7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.0%
ISC BIND is prone to a denial of service (DoS) vulnerability.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:isc:bind";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.104923");
script_version("2023-10-13T05:06:10+0000");
script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2023-09-20 13:23:30 +0000 (Wed, 20 Sep 2023)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-20 15:15:00 +0000 (Wed, 20 Sep 2023)");
script_cve_id("CVE-2023-3341");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("ISC BIND DoS Vulnerability (CVE-2023-3341) - Linux");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Denial of Service");
script_dependencies("gb_isc_bind_consolidation.nasl", "os_detection.nasl");
script_mandatory_keys("isc/bind/detected", "Host/runs_unixoide");
script_tag(name:"summary", value:"ISC BIND is prone to a denial of service (DoS) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The code that processes control channel messages sent to named
calls certain functions recursively during packet parsing. Recursion depth is only limited by the
maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code
to run out of available stack memory, causing named to terminate unexpectedly. Since each incoming
control channel message is fully parsed before its contents are authenticated, exploiting this
flaw does not require the attacker to hold a valid RNDC key. Only network access to the control
channel's configured TCP port is necessary.");
script_tag(name:"impact", value:"By sending a specially crafted message over the control channel,
an attacker can cause the packet-parsing code to run out of available stack memory, causing named
to terminate unexpectedly. However, the attack only works in environments where the stack size
available to each process/thread is small enough. The exact threshold depends on multiple factors
and is therefore impossible to specify universally.");
script_tag(name:"affected", value:"ISC BIND versions 9.2.0 through 9.16.43, 9.18.0 through
9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1 and 9.18.0-S1 through 9.18.18-S1.");
script_tag(name:"solution", value:"Update to version 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1,
9.18.19-S1 or later.");
script_xref(name:"URL", value:"https://kb.isc.org/docs/cve-2023-3341");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_full(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
proto = infos["proto"];
location = infos["location"];
if (version =~ "^9\.[0-9]+\.[0-9]+s[0-9]") {
if (version_in_range(version: version, test_version: "9.9.3s1", test_version2: "9.16.43s1")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.16.44-S1", install_path: location);
security_message(port: port, data: report, proto: proto);
exit(0);
}
if (version_in_range(version: version, test_version: "9.18.0s1", test_version2: "9.18.18s1")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.18.19-S1", install_path: location);
security_message(port: port, data: report, proto: proto);
exit(0);
}
} else {
if (version_in_range(version: version, test_version: "9.2.0", test_version2: "9.16.43")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.16.44", install_path: location);
security_message(port: port, data: report, proto: proto);
exit(0);
}
if (version_in_range(version: version, test_version: "9.18.0", test_version2: "9.18.18")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.18.19", install_path: location);
security_message(port: port, data: report, proto: proto);
exit(0);
}
if (version_in_range(version: version, test_version: "9.19.0", test_version2: "9.19.16")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.19.17", install_path: location);
security_message(port: port, data: report, proto: proto);
exit(0);
}
}
exit(99);
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.0%