HP-UX Update for BIND 8 HPSBUX02289

2009-05-05T00:00:00

Description

Check for the Version of BIND 8

{"id": "OPENVAS:1361412562310835083", "type": "openvas", "bulletinFamily": "scanner", "title": "HP-UX Update for BIND 8 HPSBUX02289", "description": "Check for the Version of BIND 8", "published": "2009-05-05T00:00:00", "modified": "2018-04-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835083", "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "references": ["http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01283837-1", "02289"], "cvelist": ["CVE-2007-2930"], "lastseen": "2018-04-09T11:40:31", "viewCount": 5, "enchantments": {"score": {"value": 6.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cert", "idList": ["VU:927905"]}, {"type": "cve", "idList": ["CVE-2007-2930"]}, {"type": "f5", "idList": ["F5:K8077", "SOL8077"]}, {"type": "nessus", "idList": ["4195.PRM", "HPUX_PHNE_36185.NASL", "SOLARIS8_109326.NASL", "SOLARIS8_X86_109327.NASL", "SOLARIS9_112837.NASL", "SOLARIS9_X86_114265.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:835083"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:18452"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-2930"]}], "rev": 4}, "backreferences": {"references": [{"type": "cert", "idList": ["VU:927905"]}, {"type": "cve", "idList": ["CVE-2007-2930"]}, {"type": "f5", "idList": ["SOL8077"]}, {"type": "nessus", "idList": ["SOLARIS8_109326.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:835083"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2007-2930"]}]}, "exploitation": null, "vulnersScore": 6.3}, "pluginID": "1361412562310835083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND 8 HPSBUX02289\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote DNS cache poisoning\";\ntag_affected = \"BIND 8 on\n HP-UX B.11.11 running BIND v8\";\ntag_insight = \"A potential vulnerability has been identified with HP-UX running BIND 8. The \n vulnerability could be exploited remotely tocause DNS cache poisoning.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01283837-1\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.835083\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"HPSBUX\", value: \"02289\");\n script_cve_id(\"CVE-2007-2930\");\n script_name( \"HP-UX Update for BIND 8 HPSBUX02289\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of BIND 8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_36185'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "HP-UX Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646870812}}

{"f5": [{"lastseen": "2017-06-08T00:16:04", "description": "", "cvss3": {}, "published": "2007-11-06T03:00:00", "type": "f5", "title": "BIND 8 vulnerability CVE-2007-2930", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2930"], "modified": "2016-01-09T02:28:00", "id": "F5:K8077", "href": "https://support.f5.com/csp/article/K8077", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-05-30T21:01:53", "description": "The NSID_SHUFFLE_ONLY and NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches using unknown vectors.\n\nInformation about this advisory is available at the following location:\n\n<http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2930>\n", "cvss3": {}, "published": "2007-11-05T00:00:00", "type": "f5", "title": "SOL8077 - BIND 8 vulnerability CVE-2007-2930", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2930"], "modified": "2013-03-20T00:00:00", "id": "SOL8077", "href": "http://support.f5.com/kb/en-us/solutions/public/8000/000/sol8077.html", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-08-19T13:13:34", "description": "The remote host is running a version of BIND DNS Server prior to 8.4.7-P1. This version of BIND is vulnerable to a flaw that would allow cache poisoning. An attacker exploiting this flaw would need to be able to manipulate the vulnerable DNS server into contacting a malicious DNS server. Successful exploitation would lead to a cache-poisoning attack. ", "cvss3": {"score": 4.2, "vector": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L"}, "published": "2007-08-27T00:00:00", "type": "nessus", "title": "ISC BIND < 8.4.7-P1 Outgoing Query Predictable DNS Query ID (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2930"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*"], "id": "4195.PRM", "href": "https://www.tenable.com/plugins/nnm/4195", "sourceData": "Binary data 4195.prm", "cvss": {"score": 3.2, "vector": "CVSS2#AV:A/AC:H/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-08-19T13:12:19", "description": "s700_800 11.11 Bind 8.1.2 Patch : \n\nA potential vulnerability has been identified with HP-UX running BIND 8. The vulnerability could be exploited remotely to cause DNS cache poisoning.", "cvss3": {"score": null, "vector": null}, "published": "2007-12-04T00:00:00", "type": "nessus", "title": "HP-UX PHNE_36185 : HP-UX Running BIND 8, Remote DNS Cache Poisoning (HPSBUX02289 SSRT071461 rev.1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2930"], "modified": "2021-01-11T00:00:00", "cpe": ["cpe:/o:hp:hp-ux"], "id": "HPUX_PHNE_36185.NASL", "href": "https://www.tenable.com/plugins/nessus/29199", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and patch checks in this plugin were \n# extracted from HP patch PHNE_36185. The text itself is\n# copyright (C) Hewlett-Packard Development Company, L.P.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29199);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2007-2930\");\n script_xref(name:\"HP\", value:\"emr_na-c01283837\");\n script_xref(name:\"HP\", value:\"HPSBUX02289\");\n script_xref(name:\"HP\", value:\"SSRT071461\");\n\n script_name(english:\"HP-UX PHNE_36185 : HP-UX Running BIND 8, Remote DNS Cache Poisoning (HPSBUX02289 SSRT071461 rev.1)\");\n script_summary(english:\"Checks for the patch in the swlist output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote HP-UX host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"s700_800 11.11 Bind 8.1.2 Patch : \n\nA potential vulnerability has been identified with HP-UX running BIND\n8. The vulnerability could be exploited remotely to cause DNS cache\npoisoning.\"\n );\n # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01283837\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?832f0c09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install patch PHNE_36185 or subsequent.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:hp:hp-ux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"HP-UX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/HP-UX/version\", \"Host/HP-UX/swlist\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"hpux.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/HP-UX/version\")) audit(AUDIT_OS_NOT, \"HP-UX\");\nif (!get_kb_item(\"Host/HP-UX/swlist\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (!hpux_check_ctx(ctx:\"11.11\"))\n{\n exit(0, \"The host is not affected since PHNE_36185 applies to a different OS release.\");\n}\n\npatches = make_list(\"PHNE_36185\");\nforeach patch (patches)\n{\n if (hpux_installed(app:patch))\n {\n exit(0, \"The host is not affected because patch \"+patch+\" is installed.\");\n }\n}\n\n\nflag = 0;\nif (hpux_check_patch(app:\"InternetSrvcs.INET-ENG-A-MAN\", version:\"B.11.11\")) flag++;\nif (hpux_check_patch(app:\"InternetSrvcs.INETSVCS-RUN\", version:\"B.11.11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:hpux_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-03-27T14:16:17", "description": "SunOS 5.8_x86: libresolv.so.2, in.named an.\nDate this patch was last updated by Sun : Mar/09/09", "cvss3": {"score": null, "vector": null}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 8 (x86) : 109327-24", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2930", "CVE-2008-0122", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0696"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_X86_109327.NASL", "href": "https://www.tenable.com/plugins/nessus/13429", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13429);\n script_version(\"1.52\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2930\", \"CVE-2008-0122\", \"CVE-2008-1447\", \"CVE-2008-4194\", \"CVE-2009-0696\");\n script_xref(name:\"IAVA\", value:\"2008-A-0045\");\n\n script_name(english:\"Solaris 8 (x86) : 109327-24\");\n script_summary(english:\"Check for patch 109327-24\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 109327-24\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8_x86: libresolv.so.2, in.named an.\nDate this patch was last updated by Sun : Mar/09/09\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/109327-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109327-24\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109327-24\", obsoleted_by:\"\", package:\"SUNWcstl\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109327-24\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109327-24\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109327-24\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8_x86\", arch:\"i386\", patch:\"109327-24\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.8.0,REV=2000.01.08.18.17\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:13:00", "description": "SunOS 5.8: libresolv.so.2, in.named and BI.\nDate this patch was last updated by Sun : Mar/09/09", "cvss3": {"score": null, "vector": null}, "published": "2004-07-12T00:00:00", "type": "nessus", "title": "Solaris 8 (sparc) : 109326-24", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2930", "CVE-2008-0122", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0696"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS8_109326.NASL", "href": "https://www.tenable.com/plugins/nessus/13321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(13321);\n script_version(\"1.55\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2930\", \"CVE-2008-0122\", \"CVE-2008-1447\", \"CVE-2008-4194\", \"CVE-2009-0696\");\n script_xref(name:\"IAVA\", value:\"2008-A-0045\");\n\n script_name(english:\"Solaris 8 (sparc) : 109326-24\");\n script_summary(english:\"Check for patch 109326-24\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 109326-24\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.8: libresolv.so.2, in.named and BI.\nDate this patch was last updated by Sun : Mar/09/09\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/109326-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWcstlx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWarcx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWcstl\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWcslx\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWcsr\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\nif (solaris_check_patch(release:\"5.8\", arch:\"sparc\", patch:\"109326-24\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.8.0,REV=2000.01.08.18.12\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:solaris_get_report());\n else security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:26:35", "description": "SunOS 5.9: in.dhcpd libresolv and BIND9 pa.\nDate this patch was last updated by Sun : Jul/21/11", "cvss3": {"score": null, "vector": null}, "published": "2007-09-25T00:00:00", "type": "nessus", "title": "Solaris 9 (sparc) : 112837-24", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2930", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0025", "CVE-2009-0050", "CVE-2009-0051", "CVE-2009-0696"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_112837.NASL", "href": "https://www.tenable.com/plugins/nessus/26165", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(26165);\n script_version(\"1.48\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2930\", \"CVE-2008-1447\", \"CVE-2008-4194\", \"CVE-2009-0025\", \"CVE-2009-0050\", \"CVE-2009-0051\", \"CVE-2009-0696\");\n script_xref(name:\"IAVA\", value:\"2008-A-0045\");\n\n script_name(english:\"Solaris 9 (sparc) : 112837-24\");\n script_summary(english:\"Check for patch 112837-24\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 112837-24\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9: in.dhcpd libresolv and BIND9 pa.\nDate this patch was last updated by Sun : Jul/21/11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/112837-24\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/09/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWcstlx\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWarcx\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWcstl\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWdhcsu\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWinamd\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWcslx\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9\", arch:\"sparc\", patch:\"112837-24\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.9.0,REV=2002.04.06.15.27\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:30:38", "description": "SunOS 5.9_x86: in.dhcpd libresolv and BIND.\nDate this patch was last updated by Sun : Jul/21/11", "cvss3": {"score": null, "vector": null}, "published": "2007-10-17T00:00:00", "type": "nessus", "title": "Solaris 9 (x86) : 114265-23", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2930", "CVE-2008-1447", "CVE-2008-4194", "CVE-2009-0025", "CVE-2009-0050", "CVE-2009-0051", "CVE-2009-0696"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:sun:solaris"], "id": "SOLARIS9_X86_114265.NASL", "href": "https://www.tenable.com/plugins/nessus/27094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27094);\n script_version(\"1.45\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2007-2930\", \"CVE-2008-1447\", \"CVE-2008-4194\", \"CVE-2009-0025\", \"CVE-2009-0050\", \"CVE-2009-0051\", \"CVE-2009-0696\");\n script_xref(name:\"IAVA\", value:\"2008-A-0045\");\n\n script_name(english:\"Solaris 9 (x86) : 114265-23\");\n script_summary(english:\"Check for patch 114265-23\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 114265-23\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.9_x86: in.dhcpd libresolv and BIND.\nDate this patch was last updated by Sun : Jul/21/11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/114265-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"You should install this patch for your system to be up-to-date.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 287, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:sun:solaris\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114265-23\", obsoleted_by:\"\", package:\"SUNWhea\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114265-23\", obsoleted_by:\"\", package:\"SUNWcstl\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114265-23\", obsoleted_by:\"\", package:\"SUNWdhcsu\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114265-23\", obsoleted_by:\"\", package:\"SUNWinamd\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114265-23\", obsoleted_by:\"\", package:\"SUNWcsu\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114265-23\", obsoleted_by:\"\", package:\"SUNWcsl\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\nif (solaris_check_patch(release:\"5.9_x86\", arch:\"i386\", patch:\"114265-23\", obsoleted_by:\"\", package:\"SUNWarc\", version:\"11.9.0,REV=2002.11.04.02.51\") < 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2021-09-28T17:51:29", "description": "### Overview\n\nISC BIND version 8 generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches.\n\n### Description\n\nThe [Berkeley Internet Name Domain](<http://www.isc.org/sw/bind/>) (BIND) is a popular Domain Name System (DNS) implementation from [Internet Systems Consortium](<http://www.isc.org/>) (ISC). Version 8 of the BIND software uses a weak algorithm to generate DNS query identifiers. This condition allows an attacker to reliably guess the next query ID, thereby allowing for DNS cache poisoning attacks.\n\nISC states that this bug only affects outgoing queries, generated by BIND 8 to answer questions as a resolver, or when it is looking up data for internal uses, such as when sending `NOTIFY` messages to slave name servers. Note that although this vulnerability is similar in nature and impact to [VU#252735](<http://www.kb.cert.org/vuls/id/252735>), it is a distinct issue. \n \n--- \n \n### Impact\n\nA remote attacker with the ability to predict DNS query IDs and respond with arbitrary answers, could poison DNS caches. \n \n--- \n \n### Solution\n\n**Upgrade or apply a patch** \n \nUsers should obtain a patch from their operating system vendor when available. Please see the Systems Affected section of this document for more information about specific vendors. \n \nUsers who compile their own versions of BIND 8 from the original ISC source code are encouraged to take the following actions described by ISC: \n \n`This issue is addressed in ISC BIND 8.4.7-P1, available as patch that ` \n`can be applied to BIND 8.4.7.` \n`The more definitive solution is to upgrade to BIND 9. BIND 8 is being ` \n`declared \"end of life\" by ISC due to multiple architectural issues. ` \n`See ISC's website at ``<http://www.isc.org>`` for more information and ` \n`assistance.` \n \n--- \n \n### Vendor Information\n\n927905\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Internet Software Consortium __ Affected\n\nNotified: August 21, 2007 Updated: August 27, 2007 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`This issue is addressed in ISC BIND 8.4.7-P1, available as patch that ` \n`can be applied to BIND 8.4.7.` \n`The more definitive solution is to upgrade to BIND 9. BIND 8 is being ` \n`declared \"end of life\" by ISC due to multiple architectural issues. ` \n`See ISC's website at ``<http://www.isc.org>`` for more information and ` \n`assistance.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nAdditional information about the problem and the End-of-life status for BIND version 8 can be found at the following location:\n\n \n<<http://www.isc.org/sw/bind/bind8-eol.php>>\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23927905 Feedback>).\n\n### BlueCat Networks, Inc. __ Not Affected\n\nNotified: August 27, 2007 Updated: August 28, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`No product from BlueCat Networks Inc. is affected by vulnerability VU#927905. Every product that we have issued has contained a version of BIND based on v9. We have no software that runs v8.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Infoblox __ Not Affected\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`We currently run BIND 9.3.4 and are not vulnerable to VU#927905.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Mandriva, Inc. __ Not Affected\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Mandriva does not ship BIND8 in any supported products and is not vulnerable to this issue.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Microsoft Corporation __ Not Affected\n\nNotified: August 27, 2007 Updated: August 28, 2007 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\n`Thank you for the heads up. While we do use the BIND protocol, we have our own implementation so these implementation-specific vulnerabilities should not affect us.`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Apple Computer, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Debian GNU/Linux Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### FreeBSD, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### GNU glibc Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Gnu ADNS Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation (zseries) Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Immunix Communications, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ingrian Networks, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Lucent Technologies Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Men & Mice Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Metasolv Software, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### QNX, Software Systems, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Shadowsupport Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Trustix Secure Linux Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: August 27, 2007 Updated: August 27, 2007 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\nView all 51 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics\n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References\n\n * <http://www.isc.org/index.pl?