novell:suse_linux:bind-chrootenv
novellsuse_linuxbind-docp-cpe:/a:novell:suse_linux:bind-doc
novellsuse_linuxbind-libsp-cpe:/a:novell:suse_linux:bind-libs
novellsuse_linuxbind-libs-32bitp-cpe:/a:novell:suse_linux:bind-libs-32bit
novellsuse_linuxbind-utilsp-cpe:/a:novell:suse_linux:bind-utils
novellsuse_linux11cpe:/o:novell:suse_linux:11

Related

nessus 70
openvas 31
oraclelinux 5
osv 5
cisa 2
fedora 6
slackware 1
redhat 18
ibm 9
ubuntu 2
debian 3
altlinux 3
attackerkb 1
centos 3
aix 1
archlinux 1
amazon 4
mageia 1
alpinelinux 3
veracode 3
cve 3
debiancve 3
f5 3
cloudlinux 1
prion 3
redhatcve 3
ubuntucve 3
huawei 1
checkpoint_advisories 1
zdt 1
githubexploit 1
packetstorm 1
suse 2
photon 1
nessus
nessus
SUSE SLES12 Security Update : bind (SUSE-SU-2020:1914-1)
2020-07-16 00:00:00
RHEL 6 : bind (RHSA-2020:2383)
2020-06-03 00:00:00
Fedora 32 : 32:bind (2020-2d89cbcfd9)
2020-06-04 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:1914-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:14400-1)
2021-06-09 00:00:00
Fedora: Security Advisory for dnsperf (FEDORA-2020-f9dcd4e9d5)
2020-06-07 00:00:00
oraclelinux
oraclelinux
bind security update
2020-06-03 00:00:00
bind security update
2020-06-04 00:00:00
bind security update
2020-06-01 00:00:00
osv
osv
bind9 - security update
2020-05-30 00:00:00
bind9 - security update
2020-05-19 00:00:00
CVE-2018-5741
2019-01-16 20:29:01
cisa
cisa
ISC Releases Security Advisory for BIND
2020-05-20 00:00:00
ISC Releases Security Advisory for BIND
2018-09-19 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: bind-9.11.19-1.fc32
2020-06-01 01:26:21
[SECURITY] Fedora 31 Update: bind-9.11.19-1.fc31
2020-06-04 02:50:35
[SECURITY] Fedora 31 Update: dnsperf-2.3.4-1.fc31
2020-06-04 02:50:37
slackware
slackware
[slackware-security] bind
2020-05-19 20:19:54
redhat
redhat
(RHSA-2020:3475) Important: bind security update
2020-08-18 09:17:52
(RHSA-2020:3379) Important: bind security update
2020-08-10 08:54:19
(RHSA-2020:2344) Important: bind security update
2020-06-01 08:35:36
ibm
ibm
Security Bulletin: IBM API Connect V10 is impacted by denial of service vulnerabilities in Crunchy kernel (CVE-2020-8616, CVE-2020-8617)
2020-10-07 23:02:51
Security Bulletin: Vulnerabilities in BIND affect AIX (CVE-2020-8616 and CVE-2020-8617)
2020-08-21 21:43:49
Security Bulletin: Vulnerability in bind (CVE-2020-8616 and CVE-2020-8617).
2021-09-22 23:38:15
ubuntu
ubuntu
Bind vulnerabilities
2020-05-20 00:00:00
Bind vulnerabilities
2020-05-19 00:00:00
debian
debian
[SECURITY] [DLA 2227-1] bind9 security update
2020-05-30 20:31:20
[SECURITY] [DSA 4689-1] bind9 security update
2020-05-19 19:48:14
[SECURITY] [DSA 4689-1] bind9 security update
2020-05-19 19:48:14
altlinux
altlinux
Security fix for the ALT Linux 10 package bind version 9.11.19-alt1
2020-05-19 00:00:00
Security fix for the ALT Linux 9 package bind version 9.11.19-alt1
2020-05-20 00:00:00
Security fix for the ALT Linux 8 package bind version 9.10.8.P1-alt2
2020-05-26 00:00:00
attackerkb
attackerkb
CVE-2020-8616: NXNSAttack: Recursive DNS Inefficiencies and Vulnerabilities
2020-05-19 00:00:00
centos
centos
bind security update
2020-06-01 17:29:59
bind security update
2020-06-04 16:10:05
bind security update
2019-08-30 02:35:20
aix
aix
There are vulnerabilities in BIND that impact AIX.,There are vulnerabilities in BIND that impact VIOS.
2020-08-21 15:48:15
archlinux
archlinux
[ASA-202005-13] bind: denial of service
2020-05-20 00:00:00
amazon
amazon
Important: bind
2020-05-22 20:57:00
Important: bind
2020-05-19 18:32:00
Medium: bind
2019-04-04 21:42:00
mageia
mageia
Updated bind packages fix security vulnerability
2020-06-15 10:54:40
alpinelinux
alpinelinux
CVE-2018-5741
2019-01-16 20:29:00
CVE-2020-8616
2020-05-19 14:15:00
CVE-2020-8617
2020-05-19 14:15:00
veracode
veracode
Authorization Bypass
2019-08-08 00:07:41
Denial Of Service (DoS)
2020-05-29 03:24:18
Denial Of Service (DoS)
2020-05-29 03:24:18
cve
cve
CVE-2018-5741
2019-01-16 20:29:00
CVE-2020-8616
2020-05-19 14:15:00
CVE-2020-8617
2020-05-19 14:15:00
debiancve
debiancve
CVE-2018-5741
2019-01-16 20:29:00
CVE-2020-8617
2020-05-19 14:15:00
CVE-2020-8616
2020-05-19 14:15:00
f5
f5
K04713734 : BIND vulnerability CVE-2018-5741
2018-10-15 00:00:00
K97810133 : BIND vulnerability CVE-2020-8616
2020-05-21 00:00:00
K05544642 : BIND vulnerability CVE-2020-8617
2020-05-21 00:00:00
cloudlinux
cloudlinux
Fixed CVE-2018-5741 in bind
2022-07-11 17:39:56
prion
prion
Design/Logic Flaw
2019-01-16 20:29:00
Design/Logic Flaw
2020-05-19 14:15:00
Design/Logic Flaw
2020-05-19 14:15:00
redhatcve
redhatcve
CVE-2018-5741
2020-04-02 08:32:24
CVE-2020-8616
2020-05-19 09:55:47
CVE-2020-8617
2020-07-10 09:51:37
ubuntucve
ubuntucve
CVE-2018-5741
2019-01-16 00:00:00
CVE-2020-8616
2020-05-19 00:00:00
CVE-2020-8617
2020-05-19 00:00:00
huawei
huawei
Security Advisory - Distributed Denial-of-Service Vulnerablility in Some Huawei Products
2020-08-26 00:00:00
checkpoint_advisories
checkpoint_advisories
ISC Bind Denial Of Service (CVE-2020-8617)
2020-06-16 00:00:00
zdt
zdt
BIND - (TSIG) Denial of Service Exploit
2020-05-27 00:00:00
githubexploit
githubexploit
Exploit for Reachable Assertion in Isc Bind
2020-05-20 12:26:45
packetstorm
packetstorm
BIND TSIG Denial Of Service
2020-05-27 00:00:00
suse
suse
Security update for bind (moderate)
2020-10-19 00:00:00
Security update for bind (moderate)
2020-10-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0101
2020-06-04 00:00:00
JSON
Related for SUSE_SU-2020-14400-1.NASL
nessus70openvas31oraclelinux5osv5cisa2fedora6slackware1redhat18ibm9ubuntu2debian3altlinux3attackerkb1centos3aix1archlinux1amazon4mageia1alpinelinux3veracode3cve3debiancve3f53cloudlinux1prion3redhatcve3ubuntucve3huawei1checkpoint_advisories1zdt1githubexploit1packetstorm1suse2photon1