{"id": "OPENVAS:1361412562310878029", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora: Security Advisory for adns (FEDORA-2020-530188bf36)", "description": "The remote host is missing an update for the ", "published": "2020-07-03T00:00:00", "modified": "2020-07-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878029", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR", "2020-530188bf36"], "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "lastseen": "2020-07-21T19:42:44", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["OPENSUSE-2020-827.NASL", "SUSE_SU-2020-1612-1.NASL", "FEDORA_2020-E59BCAF702.NASL", "FREEBSD_PKG_08DE38D2E2D011EA95380C9D925BBBC0.NASL", "FEDORA_2020-530188BF36.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310853217", "OPENVAS:1361412562310878013"]}, {"type": "freebsd", "idList": ["08DE38D2-E2D0-11EA-9538-0C9D925BBBC0"]}, {"type": "fedora", "idList": ["FEDORA:DF8A3311BA2B", "FEDORA:EA30230B703D"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0827-1"]}, {"type": "cve", "idList": ["CVE-2017-9104", "CVE-2017-9109", "CVE-2017-9106", "CVE-2017-9108", "CVE-2017-9105", "CVE-2017-9103", "CVE-2017-9107"]}], "modified": "2020-07-21T19:42:44", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2020-07-21T19:42:44", "rev": 2}, "vulnersScore": 7.4}, "pluginID": "1361412562310878029", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878029\");\n script_version(\"2020-07-10T06:57:28+0000\");\n script_cve_id(\"CVE-2017-9105\", \"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9109\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-10 06:57:28 +0000 (Fri, 10 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 03:20:59 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for adns (FEDORA-2020-530188bf36)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-530188bf36\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'adns'\n package(s) announced via the FEDORA-2020-530188bf36 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"adns is a resolver library for C (and C++) programs. In contrast with\nthe existing interfaces, gethostbyname et al and libresolv, it has the\nfollowing features:\n\n - It is reasonably easy to use for simple programs which just want to\n translate names to addresses, look up MX records, etc.\n\n - It can be used in an asynchronous, non-blocking, manner. Many\n queries can be handled simultaneously.\n\n - Responses are decoded automatically into a natural representation\n for a C program - there is no need to deal with DNS packet formats.\n\n - Sanity checking (eg, name syntax checking, reverse/forward\n correspondence, CNAME pointing to CNAME) is performed automatically.\n\n - Time-to-live, CNAME and other similar information is returned in an\n easy-to-use form, without getting in the way.\n\n - There is no global state in the library, resolver state is an opaque\n data structure which the client creates explicitly. A program can have\n several instances of the resolver.\n\n - Errors are reported to the application in a way that distinguishes\n the various causes of failure properly.\n\n - Understands conventional resolv.conf, but this can overridden by\n environment variables.\n\n - Flexibility. For example, the application can tell adns to: ignore\n environment variables (for setuid programs), disable sanity checks eg\n to return arbitrary data, override or ignore resolv.conf in favour of\n supplied configuration, etc.\n\n - Believed to be correct ! For example, will correctly back off to TCP\n in case of long replies or queries, or to other nameservers if several\n are available. It has sensible handling of bad responses etc.\");\n\n script_tag(name:\"affected\", value:\"'adns' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"adns\", rpm:\"adns~1.6.0~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "naslFamily": "Fedora Local Security Checks"}

{"fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9103", "CVE-2017-9104", "CVE-2017-9105", "CVE-2017-9106", "CVE-2017-9107", "CVE-2017-9108", "CVE-2017-9109"], "description": "adns is a resolver library for C (and C++) programs. In contrast with the existing interfaces, gethostbyname et al and libresolv, it has the following features: - It is reasonably easy to use for simple programs which just want to translate names to addresses, look up MX records, etc. - It can be used in an asynchronous, non-blocking, manner. Many queries can be handled simultaneously. - Responses are decoded automatically into a natural representation for a C program - there is no need to deal with DNS packet formats. - Sanity checking (eg, name syntax checking, reverse/forward correspondence, CNAME pointing to CNAME) is performed automatically. - Time-to-live, CNAME and other similar information is returned in an easy-to-use form, without getting in the way. - There is no global state in the library; resolver state is an opaque data structure which the client creates explicitly. A program can have several instances of the resolver. - Errors are reported to the application in a way that distinguishes the various causes of failure properly. - Understands conventional resolv.conf, but this can overridden by environment variables. - Flexibility. For example, the application can tell adns to: ignore environment variables (for setuid programs), disable sanity checks eg to return arbitrary data, override or ignore resolv.conf in favour of supplied configuration, etc. - Believed to be correct ! For example, will correctly back off to TCP in case of long replies or queries, or to other nameservers if several are available. It has sensible handling of bad responses