/sw/bind/bind8-eol.php>\n * <http://www.trusteer.com/docs/bind8dns.html>\n * <http://secunia.com/advisories/26629/>\n\n### Acknowledgements\n\nThanks to the Internet Systems Consortium (ISC) for reporting this vulnerability. ISC, in turn, credits Amit Klein from Trusteer for reporting this issue to them.\n\nThis document was written by Chad Dougherty.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2007-2930](<http://web.nvd.nist.gov/vuln/detail/CVE-2007-2930>) \n---|--- \n**Severity Metric:** | 2.14 \n**Date Public:** | 2007-08-27 \n**Date First Published:** | 2007-08-28 \n**Date Last Updated: ** | 2007-08-28 21:04 UTC \n**Document Revision: ** | 15 \n", "cvss3": {}, "published": "2007-08-28T00:00:00", "type": "cert", "title": "BIND version 8 generates cryptographically weak DNS query identifiers", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2930"], "modified": "2007-08-28T21:04:00", "id": "VU:927905", "href": "https://www.kb.cert.org/vuls/id/927905", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:02:00", "description": "The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND\n8 before 8.4.7-P1 generate predictable DNS query identifiers when sending\noutgoing queries such as NOTIFY messages when answering questions as a\nresolver, which allows remote attackers to poison DNS caches via unknown\nvectors. NOTE: this issue is different from CVE-2007-2926.", "cvss3": {}, "published": "2007-09-12T00:00:00", "type": "ubuntucve", "title": "CVE-2007-2930", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2930"], "modified": "2007-09-12T00:00:00", "id": "UB:CVE-2007-2930", "href": "https://ubuntu.com/security/CVE-2007-2930", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-24T12:56:46", "description": "Check for the Version of BIND 8", "cvss3": {}, "published": "2009-05-05T00:00:00", "type": "openvas", "title": "HP-UX Update for BIND 8 HPSBUX02289", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-2930"], "modified": "2017-07-06T00:00:00", "id": "OPENVAS:835083", "href": "http://plugins.openvas.org/nasl.php?oid=835083", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# HP-UX Update for BIND 8 HPSBUX02289\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"Remote DNS cache poisoning\";\ntag_affected = \"BIND 8 on\n HP-UX B.11.11 running BIND v8\";\ntag_insight = \"A potential vulnerability has been identified with HP-UX running BIND 8. The \n vulnerability could be exploited remotely tocause DNS cache poisoning.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01283837-1\");\n script_id(835083);\n script_version(\"$Revision: 6584 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 16:13:23 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-05-05 12:14:23 +0200 (Tue, 05 May 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"HPSBUX\", value: \"02289\");\n script_cve_id(\"CVE-2007-2930\");\n script_name( \"HP-UX Update for BIND 8 HPSBUX02289\");\n\n script_summary(\"Check for the Version of BIND 8\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"HP-UX Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/hp_hp-ux\", \"ssh/login/release\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-hpux.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"HPUX11.11\")\n{\n\n if ((res = ishpuxpkgvuln(pkg:\"InternetSrvcs.INETSVCS-RUN\", patch_list:['PHNE_36185'], rls:\"HPUX11.11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2022-03-23T12:22:41", "description": "The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926.", "cvss3": {}, "published": "2007-09-12T01:17:00", "type": "cve", "title": "CVE-2007-2930", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-2926", "CVE-2007-2930"], "modified": "2018-10-16T16:46:00", "cpe": ["cpe:/a:isc:bind:8.4.7"], "id": "CVE-2007-2930", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2930", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:isc:bind:8.4.7:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:48:14", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2930. Reason: This candidate is a reservation duplicate of CVE-2007-2930. Notes: All CVE users should reference CVE-2007-2930 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2007-09-12T01:17:00", "type": "cve", "title": "CVE-2007-4019", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2007-2930", "CVE-2007-4019"], "modified": "2008-09-11T00:57:00", "cpe": [], "id": "CVE-2007-4019", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4019", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "securityvulns": [{"lastseen": "2018-08-31T11:10:24", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n###########################################################################\r\n# #\r\n# Phishing for Confirmations #\r\n# #\r\n# Certificate spoofing with subjectAltName and domain name wildcards #\r\n# #\r\n###########################################################################\r\n\r\n URL: <http://nils.toedtmann.net/pub/subjectAltName.txt>\r\n Version: 2007-11-16-07\r\n Author: Nils Toedtmann <subjectAltName-mail@nils.toedtmann.net>\r\n License: Dual Creative Commons BY-ND & BY-NC-SA (see below)\r\n\r\n\r\n Disclaimer\r\n============\r\n\r\nThis is not an advisory but a reproval. These issues have been discussed for\r\nyears now at mozilla.org. But the developers seem to underestimate or ignore\r\ntheir severeness, particularly when being combined. Additionally i found \r\n(probably not at first) that more browsers are affected.