(RHSA-2019:1492) Important: bind security update

2019-06-17T12:20:14

Description

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Package

OS	OS Version	Package Name	Package Version
RedHat	6	bind-debuginfo	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-sdb	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-chroot	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-debuginfo	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-sdb	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-libs	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-chroot	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-chroot	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-chroot	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-sdb	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-debuginfo	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-devel	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-libs	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-sdb	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-debuginfo	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-utils	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-devel	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-utils	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-libs	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-debuginfo	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-devel	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-utils	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-devel	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-devel	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-debuginfo	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-libs	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-libs	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-libs	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-utils	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind-devel	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind	9.8.2-0.68.rc1.el6_10.3
RedHat	6	bind	9.8.2-0.68.rc1.el6_10.3

{"id": "RHSA-2019:1492", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2019:1492) Important: bind security update", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2019-06-17T12:20:14", "modified": "2019-06-17T12:34:21", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://access.redhat.com/errata/RHSA-2019:1492", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2018-5743"], "immutableFields": [], "lastseen": "2021-10-19T20:40:55", "viewCount": 149, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2018-5743"]}, {"type": "amazon", "idList": ["ALAS-2019-1244", "ALAS2-2019-1231"]}, {"type": "centos", "idList": ["CESA-2019:1294", "CESA-2019:1492"]}, {"type": "cisa", "idList": ["CISA:31A9423F65C396263BEB65CAE22F1B69"]}, {"type": "cve", "idList": ["CVE-2018-5743"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1859-1:5A253", "DEBIAN:DSA-4440-1:DE2A1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-5743"]}, {"type": "f5", "idList": ["F5:K74009656"]}, {"type": "fedora", "idList": ["FEDORA:0C9E6604E7C5", "FEDORA:23EF6608C00F", "FEDORA:2EED9608C00F", "FEDORA:5E78E608FD00", "FEDORA:619C3604E7E5", "FEDORA:7BEB760AAB1E", "FEDORA:81469604E7E9", "FEDORA:9F86B604E849", "FEDORA:A45AD604D0C6", "FEDORA:BF4FB6291CB6"]}, {"type": "ibm", "idList": ["05DE1EFB30D692110AB36D7BB5C4B38E9ABAD670DF4D0E8931A22F173557C1C5", "E817E7CC83FE8715306D28C653DB646FDADE31AB5B2E6D0633EF4C1838CEC408"]}, {"type": "mageia", "idList": ["MGASA-2019-0299"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1231.NASL", "ALA_ALAS-2019-1244.NASL", "BIND9_CVE-2018-5743.NASL", "CENTOS_RHSA-2019-1294.NASL", "CENTOS_RHSA-2019-1492.NASL", "DEBIAN_DLA-1859.NASL", "DEBIAN_DSA-4440.NASL", "EULEROS_SA-2019-1641.NASL", "EULEROS_SA-2019-1664.NASL", "EULEROS_SA-2019-1704.NASL", "EULEROS_SA-2019-1730.NASL", "EULEROS_SA-2019-2040.NASL", "F5_BIGIP_SOL74009656.NASL", "FEDORA_2019-F791948895.NASL", "NEWSTART_CGSL_NS-SA-2019-0087_BIND.NASL", "NEWSTART_CGSL_NS-SA-2019-0158_BIND.NASL", "NEWSTART_CGSL_NS-SA-2019-0167_BIND.NASL", "NEWSTART_CGSL_NS-SA-2019-0174_BIND.NASL", "OPENSUSE-2019-1532.NASL", "OPENSUSE-2019-1533.NASL", "ORACLELINUX_ELSA-2019-1145.NASL", "ORACLELINUX_ELSA-2019-1294.NASL", "ORACLELINUX_ELSA-2019-1492.NASL", "ORACLEVM_OVMSA-2019-0027.NASL", "ORACLEVM_OVMSA-2020-0021.NASL", "REDHAT-RHSA-2019-1145.NASL", "REDHAT-RHSA-2019-1294.NASL", "REDHAT-RHSA-2019-1492.NASL", "REDHAT-RHSA-2019-2698.NASL", "REDHAT-RHSA-2019-2977.NASL", "SLACKWARE_SSA_2019-116-01.NASL", "SL_20190529_BIND_ON_SL7_X.NASL", "SL_20190617_BIND_ON_SL6_X.NASL", "SUSE_SU-2019-1407-1.NASL", "SUSE_SU-2019-14074-1.NASL", "SUSE_SU-2019-1449-1.NASL", "SUSE_SU-2019-2502-1.NASL", "UBUNTU_USN-3956-1.NASL", "UBUNTU_USN-3956-2.NASL", "VIRTUOZZO_VZLSA-2019-1492.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142320", "OPENVAS:1361412562310142321", "OPENVAS:1361412562310143161", "OPENVAS:1361412562310143162", "OPENVAS:1361412562310704440", "OPENVAS:1361412562310843989", "OPENVAS:1361412562310852551", "OPENVAS:1361412562310852553", "OPENVAS:1361412562310875746", "OPENVAS:1361412562310876125", "OPENVAS:1361412562310876156", "OPENVAS:1361412562310876171", "OPENVAS:1361412562310876458", "OPENVAS:1361412562310876460", "OPENVAS:1361412562310876461", "OPENVAS:1361412562310876462", "OPENVAS:1361412562310876596", "OPENVAS:1361412562310877080", "OPENVAS:1361412562310883062", "OPENVAS:1361412562310883067", "OPENVAS:1361412562310891859", "OPENVAS:1361412562311220191641", "OPENVAS:1361412562311220191664", "OPENVAS:1361412562311220191704", "OPENVAS:1361412562311220191730", "OPENVAS:1361412562311220192040"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1145", "ELSA-2019-1294", "ELSA-2019-1492", "ELSA-2019-2057"]}, {"type": "osv", "idList": ["OSV:DLA-1859-1", "OSV:DSA-4440-1"]}, {"type": "photon", "idList": ["PHSA-2019-0199", "PHSA-2020-0049", "PHSA-2020-0264"]}, {"type": "redhat", "idList": ["RHSA-2019:1145", "RHSA-2019:1294", "RHSA-2019:2698", "RHSA-2019:2977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-5743", "RH:CVE-2019-6477"]}, {"type": "slackware", "idList": ["SSA-2019-116-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1532-1", "OPENSUSE-SU-2019:1533-1"]}, {"type": "ubuntu", "idList": ["USN-3956-1", "USN-3956-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5743"]}]}, "score": {"value": 1.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2018-5743"]}, {"type": "amazon", "idList": ["ALAS-2019-1244", "ALAS2-2019-1231"]}, {"type": "centos", "idList": ["CESA-2019:1294", "CESA-2019:1492"]}, {"type": "cisa", "idList": ["CISA:31A9423F65C396263BEB65CAE22F1B69"]}, {"type": "cve", "idList": ["CVE-2018-5743"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1859-1:5A253", "DEBIAN:DSA-4440-1:DE2A1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-5743"]}, {"type": "f5", "idList": ["F5:K74009656"]}, {"type": "fedora", "idList": ["FEDORA:0C9E6604E7C5", "FEDORA:23EF6608C00F", "FEDORA:2EED9608C00F", "FEDORA:5E78E608FD00", "FEDORA:619C3604E7E5", "FEDORA:7BEB760AAB1E", "FEDORA:81469604E7E9", "FEDORA:9F86B604E849", "FEDORA:A45AD604D0C6", "FEDORA:BF4FB6291CB6"]}, {"type": "ibm", "idList": ["05DE1EFB30D692110AB36D7BB5C4B38E9ABAD670DF4D0E8931A22F173557C1C5"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310704440", "OPENVAS:1361412562310843989", "OPENVAS:1361412562310852551", "OPENVAS:1361412562310852553", "OPENVAS:1361412562310875746", "OPENVAS:1361412562310876125", "OPENVAS:1361412562310876156", "OPENVAS:1361412562310876171", "OPENVAS:1361412562310876458", "OPENVAS:1361412562310876460", "OPENVAS:1361412562310876461", "OPENVAS:1361412562310876462", "OPENVAS:1361412562310876596", "OPENVAS:1361412562310883062", "OPENVAS:1361412562310883067", "OPENVAS:1361412562310891859"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1294", "ELSA-2019-1492"]}, {"type": "photon", "idList": ["PHSA-2019-0199", "PHSA-2020-0049", "PHSA-2020-0264"]}, {"type": "redhat", "idList": ["RHSA-2019:2977"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-6477"]}, {"type": "slackware", "idList": ["SSA-2019-116-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1532-1", "OPENSUSE-SU-2019:1533-1"]}, {"type": "ubuntu", "idList": ["USN-3956-1", "USN-3956-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-5743"]}]}, "exploitation": null, "vulnersScore": 1.1}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm", "operator": "lt", "packageName": "bind-debuginfo"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-sdb-9.8.2-0.68.rc1.el6_10.3.s390x.rpm", "operator": "lt", "packageName": "bind-sdb"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm", "operator": "lt", "packageName": "bind-chroot"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.s390.rpm", "operator": "lt", "packageName": "bind-debuginfo"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-sdb-9.8.2-0.68.rc1.el6_10.3.i686.rpm", "operator": "lt", "packageName": "bind-sdb"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-libs-9.8.2-0.68.rc1.el6_10.3.s390.rpm", "operator": "lt", "packageName": "bind-libs"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-chroot-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm", "operator": "lt", "packageName": "bind-chroot"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-chroot-9.8.2-0.68.rc1.el6_10.3.i686.rpm", "operator": "lt", "packageName": "bind-chroot"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-chroot-9.8.2-0.68.rc1.el6_10.3.s390x.rpm", "operator": "lt", "packageName": "bind-chroot"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-sdb-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm", "operator": "lt", "packageName": "bind-sdb"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.s390x.rpm", "operator": "lt", "packageName": "bind-debuginfo"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm", "operator": "lt", "packageName": "bind-devel"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-libs-9.8.2-0.68.rc1.el6_10.3.s390x.rpm", "operator": "lt", "packageName": "bind-libs"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-sdb-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm", "operator": "lt", "packageName": "bind-sdb"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.ppc.rpm", "operator": "lt", "packageName": "bind-debuginfo"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-utils-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm", "operator": "lt", "packageName": "bind-utils"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-devel-9.8.2-0.68.rc1.el6_10.3.ppc.rpm", "operator": "lt", "packageName": "bind-devel"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-utils-9.8.2-0.68.rc1.el6_10.3.i686.rpm", "operator": "lt", "packageName": "bind-utils"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm", "operator": "lt", "packageName": "bind-libs"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm", "operator": "lt", "packageName": "bind-debuginfo"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-devel-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm", "operator": "lt", "packageName": "bind-devel"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-utils-9.8.2-0.68.rc1.el6_10.3.s390x.rpm", "operator": "lt", "packageName": "bind-utils"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-devel-9.8.2-0.68.rc1.el6_10.3.s390x.rpm", "operator": "lt", "packageName": "bind-devel"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-devel-9.8.2-0.68.rc1.el6_10.3.s390.rpm", "operator": "lt", "packageName": "bind-devel"}, {"OS": "RedHat", "OSVersion": "6", "arch": "s390x", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-9.8.2-0.68.rc1.el6_10.3.s390x.rpm", "operator": "lt", "packageName": "bind"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm", "operator": "lt", "packageName": "bind-debuginfo"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm", "operator": "lt", "packageName": "bind-libs"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-libs-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm", "operator": "lt", "packageName": "bind-libs"}, {"OS": "RedHat", "OSVersion": "6", "arch": "src", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-9.8.2-0.68.rc1.el6_10.3.src.rpm", "operator": "lt", "packageName": "bind"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-libs-9.8.2-0.68.rc1.el6_10.3.ppc.rpm", "operator": "lt", "packageName": "bind-libs"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm", "operator": "lt", "packageName": "bind"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm", "operator": "lt", "packageName": "bind-utils"}, {"OS": "RedHat", "OSVersion": "6", "arch": "x86_64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm", "operator": "lt", "packageName": "bind-devel"}, {"OS": "RedHat", "OSVersion": "6", "arch": "ppc64", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm", "operator": "lt", "packageName": "bind"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "9.8.2-0.68.rc1.el6_10.3", "packageFilename": "bind-9.8.2-0.68.rc1.el6_10.3.i686.rpm", "operator": "lt", "packageName": "bind"}], "vendorCvss": {"severity": "important"}, "_state": {"dependencies": 1659988328, "score": 1659981696}, "_internal": {"score_hash": "05dab58164c37d01d188d02e748b7275"}}

{"nessus": [{"lastseen": "2023-01-11T14:52:01", "description": "New bind packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-29T00:00:00", "type": "nessus", "title": "Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2019-116-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:bind", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-116-01.NASL", "href": "https://www.tenable.com/plugins/nessus/124354", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-116-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124354);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"SSA\", value:\"2019-116-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : bind (SSA:2019-116-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New bind packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.433443\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0c801d28\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"bind\", pkgver:\"9.11.6_P1\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.11.6_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"bind\", pkgver:\"9.11.6_P1\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.11.6_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"bind\", pkgver:\"9.11.6_P1\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.11.6_P1\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"bind\", pkgver:\"9.14.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"bind\", pkgver:\"9.14.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:23:46", "description": "From Red Hat Security Advisory 2019:1145 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : bind (ELSA-2019-1145)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind", "p-cpe:/a:oracle:linux:bind-chroot", "p-cpe:/a:oracle:linux:bind-devel", "p-cpe:/a:oracle:linux:bind-export-devel", "p-cpe:/a:oracle:linux:bind-export-libs", "p-cpe:/a:oracle:linux:bind-libs", "p-cpe:/a:oracle:linux:bind-libs-lite", "p-cpe:/a:oracle:linux:bind-license", "p-cpe:/a:oracle:linux:bind-lite-devel", "p-cpe:/a:oracle:linux:bind-pkcs11", "p-cpe:/a:oracle:linux:bind-pkcs11-devel", "p-cpe:/a:oracle:linux:bind-pkcs11-libs", "p-cpe:/a:oracle:linux:bind-pkcs11-utils", "p-cpe:/a:oracle:linux:bind-sdb", "p-cpe:/a:oracle:linux:bind-sdb-chroot", "p-cpe:/a:oracle:linux:bind-utils", "p-cpe:/a:oracle:linux:python3-bind", "cpe:/o:oracle:linux:8"], "id": "ORACLELINUX_ELSA-2019-1145.NASL", "href": "https://www.tenable.com/plugins/nessus/127580", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1145 and \n# Oracle Linux Security Advisory ELSA-2019-1145 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127580);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1145\");\n\n script_name(english:\"Oracle Linux 8 : bind (ELSA-2019-1145)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1145 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-August/008965.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-chroot-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-devel-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-export-devel-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-export-libs-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-libs-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-license-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-sdb-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"bind-utils-9.11.4-17.P2.el8_0\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"python3-bind-9.11.4-17.P2.el8_0\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-export-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:25:30", "description": "The remote NewStart CGSL host, running version MAIN 4.06, has bind packages installed that are affected by a vulnerability: Note that Nessus has not tested for this issue but has instead relied only on the application's self- reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.06 : bind Vulnerability (NS-SA-2019-0174)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0174_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/128699", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0174. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128699);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"NewStart CGSL MAIN 4.06 : bind Vulnerability (NS-SA-2019-0174)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.06, has bind packages installed that are affected by a\nvulnerability: Note that Nessus has not tested for this issue but has instead relied only on the application's self-\nreported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0174\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.06\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.06');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.06\": [\n \"bind-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-chroot-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-debuginfo-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-devel-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-libs-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-sdb-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-utils-9.8.2-0.68.rc1.el6_10.3\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:53", "description": "A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-26T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : bind (ALAS-2019-1244)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bind", "p-cpe:/a:amazon:linux:bind-chroot", "p-cpe:/a:amazon:linux:bind-debuginfo", "p-cpe:/a:amazon:linux:bind-devel", "p-cpe:/a:amazon:linux:bind-libs", "p-cpe:/a:amazon:linux:bind-sdb", "p-cpe:/a:amazon:linux:bind-utils", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1244.NASL", "href": "https://www.tenable.com/plugins/nessus/127072", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1244.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127072);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/06\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"ALAS\", value:\"2019-1244\");\n\n script_name(english:\"Amazon Linux AMI : bind (ALAS-2019-1244)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way bind implemented tunable which limited\nsimultaneous TCP client connections. A remote attacker could use this\nflaw to exhaust the pool of file descriptors available to named,\npotentially affecting network connections and the management of files\nsuch as log files or zone journal files. In cases where the named\nprocess is not limited by OS-enforced per-process limits, this could\nadditionally potentially lead to exhaustion of all available free file\ndescriptors on that system. (CVE-2018-5743)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1244.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update bind' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"bind-9.8.2-0.68.rc1.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-chroot-9.8.2-0.68.rc1.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-debuginfo-9.8.2-0.68.rc1.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-devel-9.8.2-0.68.rc1.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-libs-9.8.2-0.68.rc1.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-sdb-9.8.2-0.68.rc1.60.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"bind-utils-9.8.2-0.68.rc1.60.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:17:56", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : bind (EulerOS-SA-2019-1664)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-pkcs11-libs", "p-cpe:/a:huawei:euleros:bind-pkcs11-utils", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1664.NASL", "href": "https://www.tenable.com/plugins/nessus/126291", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126291);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5743\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : bind (EulerOS-SA-2019-1664)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A flaw was found in the way bind implemented tunable\n which limited simultaneous TCP client connections. A\n remote attacker could use this flaw to exhaust the pool\n of file descriptors available to named, potentially\n affecting network connections and the management of\n files such as log files or zone journal files. In cases\n where the named process is not limited by OS-enforced\n per-process limits, this could additionally potentially\n lead to exhaustion of all available free file\n descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1664\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b607536b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-chroot-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-libs-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-libs-lite-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-license-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-pkcs11-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-pkcs11-libs-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-pkcs11-utils-9.9.4-61.1.h4.eulerosv2r7\",\n \"bind-utils-9.9.4-61.1.h4.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:18:07", "description": "An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "RHEL 6 : bind (RHSA-2019:1492)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-1492.NASL", "href": "https://www.tenable.com/plugins/nessus/125978", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1492. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125978);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1492\");\n\n script_name(english:\"RHEL 6 : bind (RHSA-2019:1492)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5743\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1492\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-chroot-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-chroot-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-chroot-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bind-debuginfo-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bind-devel-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-sdb-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-sdb-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-sdb-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:19:14", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : bind (EulerOS-SA-2019-1730)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-pkcs11-libs", "p-cpe:/a:huawei:euleros:bind-pkcs11-utils", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1730.NASL", "href": "https://www.tenable.com/plugins/nessus/126857", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126857);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5743\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : bind (EulerOS-SA-2019-1730)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A flaw was found in the way bind implemented tunable\n which limited simultaneous TCP client connections. A\n remote attacker could use this flaw to exhaust the pool\n of file descriptors available to named, potentially\n affecting network connections and the management of\n files such as log files or zone journal files. In cases\n where the named process is not limited by OS-enforced\n per-process limits, this could additionally potentially\n lead to exhaustion of all available free file\n descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1730\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8bef1282\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.9.4-61.1.h3\",\n \"bind-chroot-9.9.4-61.1.h3\",\n \"bind-libs-9.9.4-61.1.h3\",\n \"bind-libs-lite-9.9.4-61.1.h3\",\n \"bind-license-9.9.4-61.1.h3\",\n \"bind-pkcs11-9.9.4-61.1.h3\",\n \"bind-pkcs11-libs-9.9.4-61.1.h3\",\n \"bind-pkcs11-utils-9.9.4-61.1.h3\",\n \"bind-utils-9.9.4-61.1.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:28:53", "description": "An update for bind is now available for Red Hat Enterprise Linux 7.5 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-09T00:00:00", "type": "nessus", "title": "RHEL 7 : bind (RHSA-2019:2977)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:7.5"], "id": "REDHAT-RHSA-2019-2977.NASL", "href": "https://www.tenable.com/plugins/nessus/129739", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2977. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129739);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/12/19\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:2977\");\n\n script_name(english:\"RHEL 7 : bind (RHSA-2019:2977)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 7.5\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5743\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2977\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"bind-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"bind-chroot-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-debuginfo-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-devel-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-libs-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-libs-lite-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-license-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-lite-devel-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"bind-pkcs11-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-pkcs11-devel-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", reference:\"bind-pkcs11-libs-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"bind-sdb-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"s390x\", reference:\"bind-utils-9.9.4-61.el7_5.2\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"5\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-61.el7_5.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:16", "description": "According to the version of the bind packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - Contains license of the BIND DNS suite. Security Fix(es):By design, BIND is intended to limit the number of TCP clients that can be connected at any given time.\n The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2019-1704)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1704.NASL", "href": "https://www.tenable.com/plugins/nessus/126546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126546);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5743\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : bind (EulerOS-SA-2019-1704)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - Contains license of the BIND DNS suite. Security\n Fix(es):By design, BIND is intended to limit the number\n of TCP clients that can be connected at any given time.\n The number of allowed connections is a tunable\n parameter which, if unset, defaults to a conservative\n value for most servers. Unfortunately, the code which\n was intended to limit the number of simultaneous\n connections contained an error which could be exploited\n to grow the number of simultaneous connections beyond\n this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1,\n 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9\n Supported Preview Edition versions 9.9.3-S1 ->\n 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of\n the 9.13 development branch are also affected. Versions\n prior to BIND 9.9.0 have not been evaluated for\n vulnerability to CVE-2018-5743.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1704\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c829d50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-libs-9.9.4-61.1.h4\",\n \"bind-libs-lite-9.9.4-61.1.h4\",\n \"bind-license-9.9.4-61.1.h4\",\n \"bind-utils-9.9.4-61.1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:17:13", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-1641)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-export-devel", "p-cpe:/a:huawei:euleros:bind-export-libs", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-pkcs11-libs", "p-cpe:/a:huawei:euleros:bind-pkcs11-utils", "p-cpe:/a:huawei:euleros:bind-utils", "p-cpe:/a:huawei:euleros:python3-bind", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1641.NASL", "href": "https://www.tenable.com/plugins/nessus/126268", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126268);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5743\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : bind (EulerOS-SA-2019-1641)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A flaw was found in the way bind implemented tunable\n which limited simultaneous TCP client connections. A\n remote attacker could use this flaw to exhaust the pool\n of file descriptors available to named, potentially\n affecting network connections and the management of\n files such as log files or zone journal files. In cases\n where the named process is not limited by OS-enforced\n per-process limits, this could additionally potentially\n lead to exhaustion of all available free file\n descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1641\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c00d6be\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-chroot-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-export-devel-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-export-libs-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-libs-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-libs-lite-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-license-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-pkcs11-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-pkcs11-libs-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-pkcs11-utils-9.11.4-10.P2.h7.eulerosv2r8\",\n \"bind-utils-9.11.4-10.P2.h7.eulerosv2r8\",\n \"python3-bind-9.11.4-10.P2.h7.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:18:29", "description": "An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "CentOS 6 : bind (CESA-2019:1492)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-chroot", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-utils", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-1492.NASL", "href": "https://www.tenable.com/plugins/nessus/126008", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1492 and \n# CentOS Errata and Security Advisory 2019:1492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126008);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1492\");\n\n script_name(english:\"CentOS 6 : bind (CESA-2019:1492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-June/023331.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b4cbe17\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5743\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-chroot-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-devel-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-sdb-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-sdb / bind-utils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:24", "description": "A vulnerability was found in the Bind DNS Server. Limits on simultaneous tcp connections have not been enforced correctly and could lead to exhaustion of file descriptors. In the worst case this could affect the file descriptors of the whole system.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 1:9.9.5.dfsg-9+deb8u18.\n\nWe recommend that you upgrade your bind9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "Debian DLA-1859-1 : bind9 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "p-cpe:/a:debian:debian_linux:bind9-doc", "p-cpe:/a:debian:debian_linux:bind9-host", "p-cpe:/a:debian:debian_linux:bind9utils", "p-cpe:/a:debian:debian_linux:dnsutils", "p-cpe:/a:debian:debian_linux:host", "p-cpe:/a:debian:debian_linux:libbind-dev", "p-cpe:/a:debian:debian_linux:libbind-export-dev", "p-cpe:/a:debian:debian_linux:libbind9-90", "p-cpe:/a:debian:debian_linux:libdns-export100", "p-cpe:/a:debian:debian_linux:libdns-export100-udeb", "p-cpe:/a:debian:debian_linux:libdns100", "p-cpe:/a:debian:debian_linux:libirs-export91", "p-cpe:/a:debian:debian_linux:libirs-export91-udeb", "p-cpe:/a:debian:debian_linux:libisc-export95", "p-cpe:/a:debian:debian_linux:libisc-export95-udeb", "p-cpe:/a:debian:debian_linux:libisc95", "p-cpe:/a:debian:debian_linux:libisccc90", "p-cpe:/a:debian:debian_linux:libisccfg-export90", "p-cpe:/a:debian:debian_linux:libisccfg-export90-udeb", "p-cpe:/a:debian:debian_linux:libisccfg90", "p-cpe:/a:debian:debian_linux:liblwres90", "p-cpe:/a:debian:debian_linux:lwresd", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1859.NASL", "href": "https://www.tenable.com/plugins/nessus/126836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1859-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126836);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"Debian DLA-1859-1 : bind9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found in the Bind DNS Server. Limits on\nsimultaneous tcp connections have not been enforced correctly and\ncould lead to exhaustion of file descriptors. In the worst case this\ncould affect the file descriptors of the whole system.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1:9.9.5.dfsg-9+deb8u18.\n\nWe recommend that you upgrade your bind9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/bind9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dnsutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind-export-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbind9-90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns-export100\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns-export100-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libdns100\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libirs-export91\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libirs-export91-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc-export95\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc-export95-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisc95\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccc90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg-export90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg-export90-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libisccfg90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblwres90\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"bind9\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-doc\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9-host\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"bind9utils\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"dnsutils\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"host\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-dev\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind-export-dev\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libbind9-90\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns-export100-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libdns100\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libirs-export91-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc-export95-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisc95\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccc90\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg-export90-udeb\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"libisccfg90\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"liblwres90\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"lwresd\", reference:\"1:9.9.5.dfsg-9+deb8u18\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:17:24", "description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "CentOS 7 : bind (CESA-2019:1294)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bind", "p-cpe:/a:centos:centos:bind-chroot", "p-cpe:/a:centos:centos:bind-devel", "p-cpe:/a:centos:centos:bind-libs", "p-cpe:/a:centos:centos:bind-libs-lite", "p-cpe:/a:centos:centos:bind-license", "p-cpe:/a:centos:centos:bind-lite-devel", "p-cpe:/a:centos:centos:bind-pkcs11", "p-cpe:/a:centos:centos:bind-pkcs11-devel", "p-cpe:/a:centos:centos:bind-pkcs11-libs", "p-cpe:/a:centos:centos:bind-pkcs11-utils", "p-cpe:/a:centos:centos:bind-sdb", "p-cpe:/a:centos:centos:bind-sdb-chroot", "p-cpe:/a:centos:centos:bind-utils", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-1294.NASL", "href": "https://www.tenable.com/plugins/nessus/125801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1294 and \n# CentOS Errata and Security Advisory 2019:1294 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125801);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1294\");\n\n script_name(english:\"CentOS 7 : bind (CESA-2019:1294)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-June/023321.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f35ea8cd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5743\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-license-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-74.el7_6.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-libs-lite / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:17:39", "description": "From Red Hat Security Advisory 2019:1492 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : bind (ELSA-2019-1492)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind", "p-cpe:/a:oracle:linux:bind-chroot", "p-cpe:/a:oracle:linux:bind-devel", "p-cpe:/a:oracle:linux:bind-libs", "p-cpe:/a:oracle:linux:bind-sdb", "p-cpe:/a:oracle:linux:bind-utils", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2019-1492.NASL", "href": "https://www.tenable.com/plugins/nessus/126024", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1492 and \n# Oracle Linux Security Advisory ELSA-2019-1492 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126024);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1492\");\n\n script_name(english:\"Oracle Linux 6 : bind (ELSA-2019-1492)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1492 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-June/008840.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"bind-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-chroot-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-devel-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-sdb-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-sdb / bind-utils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:17:15", "description": "Security Fix(es) :\n\n - bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-18T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20190617)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190617_BIND_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125979", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125979);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20190617)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - bind: Limiting simultaneous TCP clients is ineffective\n (CVE-2018-5743)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1906&L=SCIENTIFIC-LINUX-ERRATA&P=1048\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d51f6d66\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"bind-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-chroot-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-debuginfo-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-devel-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-sdb-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:17:57", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Use only selected documentation files\n\n - Fix (CVE-2018-5743)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bind (OVMSA-2019-0027)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2019-0027.NASL", "href": "https://www.tenable.com/plugins/nessus/126021", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0027.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126021);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bind (OVMSA-2019-0027)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Use only selected documentation files\n\n - Fix (CVE-2018-5743)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000946.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000947.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.3\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:20:26", "description": "A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : bind (ALAS-2019-1231)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-08T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bind", "p-cpe:/a:amazon:linux:bind-chroot", "p-cpe:/a:amazon:linux:bind-debuginfo", "p-cpe:/a:amazon:linux:bind-devel", "p-cpe:/a:amazon:linux:bind-libs", "p-cpe:/a:amazon:linux:bind-libs-lite", "p-cpe:/a:amazon:linux:bind-license", "p-cpe:/a:amazon:linux:bind-lite-devel", "p-cpe:/a:amazon:linux:bind-pkcs11", "p-cpe:/a:amazon:linux:bind-pkcs11-devel", "p-cpe:/a:amazon:linux:bind-pkcs11-libs", "p-cpe:/a:amazon:linux:bind-pkcs11-utils", "p-cpe:/a:amazon:linux:bind-sdb", "p-cpe:/a:amazon:linux:bind-sdb-chroot", "p-cpe:/a:amazon:linux:bind-utils", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1231.NASL", "href": "https://www.tenable.com/plugins/nessus/126384", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1231.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126384);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/08\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"ALAS\", value:\"2019-1231\");\n\n script_name(english:\"Amazon Linux 2 : bind (ALAS-2019-1231)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way bind implemented tunable which limited\nsimultaneous TCP client connections. A remote attacker could use this\nflaw to exhaust the pool of file descriptors available to named,\npotentially affecting network connections and the management of files\nsuch as log files or zone journal files. In cases where the named\nprocess is not limited by OS-enforced per-process limits, this could\nadditionally potentially lead to exhaustion of all available free file\ndescriptors on that system. (CVE-2018-5743)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1231.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update bind' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"bind-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-chroot-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-debuginfo-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-devel-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-libs-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-libs-lite-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-license-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-lite-devel-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-devel-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-libs-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-pkcs11-utils-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-sdb-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-sdb-chroot-9.9.4-74.amzn2.1.2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"bind-utils-9.9.4-74.amzn2.1.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:22:31", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by a vulnerability:\n\n - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0158)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0158_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/127437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0158. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127437);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : bind Vulnerability (NS-SA-2019-0158)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has bind packages installed that are affected by a\nvulnerability:\n\n - A flaw was found in the way bind implemented tunable\n which limited simultaneous TCP client connections. A\n remote attacker could use this flaw to exhaust the pool\n of file descriptors available to named, potentially\n affecting network connections and the management of\n files such as log files or zone journal files. In cases\n where the named process is not limited by OS-enforced\n per-process limits, this could additionally potentially\n lead to exhaustion of all available free file\n descriptors on that system. (CVE-2018-5743)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"bind-9.9.4-74.el7_6.1\",\n \"bind-chroot-9.9.4-74.el7_6.1\",\n \"bind-debuginfo-9.9.4-74.el7_6.1\",\n \"bind-devel-9.9.4-74.el7_6.1\",\n \"bind-libs-9.9.4-74.el7_6.1\",\n \"bind-libs-lite-9.9.4-74.el7_6.1\",\n \"bind-license-9.9.4-74.el7_6.1\",\n \"bind-lite-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-libs-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-utils-9.9.4-74.el7_6.1\",\n \"bind-sdb-9.9.4-74.el7_6.1\",\n \"bind-sdb-chroot-9.9.4-74.el7_6.1\",\n \"bind-utils-9.9.4-74.el7_6.1\"\n ],\n \"CGSL MAIN 5.04\": [\n \"bind-9.9.4-74.el7_6.1\",\n \"bind-chroot-9.9.4-74.el7_6.1\",\n \"bind-debuginfo-9.9.4-74.el7_6.1\",\n \"bind-devel-9.9.4-74.el7_6.1\",\n \"bind-libs-9.9.4-74.el7_6.1\",\n \"bind-libs-lite-9.9.4-74.el7_6.1\",\n \"bind-license-9.9.4-74.el7_6.1\",\n \"bind-lite-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-libs-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-utils-9.9.4-74.el7_6.1\",\n \"bind-sdb-9.9.4-74.el7_6.1\",\n \"bind-sdb-chroot-9.9.4-74.el7_6.1\",\n \"bind-utils-9.9.4-74.el7_6.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:18:21", "description": "An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-19T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2019-1492)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:bind", "p-cpe:/a:virtuozzo:virtuozzo:bind-chroot", "p-cpe:/a:virtuozzo:virtuozzo:bind-devel", "p-cpe:/a:virtuozzo:virtuozzo:bind-libs", "p-cpe:/a:virtuozzo:virtuozzo:bind-sdb", "p-cpe:/a:virtuozzo:virtuozzo:bind-utils", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZLSA-2019-1492.NASL", "href": "https://www.tenable.com/plugins/nessus/126048", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126048);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2018-5743\"\n );\n\n script_name(english:\"Virtuozzo 6 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2019-1492)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for bind is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2019-1492.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7c6c57c6\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1492\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind / bind-chroot / bind-devel / bind-libs / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.8.2-0.68.rc1.vl6.3\",\n \"bind-chroot-9.8.2-0.68.rc1.vl6.3\",\n \"bind-devel-9.8.2-0.68.rc1.vl6.3\",\n \"bind-libs-9.8.2-0.68.rc1.vl6.3\",\n \"bind-sdb-9.8.2-0.68.rc1.vl6.3\",\n \"bind-utils-9.8.2-0.68.rc1.vl6.3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:24:27", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bind packages installed that are affected by a vulnerability:\n\n - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Vulnerability (NS-SA-2019-0087)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0087_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/127303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0087. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127303);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : bind Vulnerability (NS-SA-2019-0087)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has bind packages installed that are affected by a\nvulnerability:\n\n - A flaw was found in the way bind implemented tunable\n which limited simultaneous TCP client connections. A\n remote attacker could use this flaw to exhaust the pool\n of file descriptors available to named, potentially\n affecting network connections and the management of\n files such as log files or zone journal files. In cases\n where the named process is not limited by OS-enforced\n per-process limits, this could additionally potentially\n lead to exhaustion of all available free file\n descriptors on that system. (CVE-2018-5743)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0087\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"bind-9.9.4-74.el7_6.1\",\n \"bind-chroot-9.9.4-74.el7_6.1\",\n \"bind-debuginfo-9.9.4-74.el7_6.1\",\n \"bind-devel-9.9.4-74.el7_6.1\",\n \"bind-libs-9.9.4-74.el7_6.1\",\n \"bind-libs-lite-9.9.4-74.el7_6.1\",\n \"bind-license-9.9.4-74.el7_6.1\",\n \"bind-lite-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-libs-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-utils-9.9.4-74.el7_6.1\",\n \"bind-sdb-9.9.4-74.el7_6.1\",\n \"bind-sdb-chroot-9.9.4-74.el7_6.1\",\n \"bind-utils-9.9.4-74.el7_6.1\"\n ],\n \"CGSL MAIN 5.05\": [\n \"bind-9.9.4-74.el7_6.1\",\n \"bind-chroot-9.9.4-74.el7_6.1\",\n \"bind-debuginfo-9.9.4-74.el7_6.1\",\n \"bind-devel-9.9.4-74.el7_6.1\",\n \"bind-libs-9.9.4-74.el7_6.1\",\n \"bind-libs-lite-9.9.4-74.el7_6.1\",\n \"bind-license-9.9.4-74.el7_6.1\",\n \"bind-lite-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-devel-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-libs-9.9.4-74.el7_6.1\",\n \"bind-pkcs11-utils-9.9.4-74.el7_6.1\",\n \"bind-sdb-9.9.4-74.el7_6.1\",\n \"bind-sdb-chroot-9.9.4-74.el7_6.1\",\n \"bind-utils-9.9.4-74.el7_6.1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:25:59", "description": "According to the version of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : bind (EulerOS-SA-2019-2040)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bind", "p-cpe:/a:huawei:euleros:bind-chroot", "p-cpe:/a:huawei:euleros:bind-libs", "p-cpe:/a:huawei:euleros:bind-libs-lite", "p-cpe:/a:huawei:euleros:bind-license", "p-cpe:/a:huawei:euleros:bind-pkcs11", "p-cpe:/a:huawei:euleros:bind-pkcs11-libs", "p-cpe:/a:huawei:euleros:bind-pkcs11-utils", "p-cpe:/a:huawei:euleros:bind-utils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2040.NASL", "href": "https://www.tenable.com/plugins/nessus/129233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129233);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-5743\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : bind (EulerOS-SA-2019-2040)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the bind packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - A flaw was found in the way bind implemented tunable\n which limited simultaneous TCP client connections. A\n remote attacker could use this flaw to exhaust the pool\n of file descriptors available to named, potentially\n affecting network connections and the management of\n files such as log files or zone journal files. In cases\n where the named process is not limited by OS-enforced\n per-process limits, this could additionally potentially\n lead to exhaustion of all available free file\n descriptors on that system.(CVE-2018-5743)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2040\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e2438d2f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"bind-9.9.4-61.1.h4\",\n \"bind-chroot-9.9.4-61.1.h4\",\n \"bind-libs-9.9.4-61.1.h4\",\n \"bind-libs-lite-9.9.4-61.1.h4\",\n \"bind-license-9.9.4-61.1.h4\",\n \"bind-pkcs11-9.9.4-61.1.h4\",\n \"bind-pkcs11-libs-9.9.4-61.1.h4\",\n \"bind-pkcs11-utils-9.9.4-61.1.h4\",\n \"bind-utils-9.9.4-61.1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:26:17", "description": "An update for bind is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "RHEL 7 : bind (RHSA-2019:2698)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:7.4"], "id": "REDHAT-RHSA-2019-2698.NASL", "href": "https://www.tenable.com/plugins/nessus/128663", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2698. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128663);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:2698\");\n\n script_name(english:\"RHEL 7 : bind (RHSA-2019:2698)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 7.4\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5743\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.4\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2698\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"bind-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"bind-chroot-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-debuginfo-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-devel-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-libs-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-libs-lite-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-license-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-lite-devel-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"bind-pkcs11-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-pkcs11-devel-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", reference:\"bind-pkcs11-libs-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"bind-sdb-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"s390x\", reference:\"bind-utils-9.9.4-51.el7_4.3\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-51.el7_4.3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:22:50", "description": "USN-3956-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details :\n\nIt was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : bind9 vulnerability (USN-3956-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bind9", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3956-2.NASL", "href": "https://www.tenable.com/plugins/nessus/124758", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3956-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124758);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"USN\", value:\"3956-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : bind9 vulnerability (USN-3956-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3956-1 fixed a vulnerability in Bind. This update provides the\ncorresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details :\n\nIt was discovered that Bind incorrectly handled limiting the number of\nsimultaneous TCP clients. A remote attacker could possibly use this\nissue to cause Bind to consume resources, leading to a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3956-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind9 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"bind9\", pkgver:\"1:9.9.5.dfsg-3ubuntu0.19+esm1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind9\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T12:49:41", "description": "From Red Hat Security Advisory 2019:1294 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : bind (ELSA-2019-1294)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:bind", "p-cpe:/a:oracle:linux:bind-chroot", "p-cpe:/a:oracle:linux:bind-devel", "p-cpe:/a:oracle:linux:bind-libs", "p-cpe:/a:oracle:linux:bind-libs-lite", "p-cpe:/a:oracle:linux:bind-license", "p-cpe:/a:oracle:linux:bind-lite-devel", "p-cpe:/a:oracle:linux:bind-pkcs11", "p-cpe:/a:oracle:linux:bind-pkcs11-devel", "p-cpe:/a:oracle:linux:bind-pkcs11-libs", "p-cpe:/a:oracle:linux:bind-pkcs11-utils", "p-cpe:/a:oracle:linux:bind-sdb", "p-cpe:/a:oracle:linux:bind-sdb-chroot", "p-cpe:/a:oracle:linux:bind-utils", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2019-1294.NASL", "href": "https://www.tenable.com/plugins/nessus/125589", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2019:1294 and \n# Oracle Linux Security Advisory ELSA-2019-1294 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125589);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1294\");\n\n script_name(english:\"Oracle Linux 7 : bind (ELSA-2019-1294)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2019:1294 :\n\nAn update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2019-May/008763.