etc. ", "modified": "2020-07-01T01:38:17", "published": "2020-07-01T01:38:17", "id": "FEDORA:EA30230B703D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 31 Update: adns-1.6.0-1.fc31", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9103", "CVE-2017-9104", "CVE-2017-9105", "CVE-2017-9106", "CVE-2017-9107", "CVE-2017-9108", "CVE-2017-9109"], "description": "adns is a resolver library for C (and C++) programs. In contrast with the existing interfaces, gethostbyname et al and libresolv, it has the following features: - It is reasonably easy to use for simple programs which just want to translate names to addresses, look up MX records, etc. - It can be used in an asynchronous, non-blocking, manner. Many queries can be handled simultaneously. - Responses are decoded automatically into a natural representation for a C program - there is no need to deal with DNS packet formats. - Sanity checking (eg, name syntax checking, reverse/forward correspondence, CNAME pointing to CNAME) is performed automatically. - Time-to-live, CNAME and other similar information is returned in an easy-to-use form, without getting in the way. - There is no global state in the library; resolver state is an opaque data structure which the client creates explicitly. A program can have several instances of the resolver. - Errors are reported to the application in a way that distinguishes the various causes of failure properly. - Understands conventional resolv.conf, but this can overridden by environment variables. - Flexibility. For example, the application can tell adns to: ignore environment variables (for setuid programs), disable sanity checks eg to return arbitrary data, override or ignore resolv.conf in favour of supplied configuration, etc. - Believed to be correct ! For example, will correctly back off to TCP in case of long replies or queries, or to other nameservers if several are available. It has sensible handling of bad responses etc. ", "modified": "2020-07-01T01:51:48", "published": "2020-07-01T01:51:48", "id": "FEDORA:DF8A3311BA2B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: adns-1.6.0-1.fc32", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-07-21T19:46:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "description": "The remote host is missing an update for the ", "modified": "2020-07-06T00:00:00", "published": "2020-07-02T00:00:00", "id": "OPENVAS:1361412562310878013", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310878013", "type": "openvas", "title": "Fedora: Security Advisory for adns (FEDORA-2020-e59bcaf702)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.878013\");\n script_version(\"2020-07-06T06:27:18+0000\");\n script_cve_id(\"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9105\", \"CVE-2017-9109\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-06 06:27:18 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-02 03:39:02 +0000 (Thu, 02 Jul 2020)\");\n script_name(\"Fedora: Security Advisory for adns (FEDORA-2020-e59bcaf702)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-e59bcaf702\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'adns'\n package(s) announced via the FEDORA-2020-e59bcaf702 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"adns is a resolver library for C (and C++) programs. In contrast with\nthe existing interfaces, gethostbyname et al and libresolv, it has the\nfollowing features:\n\n - It is reasonably easy to use for simple programs which just want to\n translate names to addresses, look up MX records, etc.\n\n - It can be used in an asynchronous, non-blocking, manner. Many\n queries can be handled simultaneously.\n\n - Responses are decoded automatically into a natural representation\n for a C program - there is no need to deal with DNS packet formats.\n\n - Sanity checking (eg, name syntax checking, reverse/forward\n correspondence, CNAME pointing to CNAME) is performed automatically.\n\n - Time-to-live, CNAME and other similar information is returned in an\n easy-to-use form, without getting in the way.\n\n - There is no global state in the library, resolver state is an opaque\n data structure which the client creates explicitly. A program can have\n several instances of the resolver.\n\n - Errors are reported to the application in a way that distinguishes\n the various causes of failure properly.\n\n - Understands conventional resolv.conf, but this can overridden by\n environment variables.\n\n - Flexibility. For example, the application can tell adns to: ignore\n environment variables (for setuid programs), disable sanity checks eg\n to return arbitrary data, override or ignore resolv.conf in favour of\n supplied configuration, etc.\n\n - Believed to be correct ! For example, will correctly back off to TCP\n in case of long replies or queries, or to other nameservers if several\n are available. It has sensible handling of bad responses etc.\");\n\n script_tag(name:\"affected\", value:\"'adns' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"adns\", rpm:\"adns~1.6.0~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-25T13:30:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "description": "The remote host is missing an update for the ", "modified": "2020-06-24T00:00:00", "published": "2020-06-18T00:00:00", "id": "OPENVAS:1361412562310853217", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853217", "type": "openvas", "title": "openSUSE: Security Advisory for adns (openSUSE-SU-2020:0827-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853217\");\n script_version(\"2020-06-24T07:21:41+0000\");\n script_cve_id(\"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9105\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\", \"CVE-2017-9109\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-24 07:21:41 +0000 (Wed, 24 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-18 03:01:09 +0000 (Thu, 18 Jun 2020)\");\n script_name(\"openSUSE: Security Advisory for adns (openSUSE-SU-2020:0827-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0827-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00037.