\r\n\r\n\r\n Abstract\r\n==========\r\n\r\nModern browsers accept more than one (wildcard) domain name within a X.509 \r\ncertificate, although displaying only one of them (the DN's CN) to the user.\r\nIt is essential for preventing TLS-enriched domain name spoofing to bind \r\nuser-approved certificates from unknown CAs to the presenting hostname. \r\n\r\nMozilla based browsers, Konqueror and Safari 2 fail that binding, so once a\r\nuser accepted a certificate issued by a CA unknown to the browser, he is\r\nvulnerable to certificate spoofing. \r\n\r\nTo make things worse, some browsers match generic wildcard domain names \r\nlike *.com or even *.\r\n\r\nThere's a demonstration at <http://test.eonis.net/>, check it out.\r\n\r\n\r\n Introduction\r\n==============\r\n\r\nThere were and are and will be many ways to trap browser to a false web server\r\nwith a spoofed hostname. For example DNS spoofing [1], domain name hijacking\r\n[2] or other man-in-the-middle attacks [3].\r\n\r\nDomain name authentication through X.509 certificates is an additional line of\r\ndefense against browser-external phishing attempts as the phisher cannot spoof\r\nthe TLS-handshake with the original certificate. But this defense only holds\r\nif browser and user handle certificates properly.\r\n\r\nB.t.w: Even correctly handled certificates do not protect against similar-\r\nhostname-attacks [4] or in-browser attacks like location bar manipulation [5].\r\n\r\n\r\n subjectAltName\r\n================\r\n\r\nThe X.509 standard [6] defines the certificate extension "subjectAltName". It\r\ncan be used to supply additional information about the certificate's subject.\r\nWhen used for TLS, certificates can carry only one domain name in the \r\nsubject's DN ("distinguished name") field CN ("common name"), so additional \r\ndomain names are stored as subjectAltName:dNSName. (Some implementations\r\naccept more than one CN in a DN, but that's uncommon.)\r\n\r\nModern browsers respect this. They consider a X.509 certificate valid for \r\na web server only if the CN part of the certificate's subject DN *or* one of \r\nthe subjectAltName:dNSName extensions matches the web server's hostname \r\n(Some browsers ignore the CN if a subjectAltName:dNSName is present). As long\r\nas the TLS extension "server name indication" (SNI) [7] is not widely adopted\r\nby clients and servers, this is a useful method for virtual HTTPS hosting.\r\n\r\nIf a HTTPS-server presents a certificate during the TLS handshake but its \r\nissuer is not in the browser's list of accredited trustworthy CAs, the browser\r\nraises a warning. The user may decide to accept the certificate (temporarily \r\nor permanently by installing it into the browser's certificate storage) and\r\nto proceed.\r\n\r\nUnfortunately, no major browser displays existing subjectAltName:dNSName fields\r\nin the standard certificate view dialog, although subjectAltName:dNSName has \r\nbecome equivalent to the displayed subject's CN. The user has do dive deeply\r\ninto the "certificate details" to detect bogus subjectAltNames.\r\n\r\nWhen a second (virtual) HTTPS-server (different hostname, same or different IP\r\naddress) presents the same certificate, the browser SHOULD raise the "unknown\r\nissuer" warning again, even if the hostname matches one of the certified\r\ndomain names. If the browser fails in binding user-approved certificates to the\r\noriginating hostname the user won't notice certificate spoofing. Unfortunately,\r\nRFC 2818 (HTTPS) [8] does not cover this case.\r\n\r\n\r\n Domain name wildcards\r\n=======================\r\n\r\nSubject's CN and subjectAltName may be wildcard domain names like \r\n*.example.com. Wildcard matching is not specified in RFC 3280 but RFC 2818:\r\n\r\n "Names may contain the wildcard\r\n character * which is considered to match any single domain name\r\n component or component fragment. E.g., *.a.com matches foo.a.com but\r\n not bar.foo.a.com. f*.com matches foo.com but not bar.com."\r\n\r\nSo "loose matching" like www.test.example.com=*.example.com or \r\nwww.example.com=*.com or example.com=* violates RFC 2818.\r\n\r\nAnd though standard compliant, matching "generic wildcards" like top- or \r\nsecond-level wildcards (museum.=*, example.com=*.com) or third-level wildcards\r\nwithin generic SLDs (example.co.uk=*.co.uk) should be considered bad practice.\r\n\r\n\r\n Accepting certificates permanently\r\n====================================\r\n\r\nIf a user visits a HTTPS server with a unknown-issuer-cert regularly, she may\r\nwish to avoid the "unknown issuer" warning. A browser SHOULD offer the option \r\nto store the web server's certificate permanently. Both alternatives - \r\naccepting the cert on each connect temporarily or storing and trusting the \r\nparent CA certificate permanently - are less secure. The former does not \r\nprotect against certificate spoofing on subsequent connects, the latter also \r\ntrusts all other certificates issued by that CA.