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-license-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-74.el7_6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-libs-lite / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:27:07", "description": "ISC BIND versions 9.9.x prior or equal to 9.10.8-P1, 9.11.x prior to 9.11.6-P1, 9.12.x prior to 9.12.4-P1, 9.13.0 prior or equal to 9.13.7, 9.14.0, and BIND 9 Supported Preview Edition versions 9.9.3-S1 prior or equal to to 9.11.5-S3, and 9.11.5-S5 are affected by a DoS vulnerability due to a flaw in the feature to limit the number of simultaneous TCP connections. An unauthenticated, remote attacker can exploit this issue, to cause the application to stop responding.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-07T00:00:00", "type": "nessus", "title": "ISC BIND 9 Denial of Service Vulnerability (CVE-2018-5743)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-05-22T00:00:00", "cpe": ["cpe:/a:isc:bind"], "id": "BIND9_CVE-2018-5743.NASL", "href": "https://www.tenable.com/plugins/nessus/124652", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124652);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/22\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_bugtraq_id(108077);\n script_xref(name:\"IAVA\", value:\"2019-A-0139-S\");\n\n script_name(english:\"ISC BIND 9 Denial of Service Vulnerability (CVE-2018-5743)\");\n script_summary(english:\"Checks the version of ISC BIND.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote name server is affected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"ISC BIND versions 9.9.x prior or equal to 9.10.8-P1, 9.11.x prior to 9.11.6-P1, 9.12.x prior to 9.12.4-P1, 9.13.0 prior\nor equal to 9.13.7, 9.14.0, and BIND 9 Supported Preview Edition versions 9.9.3-S1 prior or equal to to 9.11.5-S3, and\n9.11.5-S5 are affected by a DoS vulnerability due to a flaw in the feature to limit the number of simultaneous TCP\nconnections. An unauthenticated, remote attacker can exploit this issue, to cause the application to stop responding.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/docs/aa-00861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/docs/aa-00913\");\n script_set_attribute(attribute:\"see_also\", value:\"https://kb.isc.org/docs/cve-2018-5743\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ISC BIND version 9.11.6-P1, 9.12.4-P1, 9.14.1, 9.11.5-S6, 9.11.6-S1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/07\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:isc:bind\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"DNS\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"bind_version.nasl\");\n script_require_keys(\"bind/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\n\nvcf::bind::initialize();\n\napp_info = vcf::get_app_info(app:\"BIND\", port:53, kb_ver:\"bind/version\", service:TRUE, proto:\"UDP\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nconstraints = [\n { \"min_version\" : \"9.9.3-S1\", \"max_version\" : \"9.11.5-S3\", \"fixed_display\" : \"9.11.5-S6 \\ 9.11.6-S1\" },\n { \"equal\" : \"9.11.5-S5\", \"fixed_display\" : \"9.11.5-S6 \\ 9.11.6-S1\" },\n { \"min_version\" : \"9.9.0\", \"max_version\" : \"9.10.8-P1\", \"fixed_display\" : \"9.11.6-P1 \\ 9.12.4-P1 \\ 9.14.1\" },\n { \"min_version\" : \"9.11.0\", \"fixed_version\" : \"9.11.6-P1\" },\n { \"min_version\" : \"9.12.0\", \"fixed_version\" : \"9.12.4-P1\" },\n { \"min_version\" : \"9.13.0\", \"max_version\" : \"9.13.7\", \"fixed_display\" : \"9.14.1\" },\n { \"min_version\" : \"9.14.0\", \"fixed_version\" : \"9.14.1\" },\n];\nconstraints = vcf::bind::filter_constraints(constraints:constraints, version:app_info.version);\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-16T00:39:16", "description": "Update to latest [security release](http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.1 1.6-P1.html)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "Fedora 30 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-f791948895)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:12:dhcp", "p-cpe:/a:fedoraproject:fedora:32:bind", "p-cpe:/a:fedoraproject:fedora:bind-dyndb-ldap", "p-cpe:/a:fedoraproject:fedora:dnsperf", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-F791948895.NASL", "href": "https://www.tenable.com/plugins/nessus/124607", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-f791948895.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124607);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"FEDORA\", value:\"2019-f791948895\");\n\n script_name(english:\"Fedora 30 : 12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf (2019-f791948895)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to latest [security\nrelease](http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.1\n1.6-P1.html)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n # http://ftp.isc.org/isc/bind9/9.11.6-P1/RELEASE-NOTES-bind-9.11.6-P1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4846d96a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f791948895\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:12:dhcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:32:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind-dyndb-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dnsperf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"dhcp-4.3.6-34.fc30\", epoch:\"12\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"bind-9.11.6-3.P1.fc30\", epoch:\"32\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"bind-dyndb-ldap-11.1-15.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"dnsperf-2.2.1-4.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"12:dhcp / 32:bind / bind-dyndb-ldap / dnsperf\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:22:55", "description": "An update for bind is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "RHEL 8 : bind (RHSA-2019:1145)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-debugsource", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-export-devel", "p-cpe:/a:redhat:enterprise_linux:bind-export-libs", "p-cpe:/a:redhat:enterprise_linux:bind-export-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "p-cpe:/a:redhat:enterprise_linux:bind-utils-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-bind", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1145.NASL", "href": "https://www.tenable.com/plugins/nessus/124846", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1145. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124846);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2020/01/30\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1145\");\n\n script_name(english:\"RHEL 8 : bind (RHSA-2019:1145)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://kb.isc.org/docs/cve-2018-5743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5743\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-export-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1145\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-chroot-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-chroot-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-debugsource-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-debugsource-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-debugsource-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-export-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-export-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-export-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-export-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-export-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-export-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-export-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-export-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-export-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-lite-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-lite-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-libs-lite-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"bind-license-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-lite-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-lite-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-sdb-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-sdb-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-sdb-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-sdb-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-sdb-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-utils-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-utils-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"i686\", reference:\"bind-utils-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bind-utils-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bind-utils-debuginfo-9.11.4-17.P2.