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'adns'\n package(s) announced via the openSUSE-SU-2020:0827-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for adns fixes the following issues:\n\n - CVE-2017-9103, CVE-2017-9104, CVE-2017-9105, CVE-2017-9109: Fixed an issue\n in local recursive resolver which could have led to remote code\n execution (bsc#1172265).\n\n - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could\n have led to denial of service (bsc#1172265).\n\n - CVE-2017-9107: Fixed an issue when querying domain names which could have\n led to denial of service (bsc#1172265).\n\n - CVE-2017-9108: Fixed an issue which could have led to denial of service\n (bsc#1172265).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-827=1\");\n\n script_tag(name:\"affected\", value:\"'adns' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"adns\", rpm:\"adns~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"adns-debuginfo\", rpm:\"adns-debuginfo~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"adns-debugsource\", rpm:\"adns-debugsource~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libadns-devel\", rpm:\"libadns-devel~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libadns1\", rpm:\"libadns1~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libadns1-debuginfo\", rpm:\"libadns1-debuginfo~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libadns-devel-32bit\", rpm:\"libadns-devel-32bit~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libadns1-32bit\", rpm:\"libadns1-32bit~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libadns1-32bit-debuginfo\", rpm:\"libadns1-32bit-debuginfo~1.5.1~lp151.3.3.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2020-06-18T01:22:59", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "description": "This update for adns fixes the following issues:\n\n - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an issue\n in local recursive resolver which could have led to remote code\n execution (bsc#1172265).\n - CVE-2017-9106: Fixed an issue with upstream DNS data sources which could\n have led to denial of service (bsc#1172265).\n - CVE-2017-9107: Fixed an issue when quering domain names which could have\n led to denial of service (bsc#1172265).\n - CVE-2017-9108: Fixed an issue which could have led to denial of service\n (bsc#1172265).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-06-18T00:19:58", "published": "2020-06-18T00:19:58", "id": "OPENSUSE-SU-2020:0827-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00037.html", "title": "Security update for adns (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "freebsd": [{"lastseen": "2020-08-20T15:35:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "description": "\nIan Jackson and the adns project reports:\n\nVulnerable applications: all adns callers.\n\t Exploitable by: the local recursive resolver.\n\t Likely worst case: Remote code execution.\nVulnerable applications: those that make SOA queries.\n\t Exploitable by: upstream DNS data sources.\n\t Likely worst case: DoS (crash of the adns-using application)\nVulnerable applications: those that use adns_qf_quoteok_query.\n\t Exploitable by: sources of query domain names.\n\t Likely worst case: DoS (crash of the adns-using application)\nVulnerable applications: adnshost.\n\t Exploitable by: code responsible for framing the input.\n\t Likely worst case: DoS (adnshost crashes at EOF).\n\n", "edition": 1, "modified": "2017-05-21T00:00:00", "published": "2017-05-21T00:00:00", "id": "08DE38D2-E2D0-11EA-9538-0C9D925BBBC0", "href": "https://vuxml.freebsd.org/freebsd/08de38d2-e2d0-11ea-9538-0c9d925bbbc0.html", "title": "adns -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-07-23T03:47:08", "description": "This update for adns fixes the following issues :\n\n - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109:\n Fixed an issue in local recursive resolver which could\n have led to remote code execution (bsc#1172265).\n\n - CVE-2017-9106: Fixed an issue with upstream DNS data\n sources which could have led to denial of service\n (bsc#1172265).\n\n - CVE-2017-9107: Fixed an issue when quering domain names\n which could have led to denial of service (bsc#1172265).\n\n - CVE-2017-9108: Fixed an issue which could have led to\n denial of service (bsc#1172265).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-20T00:00:00", "title": "openSUSE Security Update : adns (openSUSE-2020-827)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "modified": "2020-07-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libadns1-32bit-debuginfo", "cpe:/o:novell:opensuse:15.1", "p-cpe:/a:novell:opensuse:adns", "p-cpe:/a:novell:opensuse:libadns-devel", "p-cpe:/a:novell:opensuse:adns-debugsource", "p-cpe:/a:novell:opensuse:libadns-devel-32bit", "p-cpe:/a:novell:opensuse:libadns1-debuginfo", "p-cpe:/a:novell:opensuse:adns-debuginfo", "p-cpe:/a:novell:opensuse:libadns1", "p-cpe:/a:novell:opensuse:libadns1-32bit"], "id": "OPENSUSE-2020-827.NASL", "href": "https://www.tenable.com/plugins/nessus/138690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-827.