Debian 'bind9' package missing update DSA-3758-1 advisory. Denial-of-service vulnerabilities affect DNS servers providing recursive service. Upgrade bind9 packages
Reporter | Title | Published | Views | Family All 168 |
---|---|---|---|---|
SUSE Linux | Security update for bind (important) | 18 Jan 201712:09 | – | suse |
SUSE Linux | Security update for bind (important) | 12 Jan 201702:08 | – | suse |
SUSE Linux | Security update for bind (important) | 12 Jan 201702:10 | – | suse |
SUSE Linux | Security update for bind (important) | 12 Jan 201702:09 | – | suse |
SUSE Linux | Security update for bind (important) | 17 Jan 201719:45 | – | suse |
Fedora | [SECURITY] Fedora 24 Update: bind99-9.9.9-4.P5.fc24 | 16 Jan 201720:52 | – | fedora |
Fedora | [SECURITY] Fedora 25 Update: bind-9.10.4-3.P5.fc25 | 14 Jan 201703:54 | – | fedora |
Fedora | [SECURITY] Fedora 24 Update: bind-9.10.4-3.P5.fc24 | 16 Jan 201720:52 | – | fedora |
Fedora | [SECURITY] Fedora 25 Update: bind99-9.9.9-4.P5.fc25 | 14 Jan 201703:54 | – | fedora |
Cent OS | bind security update | 17 Jan 201713:12 | – | centos |
Source | Link |
---|---|
security-tracker | www.security-tracker.debian.org/tracker/DSA-3758 |
debian | www.debian.org/security/2017/DSA-3758-1 |
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.703758");
script_cve_id("CVE-2016-9131", "CVE-2016-9147", "CVE-2016-9444");
script_tag(name:"creation_date", value:"2017-01-10 23:00:00 +0000 (Tue, 10 Jan 2017)");
script_version("2024-02-02T05:06:06+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:06 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2017-01-13 13:14:32 +0000 (Fri, 13 Jan 2017)");
script_name("Debian: Security Advisory (DSA-3758-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2017 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB8");
script_xref(name:"Advisory-ID", value:"DSA-3758-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2017/DSA-3758-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-3758");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'bind9' package(s) announced via the DSA-3758-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Several denial-of-service vulnerabilities (assertion failures) were discovered in BIND, a DNS server implementation.
CVE-2016-9131
A crafted upstream response to an ANY query could cause an assertion failure.
CVE-2016-9147
A crafted upstream response with self-contradicting DNSSEC data could cause an assertion failure.
CVE-2016-9444
Specially-crafted upstream responses with a DS record could cause an assertion failure.
These vulnerabilities predominantly affect DNS servers providing recursive service. Client queries to authoritative-only servers cannot trigger these assertion failures. These vulnerabilities are present whether or not DNSSEC validation is enabled in the server configuration.
For the stable distribution (jessie), these problems have been fixed in version 1:9.9.5.dfsg-9+deb8u9.
We recommend that you upgrade your bind9 packages.");
script_tag(name:"affected", value:"'bind9' package(s) on Debian 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB8") {
if(!isnull(res = isdpkgvuln(pkg:"bind9", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"bind9-doc", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"bind9-host", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"bind9utils", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"dnsutils", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"host", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libbind-dev", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libbind-export-dev", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libbind9-90", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libdns-export100", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libdns-export100-udeb", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libdns100", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libirs-export91", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libirs-export91-udeb", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libisc-export95", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libisc-export95-udeb", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libisc95", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libisccc90", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libisccfg-export90", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libisccfg-export90-udeb", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libisccfg90", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"liblwres90", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"lwresd", ver:"1:9.9.5.dfsg-9+deb8u9", rls:"DEB8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo