ISC BIND DoS Vulnerability - CVE-2018-5743 (Windows)

2019-04-30T00:00:00
ID OPENVAS:1361412562310142321
Type openvas
Reporter This script is Copyright (C) 2019 Greenbone Networks GmbH
Modified 2019-12-10T00:00:00

Description

ISC BIND is prone to a denial of service vulnerability due to ineffective simultaneous TCP client limiting.

                                        
                                            # Copyright (C) 2019 Greenbone Networks GmbH
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (C) of the respective author(s)
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

CPE = "cpe:/a:isc:bind";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.142321");
  script_version("2019-12-10T15:03:15+0000");
  script_tag(name:"last_modification", value:"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)");
  script_tag(name:"creation_date", value:"2019-04-30 06:22:02 +0000 (Tue, 30 Apr 2019)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:P");

  script_cve_id("CVE-2018-5743");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("ISC BIND DoS Vulnerability - CVE-2018-5743 (Windows)");

  script_category(ACT_GATHER_INFO);

  script_copyright("This script is Copyright (C) 2019 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("bind_version.nasl", "os_detection.nasl");
  script_mandatory_keys("isc/bind/detected", "Host/runs_windows");

  script_tag(name:"summary", value:"ISC BIND is prone to a denial of service vulnerability due to ineffective
  simultaneous TCP client limiting.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"By design, BIND is intended to limit the number of TCP clients that can be
  connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults
  to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of
  simultaneous connections contains an error which can be exploited to grow the number of simultaneous connections
  beyond this limit.");

  script_tag(name:"impact", value:"By exploiting the failure to limit simultaneous TCP connections, an attacker
  can deliberately exhaust the pool of file descriptors available to named, potentially affecting network
  connections and the management of files such as log files or zone journal files.

  In cases where the named process is not limited by OS-enforced per-process limits, this could additionally
  potentially lead to exhaustion of all available free file descriptors on that system.");

  script_tag(name:"affected", value:"BIND 9.9.0 to 9.10.8-P1, 9.11.0 to 9.11.6, 9.12.0 to 9.12.4, 9.14.0. BIND 9
  Supported Preview Edition versions 9.9.3-S1 to 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 to 9.13.7 of the 9.13
  development branch.");

  script_tag(name:"solution", value:"Update to version 9.11.6-P1, 9.12.4-P1, 9.14.1, 9.11.5-S6, 9.11.6-S1 or later.");

  script_xref(name:"URL", value:"https://kb.isc.org/docs/cve-2018-5743");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

if(!infos = get_app_version_and_proto(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
proto = infos["proto"];

if (version !~ "^9\.")
  exit(99);

if (version =~ "^9\.(9|10|11)\.[0-9]s[0-9]") {
  if (version_in_range(version: version, test_version: "9.9.3s1", test_version2: "9.11.5s5")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.11.5-S6/9.11.6-S1");
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }
} else {
  if (version_in_range(version: version, test_version: "9.9.0", test_version2: "9.11.6")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.11.6-P1");
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }

  if (version_in_range(version: version, test_version: "9.12.0", test_version2: "9.12.4")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.12.4-P1");
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }

  if (version_in_range(version: version, test_version: "9.13.0", test_version2: "9.13.7")) {
    report = report_fixed_ver(installed_version: version, fixed_version: "9.14.1");
    security_message(port: port, data: report, proto: proto);
    exit(0);
  }
}

exit(99);