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138690);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/22\");\n\n script_cve_id(\"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9105\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\", \"CVE-2017-9109\");\n\n script_name(english:\"openSUSE Security Update : adns (openSUSE-2020-827)\");\n script_summary(english:\"Check for the openSUSE-2020-827 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for adns fixes the following issues :\n\n - CVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109:\n Fixed an issue in local recursive resolver which could\n have led to remote code execution (bsc#1172265).\n\n - CVE-2017-9106: Fixed an issue with upstream DNS data\n sources which could have led to denial of service\n (bsc#1172265).\n\n - CVE-2017-9107: Fixed an issue when quering domain names\n which could have led to denial of service (bsc#1172265).\n\n - CVE-2017-9108: Fixed an issue which could have led to\n denial of service (bsc#1172265).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172265\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected adns packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:adns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:adns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:adns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libadns-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libadns-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libadns1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libadns1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libadns1-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libadns1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"adns-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"adns-debuginfo-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"adns-debugsource-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libadns-devel-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libadns1-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libadns1-debuginfo-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libadns-devel-32bit-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libadns1-32bit-1.5.1-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libadns1-32bit-debuginfo-1.5.1-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"adns / adns-debuginfo / adns-debugsource / libadns-devel / libadns1 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-28T18:51:25", "description": "Ian Jackson and the adns project reports :\n\nVulnerable applications: all adns callers. Exploitable by: the local\nrecursive resolver. Likely worst case: Remote code execution.\n\nVulnerable applications: those that make SOA queries. Exploitable by:\nupstream DNS data sources. Likely worst case: DoS (crash of the\nadns-using application)\n\nVulnerable applications: those that use adns_qf_quoteok_query.\nExploitable by: sources of query domain names. Likely worst case: DoS\n(crash of the adns-using application)\n\nVulnerable applications: adnshost. Exploitable by: code responsible\nfor framing the input. Likely worst case: DoS (adnshost crashes at\nEOF).", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-08-21T00:00:00", "title": "FreeBSD : adns -- multiple vulnerabilities (08de38d2-e2d0-11ea-9538-0c9d925bbbc0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "modified": "2020-08-21T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:adns"], "id": "FREEBSD_PKG_08DE38D2E2D011EA95380C9D925BBBC0.NASL", "href": "https://www.tenable.com/plugins/nessus/139738", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(139738);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/25\");\n\n script_cve_id(\"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9105\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\", \"CVE-2017-9109\");\n\n script_name(english:\"FreeBSD : adns -- multiple vulnerabilities (08de38d2-e2d0-11ea-9538-0c9d925bbbc0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ian Jackson and the adns project reports :\n\nVulnerable applications: all adns callers. Exploitable by: the local\nrecursive resolver. Likely worst case: Remote code execution.\n\nVulnerable applications: those that make SOA queries. Exploitable by:\nupstream DNS data sources. Likely worst case: DoS (crash of the\nadns-using application)\n\nVulnerable applications: those that use adns_qf_quoteok_query.\nExploitable by: sources of query domain names. Likely worst case: DoS\n(crash of the adns-using application)\n\nVulnerable applications: adnshost. Exploitable by: code responsible\nfor framing the input. Likely worst case: DoS (adnshost crashes at\nEOF).\"\n );\n # https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dc9e4e17\"\n );\n # https://vuxml.freebsd.org/freebsd/08de38d2-e2d0-11ea-9538-0c9d925bbbc0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26bd61e2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:adns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"adns<1.5.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-14T06:28:41", "description": "This update for adns fixes the following issues :\n\nCVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an\nissue in local recursive resolver which could have led to remote code\nexecution (bsc#1172265).\n\nCVE-2017-9106: Fixed an issue with upstream DNS data sources which\ncould have led to denial of service (bsc#1172265).\n\nCVE-2017-9107: Fixed an issue when quering domain names which could\nhave led to denial of service (bsc#1172265).\n\nCVE-2017-9108: Fixed an issue which could have led to denial of\nservice (bsc#1172265).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-18T00:00:00", "title": "SUSE SLES12 Security Update : adns (SUSE-SU-2020:1612-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "modified": "2020-06-18T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:adns-debugsource", "p-cpe:/a:novell:suse_linux:libadns1-debuginfo", "p-cpe:/a:novell:suse_linux:adns-debuginfo", "p-cpe:/a:novell:suse_linux:libadns1"], "id": "SUSE_SU-2020-1612-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137621", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1612-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137621);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9105\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\", \"CVE-2017-9109\");\n\n script_name(english:\"SUSE SLES12 Security Update : adns (SUSE-SU-2020:1612-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for adns fixes the following issues :\n\nCVE-2017-9103,CVE-2017-9104,CVE-2017-9105,CVE-2017-9109: Fixed an\nissue in local recursive resolver which could have led to remote code\nexecution (bsc#1172265).\n\nCVE-2017-9106: Fixed an issue with upstream DNS data sources which\ncould have led to denial of service (bsc#1172265).\n\nCVE-2017-9107: Fixed an issue when quering domain names which could\nhave led to denial of service (bsc#1172265).\n\nCVE-2017-9108: Fixed an issue which could have led to denial of\nservice (bsc#1172265).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172265\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9104/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9107/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-9109/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201612-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb1ef9b5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1612=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1612=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-1612=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1612=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1612=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1612=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1612=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1612=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1612=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1612=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1612=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1612=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1612=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1612=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1612=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9109\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:adns-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:adns-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libadns1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libadns1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"adns-debuginfo-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"adns-debugsource-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libadns1-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libadns1-debuginfo-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"adns-debuginfo-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"adns-debugsource-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libadns1-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libadns1-debuginfo-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"adns-debuginfo-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"adns-debugsource-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libadns1-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libadns1-debuginfo-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"adns-debuginfo-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"adns-debugsource-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libadns1-1.4-103.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libadns1-debuginfo-1.4-103.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"adns\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-07T01:56:48", "description": "New upstream release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-01T00:00:00", "title": "Fedora 32 : adns (2020-530188bf36)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "modified": "2020-07-01T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:adns"], "id": "FEDORA_2020-530188BF36.NASL", "href": "https://www.tenable.com/plugins/nessus/137926", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-530188bf36.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137926);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/06\");\n\n script_cve_id(\"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9105\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\", \"CVE-2017-9109\");\n script_xref(name:\"FEDORA\", value:\"2020-530188bf36\");\n\n script_name(english:\"Fedora 32 : adns (2020-530188bf36)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New upstream release\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-530188bf36\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected adns package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:adns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"adns-1.6.0-1.fc32\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"adns\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-07T01:58:53", "description": "New upstream release\n\n - Important security fixes: CVE-2017-9103 CVE-2017-9104\n CVE-2017-9105 CVE-2017-9109: &#9;Vulnerable\n applications: all adns callers. Exploitable by: the\n local recursive resolver. &#9;Likely worst case: Remote\n code execution. CVE-2017-9106: &#9;Vulnerable\n applications: those that make SOA queries. Exploitable\n by: upstream DNS data sources. &#9;Likely worst case:\n DoS (crash of the adns-using application) CVE-2017-9107:\n &#9;Vulnerable applications: those that use\n adns_qf_quoteok_query. Exploitable by: sources of query\n domain names. &#9;Likely worst case: DoS (crash of the\n adns-using application) CVE-2017-9108: &#9;Vulnerable\n applications: adnshost. Exploitable by: code responsible\n for framing the input. Likely worst case: DoS (adnshost\n crashes at EOF). All found by AFL 2.35b. Thanks to the\n University of Cambridge Department of Applied\n Mathematics for computing facilities.