Lucene search
HistoryJul 30, 2012 - 12:00 a.m.
CentOS Update for bind CESA-2012:0716 centos6

2012-07-3000:00:00
plugins.openvas.org
0.94 High
EPSS
Percentile
98.9%
JSON
Check for the Version of bind
###############################################################################
# OpenVAS Vulnerability Test
#
# CentOS Update for bind CESA-2012:0716 centos6 
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
  Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
  library (routines for applications to use when interfacing with DNS); and
  tools for verifying that the DNS server is operating correctly.

  A flaw was found in the way BIND handled zero length resource data records.
  A malicious owner of a DNS domain could use this flaw to create
  specially-crafted DNS resource records that would cause a recursive
  resolver or secondary server to crash or, possibly, disclose portions of
  its memory. (CVE-2012-1667)
  
  A flaw was found in the way BIND handled the updating of cached name server
  (NS) resource records. A malicious owner of a DNS domain could use this
  flaw to keep the domain resolvable by the BIND server even after the
  delegation was removed from the parent DNS zone. With this update, BIND
  limits the time-to-live of the replacement record to that of the
  time-to-live of the record being replaced. (CVE-2012-1033)
  
  Users of bind are advised to upgrade to these updated packages, which
  correct these issues. After installing the update, the BIND daemon (named)
  will be restarted automatically.";

tag_affected = "bind on CentOS 6";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_xref(name : "URL" , value : "http://lists.centos.org/pipermail/centos-announce/2012-June/018675.html");
  script_id(881077);
  script_version("$Revision: 8245 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $");
  script_tag(name:"creation_date", value:"2012-07-30 16:01:37 +0530 (Mon, 30 Jul 2012)");
  script_cve_id("CVE-2012-1033", "CVE-2012-1667");
  script_tag(name:"cvss_base", value:"8.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:C");
  script_xref(name: "CESA", value: "2012:0716");
  script_name("CentOS Update for bind CESA-2012:0716 centos6 ");

  script_tag(name: "summary" , value: "Check for the Version of bind");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("CentOS Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/centos", "ssh/login/rpms");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");

res = "";
if(release == NULL){
  exit(0);
}

if(release == "CentOS6")
{

  if ((res = isrpmvuln(pkg:"bind", rpm:"bind~9.7.3~8.P3.el6_2.3", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-chroot", rpm:"bind-chroot~9.7.3~8.P3.el6_2.3", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.7.3~8.P3.el6_2.3", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-libs", rpm:"bind-libs~9.7.3~8.P3.el6_2.3", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-sdb", rpm:"bind-sdb~9.7.3~8.P3.el6_2.3", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.7.3~8.P3.el6_2.3", rls:"CentOS6")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}
References

2012:0716
lists.centos.org/pipermail/centos-announce/2012-June/018675.html