Mandriva Update for bind MDKSA-2007:030 (bind)

Mandriva Update for bind MDKSA-2007:030 (bind) - Use-after-free and Denial of Service vulnerabilitie

Reporter	Title	Published	Views	Family All 81
Tenable Nessus	AIX 5.3 TL 6 : bos.net.tcp.client (U800591)	13 Mar 201300:00	–	nessus
Tenable Nessus	AIX 5.2 TL 10 : bos.net.tcp.client (U803849)	13 Mar 201300:00	–	nessus
Tenable Nessus	AIX 5.3 TL 7 : bos.net.tcp.client (U804534)	13 Mar 201300:00	–	nessus
Tenable Nessus	ISC BIND Crafted ANY Request Response Multiple RRsets DoS	19 Jan 201200:00	–	nessus
Tenable Nessus	CentOS 3 / 4 : bind (CESA-2007:0044)	9 Feb 200700:00	–	nessus
Tenable Nessus	Debian DSA-1254-1 : bind9 - insufficient input sanitising	9 Feb 200700:00	–	nessus
Tenable Nessus	Fedora Core 6 : bind-9.3.4-1.fc6 (2007-147)	9 Feb 200700:00	–	nessus
Tenable Nessus	Fedora Core 5 : bind-9.3.4-1.fc5 (2007-164)	9 Feb 200700:00	–	nessus
Tenable Nessus	FreeBSD : bind -- Multiple Denial of Service vulnerabilities (3cb6f059-c69d-11db-9f82-000e0c2e438a)	28 Feb 200700:00	–	nessus
Tenable Nessus	GLSA-200702-06 : BIND: Denial of Service	18 Feb 200700:00	–	nessus

Source	Link
lists	www.lists.mandriva.com/security-announce/2007-01/msg00044.php

###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for bind MDKSA-2007:030 (bind)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up
  to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum
  only) allows remote attackers to cause a denial of service (named
  daemon crash) via unspecified vectors that cause named to &quot;dereference
  a freed fetch context.&quot; (CVE-2007-0493)

  ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up
  to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum
  only) allows remote attackers to cause a denial of service (exit) via a
  type * (ANY) DNS query response that contains multiple RRsets, which
  triggers an assertion error. (CVE-2007-0494)
  
  The updated packages have been patched to correct these issues.";

tag_affected = "bind on Mandriva Linux 2006.0,
  Mandriva Linux 2006.0/X86_64,
  Mandriva Linux 2007.0,
  Mandriva Linux 2007.0/X86_64";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2007-01/msg00044.php");
  script_id(830047);
  script_version("$Revision: 6568 $");
  script_tag(name:"last_modification", value:"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $");
  script_tag(name:"creation_date", value:"2009-04-09 13:53:01 +0200 (Thu, 09 Apr 2009)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_xref(name: "MDKSA", value: "2007:030");
  script_cve_id("CVE-2007-0493", "CVE-2007-0494");
  script_name( "Mandriva Update for bind MDKSA-2007:030 (bind)");

  script_summary("Check for the Version of bind");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("Mandrake Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "MNDK_2007.0")
{

  if ((res = isrpmvuln(pkg:"bind", rpm:"bind~9.3.2~8.2mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.3.2~8.2mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.3.2~8.2mdv2007.0", rls:"MNDK_2007.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}


if(release == "MNDK_2006.0")
{

  if ((res = isrpmvuln(pkg:"bind", rpm:"bind~9.3.1~4.3.20060mdk", rls:"MNDK_2006.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.3.1~4.3.20060mdk", rls:"MNDK_2006.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.3.1~4.3.20060mdk", rls:"MNDK_2006.0")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}

06 Jul 2017 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.41543