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-01T00:00:00", "title": "Fedora 31 : adns (2020-e59bcaf702)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-9105", "CVE-2017-9107", "CVE-2017-9104", "CVE-2017-9106", "CVE-2017-9109", "CVE-2017-9108", "CVE-2017-9103"], "modified": "2020-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:adns", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-E59BCAF702.NASL", "href": "https://www.tenable.com/plugins/nessus/137928", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-e59bcaf702.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137928);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/06\");\n\n script_cve_id(\"CVE-2017-9103\", \"CVE-2017-9104\", \"CVE-2017-9105\", \"CVE-2017-9106\", \"CVE-2017-9107\", \"CVE-2017-9108\", \"CVE-2017-9109\");\n script_xref(name:\"FEDORA\", value:\"2020-e59bcaf702\");\n\n script_name(english:\"Fedora 31 : adns (2020-e59bcaf702)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New upstream release\n\n - Important security fixes: CVE-2017-9103 CVE-2017-9104\n CVE-2017-9105 CVE-2017-9109: &#9;Vulnerable\n applications: all adns callers. Exploitable by: the\n local recursive resolver. &#9;Likely worst case: Remote\n code execution. CVE-2017-9106: &#9;Vulnerable\n applications: those that make SOA queries. Exploitable\n by: upstream DNS data sources. &#9;Likely worst case:\n DoS (crash of the adns-using application) CVE-2017-9107:\n &#9;Vulnerable applications: those that use\n adns_qf_quoteok_query. Exploitable by: sources of query\n domain names. &#9;Likely worst case: DoS (crash of the\n adns-using application) CVE-2017-9108: &#9;Vulnerable\n applications: adnshost. Exploitable by: code responsible\n for framing the input. Likely worst case: DoS (adnshost\n crashes at EOF). All found by AFL 2.35b. Thanks to the\n University of Cambridge Department of Applied\n Mathematics for computing facilities.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-e59bcaf702\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected adns package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:adns\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"adns-1.6.0-1.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"adns\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-12-09T20:13:38", "description": "An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \\, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T14:15:00", "title": "CVE-2017-9107", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9107"], "modified": "2020-07-02T03:15:00", "cpe": [], "id": "CVE-2017-9107", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9107", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T20:13:38", "description": "An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T14:15:00", "title": "CVE-2017-9108", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9108"], "modified": "2020-07-02T03:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1"], "id": "CVE-2017-9108", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9108", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:38", "description": "An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-18T14:15:00", "title": "CVE-2017-9109", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9109"], "modified": "2020-07-02T03:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1"], "id": "CVE-2017-9109", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9109", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:38", "description": "An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-18T14:15:00", "title": "CVE-2017-9106", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9106"], "modified": "2020-07-02T03:15:00", "cpe": [], "id": "CVE-2017-9106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9106", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T20:13:38", "description": "An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-18T14:15:00", "title": "CVE-2017-9105", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9105"], "modified": "2020-07-02T03:15:00", "cpe": [], "id": "CVE-2017-9105", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9105", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2020-12-09T20:13:38", "description": "An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-18T15:15:00", "title": "CVE-2017-9104", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9104"], "modified": "2020-07-02T03:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1"], "id": "CVE-2017-9104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9104", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:13:38", "description": "An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-18T15:15:00", "title": "CVE-2017-9103", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-9103"], "modified": "2020-07-02T03:15:00", "cpe": ["cpe:/o:opensuse:leap:15.1"], "id": "CVE-2017-9103", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9103", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"]}]}