\r\n\r\nOf course the web server's certificate should be bound to it's hostname again.\r\n\r\n\r\n The real world: results by bug\r\n================================\r\n\r\n * [loose-wildcard-match]\r\n Matching the wildcard "*" with the dot (which is a violation of standards)\r\n and/or matching SLD and TLD wildcards is a minor security issue, but it\r\n aggravates the next two.\r\n\r\n Results: Mozilla based browsers, Safari 2 and Opera suffer from it. All\r\n major browsers match wildcards in generic SLDs like "*.co.uk".\r\n\r\n\r\n * [subjectAltName-not-shown]\r\n Not displaying existing subjectAltNames in the standard certificate view\r\n is - alone - a slight security issue. But it worsens the next one as the\r\n user has almost no chance to notice a spoofing attempt.\r\n\r\n Results: All tested browsers suffer from this.\r\n\r\n\r\n * [no-cert-name-binding]\r\n Not binding user-approved certificates to the originating hostname is a\r\n major bug which enables certificate spoofing. Results:\r\n\r\n Results: Browsers based on Mozilla <=1.9a8, Konqueror, and Safari 2 are\r\n affected.\r\n \r\n\r\n * [servercert-storage]\r\n Lacking this feature is not a bug but leads to less secure certificate\r\n handling. Results:\r\n\r\n Opera cannot store web server certificates. MSIE and Safari can, but that\r\n does not eliminate the "unknown issuer" warnings.\r\n \r\n This time the points go to Mozilla & Konqueror, at least ;)\r\n\r\n\r\n Results by browser\r\n====================\r\n\r\n * Mozilla based\r\n\r\n loose-wildcard-match: Affected [9, #159483 from 07/2002]\r\n subjectAltName-not-shown: Affected [9, #238142 from 03/2004]\r\n no-cert-name-binding: AFFECTED! (>=1.9 not) [9, #240261 from 04/2004]\r\n servercert-storage: Yes\r\n\r\n Note: Mozilla 1.9 (>= M9) incorporates a new, sophisticated version of its\r\n certificate manager "Personal Security Manager" (PSM) which binds certs to\r\n hostnames. Upcoming Firefox 3 will be based on this.\r\n\r\n Vendor status: #402347 filed on 2007/11/03, declared DUPE of #240261 \r\n (filed 2004/04/11), fixed in Mozilla-1.9/Firefox-3 [#327181], declared\r\n WONTFIX for Mozilla-1.8/Firefox-2 [#402347 comment #4].\r\n\r\n * Firefox 2.0.0.8 (FreeBSD, Linux), 2.0.0.9 (Win32)\r\n * Firefox 3.0 Alpha (3.0a8/Linux, 3.0a7/Win32)\r\n * Minefield 3.0a9pre (Windows) (not affected by [no-cert-name-binding])\r\n * Iceweasel 2.0.0.7\r\n * IceApe 1.1.5\r\n * Netscape 9.0 (Win32)\r\n * SeaMonkey 1.1.5 (Win32)\r\n * Epiphany 2.18.1\r\n * K-Meleon 1.12\r\n\r\n\r\n * Konqueror\r\n\r\n loose-wildcard-match: - (but matches wildcards in generic SLDs)\r\n subjectAltName-not-shown: Affected\r\n no-cert-name-binding: AFFECTED!\r\n servercert-storage: Yes\r\n\r\n Note: Konqueror does not show any certificate extension (like \r\n subjectAltName), not even in the details.\r\n\r\n Vendor status: Bug report sent to <security@kde.org> on 2007/11/06,\r\n issue under investigation at kde.org.\r\n\r\n * Konqueror 3.5.5 [ToDo: 3.5.8], 3.95.00 (=4.0 Beta4)\r\n\r\n\r\n * Safari\r\n\r\n loose-wildcard-match: - [ToDo: S3/MacOS] [Safari2: Affected]\r\n subjectAltName-not-shown: Affected\r\n no-cert-name-binding: - [Safari2: AFFECTED!]\r\n servercert-storage: See note\r\n\r\n Note: Safari actually can store webserver certs, but without trusting\r\n the parent CA cert that does not eliminate "unknown issuer" warnings.\r\n\r\n Safari 3 Public Beta for Windows has no own certificate storage but uses\r\n Windows' certificate list and validation mechs, so see MSIE instead.\r\n\r\n Vendor status: Reply from the Apple Product Security team: "There is no\r\n plan to address this in Safari 2. Safari 3 is recommended for all Safari 2\r\n users and is available as a free upgrade as part of 10.4.11."\r\n \r\n * Safari 2.0.4 (MacOS 10.4.10/WebKit 419.3)\r\n * Safari 3.0.4 (MacOS 10.4.11/WebKit 523.12, MacOS 10.5/WebKit 523.10.3)\r\n * Safari Public Beta for Windows 3.0.4 (Win32/WebKit 523.12.9)\r\n\r\n\r\n * Opera\r\n\r\n loose-wildcard-match: Affected\r\n subjectAltName-not-shown: Affected\r\n no-cert-name-binding: -\r\n servercert-storage: Missing\r\n\r\n Note: Opera has no option to install a web server certificate but makes\r\n installing the parent CA cert very easy (2 clicks). This misleads users\r\n annoyed by warnings to do so.\r\n\r\n * Opera 9.0.23 (Linux)\r\n * Opera 9.0.24 (Win32)\r\n\r\n\r\n * MSIE\r\n \r\n loose-wildcard-match: - (but matches wildcards in generic SLDs)\r\n subjectAltName-not-shown: Affected\r\n no-cert-name-binding: -\r\n servercert-storage: Missing (see note #1)\r\n\r\n Note 1: MSIE can actually store web server certificates, but without \r\n trusting the parent CA cert that does not eliminate "unknown issuer"\r\n warnings.\r\n\r\n Note 2: If there is a problem with the web server's certificate, MSIE7\r\n just says that "there is some problem". If you want to view the cert, or\r\n to know the nature of the problem (maybe the cert just expired?) you have\r\n to proceed. When you then realize that the CA is wrong, the cookie is\r\n stolen already.\r\n\r\n Note 3: Microsoft's attitude "There's a problem, but you do not need\r\n to know what kind of a problem. Abort (recommended) or proceed?" is really\r\n counterproductive and will not raise security awareness amongst users. In\r\n fact, users get trained to ignore security alerts. But that's another \r\n story...\r\n\r\n * MSIE 6.0.2900.2180 (WinXP Pro SP2)\r\n * MSIE 7.0.5730.11 (WinXP Pro SP2)\r\n * MSIE 7 (Windows Vista Ultimate) [ToDo: exact version]\r\n\r\n\r\n Sources\r\n=========\r\n\r\n[1] Recent DNS spoofing issues\r\n CVE-2007-2930: <http://www.trusteer.com/docs/bind8dns.html>\r\n CVE-2007-2926: <http://www.trusteer.com/docs/bind9dns.html>\r\n MS07-062 <http://www.microsoft.com/technet/security/bulletin/ms07-062.mspx>\r\n\r\n[2] DE-registry press releases about the hijacking of eBay.de and google.de\r\n <http://www.denic.de/en/denic/presse/press_60.html>\r\n <http://www.denic.de/de/denic/presse/press_79.html> (German)\r\n\r\n[3] dsniff <http://monkey.org/~dugsong/dsniff/>\r\n ettercap <http://ettercap.sourceforge.net/>\r\n\r\n[4] IDN homograph spoofing\r\n <http://www.shmoo.com/idn/homograph.txt>\r\n\r\n[5] Recent URL spoofing issues CVE-2007-3656, CVE-2007-3826, CVE-2007-3819\r\n <http://www.heise-security.co.uk/news/92725>\r\n\r\n[6] RFC 3280: "Internet X.509 Public Key Infrastructure"\r\n <http://www.ietf.org/rfc/rfc3280.txt>\r\n\r\n[7] RFC 3546: "Transport Layer Security (TLS) Extensions" (SNI)\r\n <http://www.ietf.org/rfc/rfc3546.txt>\r\n\r\n[8] RFC 2818: "HTTP Over TLS" (HTTPS)\r\n <http://www.ietf.org/rfc/rfc2818.txt>\r\n\r\n[9] Mozilla bugtracker\r\n #159483: "cert name matching: RFC 2818 vs. backwards compatibility"\r\n <https://bugzilla.mozilla.org/show_bug.cgi?id=159483>\r\n\r\n #238142: "server mismatch dialog doesn't show subject alt names"\r\n <https://bugzilla.mozilla.org/show_bug.cgi?id=238142> (not public)\r\n\r\n #240261: "peer-trusted certs can use alt names to spoof"\r\n <https://bugzilla.mozilla.org/show_bug.cgi?id=240261>\r\n\r\n #327181: "Improve error reporting for invalid-certificate errors"\r\n <https://bugzilla.mozilla.org/show_bug.cgi?id=327181> (#28, #51, #72)\r\n\r\n #402347: "Not binding X.509 certificate to originating domain name allows\r\n certificate spoofing" (dupe of #240261, but public)\r\n <https://bugzilla.mozilla.org/show_bug.cgi?id=402347>\r\n\r\n * Peter Gutmann: "X.509 Style Guide"\r\n <http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt>\r\n Peter Gutmann: "Security Usability Fundamentals"\r\n <http://www.cs.auckland.ac.nz/~pgut001/pubs/usability.pdf>\r\n\r\n * Geotrust: "Vulnerability of First-Generation Digital Certificates [...]"\r\n <http://www.antiphishing.org/sponsors_technical_papers/SSLVulnerabilityWPcds.pdf>\r\n\r\n * subjectAltName test site <http://test.eonis.net/> \r\n\r\n\r\n ToDo\r\n======\r\n\r\n * Translate into proper English\r\n * Test more browsers (Camino) and other TLS clients like MUAs\r\n * Check MSIE for reg-hacks to alter cert handling\r\n * Actually read the referenced sources ;)\r\n * Find a braindead major-browser-accredited CA which signs my certificate \r\n request with hidden TLD-wildcard subjectAltName. Take over the internet.\r\n\r\n\r\n License\r\n=========\r\n\r\nThis document is dual licenced under the Creative Commons licenses BY-ND 3.0\r\nand BY-NC-SA 3.0, so you may distribute it unaltered. For noncommercial \r\npurposes you may do anything you want unless you credit me and keep the \r\nBY-NC-SA license. See\r\n\r\n <http://creativecommons.org/licenses/by-nd/3.0/>\r\n <http://creativecommons.org/licenses/by-nc-sa/3.0/>\r\n\r\n\r\n About me\r\n==========\r\n\r\nMy name is Nils, and i am yet another paranoid network admin. Contact:\r\n\r\n <subjectAltName-mail@nils.toedtmann.net> \r\n $ whois toedtmann.net | grep owner-c\r\n\r\n\r\n Credits\r\n=========\r\n\r\n * Testing: Joerg Baach, Oliver Regehr, Uli Groene, Ingo Luetkebohle, \r\n Oliver Schonefeld, Marcus Grieger\r\n * Hosting: Fargonauten <http://fargonauten.de/> Marcant <http://marcant.net/>\r\n * Wordproc: Vim <http://www.vim.org/>, Aspell, LEO <http://dict.leo.org/>\r\n * Birthing: Mami\r\n\r\n\r\n123456789|123456789|123456789|123456789|123456789|123456789|123456789|123456789\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (GNU/Linux)\r\n\r\niD8DBQFHQFtVWSNYFlGcTrMRAuinAJ4zinO74OeoEhGnRU9TAOsZXgSmxQCfb3wr\r\nOb8/FNQThEHekHFjhdne9N8=\r\n=3jmj\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "cvss3": {}, "published": "2007-11-19T00:00:00", "title": "ertificate spoofing with subjectAltName and domain name wildcards", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-3826", "CVE-2007-2930", "CVE-2007-3656", "CVE-2007-2926", "CVE-2007-3819"], "modified": "2007-11-19T00:00:00", "id": "SECURITYVULNS:DOC:18452", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:18452", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}

HP-UX Update for BIND 8 HPSBUX02289

Description

Related