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"python3-bind-9.11.4-17.P2.el8_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-debugsource / bind-devel / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:22:58", "description": "Security Fix(es) :\n\n - bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : bind on SL7.x x86_64 (20190529)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bind", "p-cpe:/a:fermilab:scientific_linux:bind-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-debuginfo", "p-cpe:/a:fermilab:scientific_linux:bind-devel", "p-cpe:/a:fermilab:scientific_linux:bind-libs", "p-cpe:/a:fermilab:scientific_linux:bind-libs-lite", "p-cpe:/a:fermilab:scientific_linux:bind-license", "p-cpe:/a:fermilab:scientific_linux:bind-lite-devel", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs", "p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils", "p-cpe:/a:fermilab:scientific_linux:bind-sdb", "p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot", "p-cpe:/a:fermilab:scientific_linux:bind-utils", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190529_BIND_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/125591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125591);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL7.x x86_64 (20190529)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - bind: Limiting simultaneous TCP clients is ineffective\n (CVE-2018-5743)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1905&L=SCIENTIFIC-LINUX-ERRATA&P=7124\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c3823c7b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-libs-lite-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"bind-license-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-lite-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-devel-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-libs-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-74.el7_6.1\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-74.el7_6.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:22:46", "description": "An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "RHEL 7 : bind (RHSA-2019:1294)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-15T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bind", "p-cpe:/a:redhat:enterprise_linux:bind-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-debuginfo", "p-cpe:/a:redhat:enterprise_linux:bind-devel", "p-cpe:/a:redhat:enterprise_linux:bind-libs", "p-cpe:/a:redhat:enterprise_linux:bind-libs-lite", "p-cpe:/a:redhat:enterprise_linux:bind-license", "p-cpe:/a:redhat:enterprise_linux:bind-lite-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs", "p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils", "p-cpe:/a:redhat:enterprise_linux:bind-sdb", "p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot", "p-cpe:/a:redhat:enterprise_linux:bind-utils", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.6"], "id": "REDHAT-RHSA-2019-1294.NASL", "href": "https://www.tenable.com/plugins/nessus/125590", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1294. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125590);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2020/01/15\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"RHSA\", value:\"2019:1294\");\n\n script_name(english:\"RHEL 7 : bind (RHSA-2019:1294)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for bind is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nSecurity Fix(es) :\n\n* bind: Limiting simultaneous TCP clients is ineffective\n(CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-5743\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs-lite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-license\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-lite-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-pkcs11-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1294\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-chroot-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-chroot-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-debuginfo-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-devel-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-libs-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-libs-lite-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-license-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-lite-devel-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-pkcs11-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-pkcs11-devel-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"bind-pkcs11-libs-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-pkcs11-utils-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-pkcs11-utils-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-sdb-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-sdb-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-sdb-chroot-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-sdb-chroot-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bind-utils-9.9.4-74.el7_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bind-utils-9.9.4-74.el7_6.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-13T14:28:20", "description": "It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-26T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Bind vulnerability (USN-3956-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:bind9", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-3956-1.NASL", "href": "https://www.tenable.com/plugins/nessus/124323", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3956-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124323);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2018-5743\");\n script_xref(name:\"USN\", value:\"3956-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : Bind vulnerability (USN-3956-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Bind incorrectly handled limiting the number of\nsimultaneous TCP clients. A remote attacker could possibly use this\nissue to cause Bind to consume resources, leading to a denial of\nservice.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3956-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind9 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"bind9\", pkgver:\"1:9.10.3.dfsg.P4-8ubuntu1.14\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"bind9\", pkgver:\"1:9.11.3+dfsg-1ubuntu1.7\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"bind9\", pkgver:\"1:9.11.4+dfsg-3ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"bind9\", pkgver:\"1:9.11.5.P1+dfsg-1ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind9\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:19:53", "description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0\n\n-> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743. (CVE-2018-5743)\n\nImpact\n\nBIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow\n\nAn attacker may exhaust file descriptors available to the named process; as a result, network connections and the management of log files or zone journal files may be affected. In BIG-IQ / Enterprise Manager / F5 iWorkflow standard and default configurations, exposure is limited to localhost , and there is no remote exposure.\n\nTraffix SDC\n\nThere is no impact; this F5 product is not affected by this vulnerability.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-03T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : BIND vulnerability (K74009656)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2020-03-09T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL74009656.NASL", "href": "https://www.tenable.com/plugins/nessus/126448", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K74009656.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126448);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"F5 Networks BIG-IP : BIND vulnerability (K74009656)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"By design, BIND is intended to limit the number of TCP clients that\ncan be connected at any given time. The number of allowed connections\nis a tunable parameter which, if unset, defaults to a conservative\nvalue for most servers. Unfortunately, the code which was intended to\nlimit the number of simultaneous connections contained an error which\ncould be exploited to grow the number of simultaneous connections\nbeyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0\n\n-> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition\nversions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 ->\n9.13.7 of the 9.13 development branch are also affected. Versions\nprior to BIND 9.9.0 have not been evaluated for vulnerability to\nCVE-2018-5743. (CVE-2018-5743)\n\nImpact\n\nBIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow\n\nAn attacker may exhaust file descriptors available to the named\nprocess; as a result, network connections and the management of log\nfiles or zone journal files may be affected. In BIG-IQ / Enterprise\nManager / F5 iWorkflow standard and default configurations, exposure\nis limited to localhost , and there is no remote exposure.\n\nTraffix SDC\n\nThere is no impact; this F5 product is not affected by this\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K74009656\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K74009656.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K74009656\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"15.0.0\",\"14.0.0-14.1.0\",\"13.0.0-13.1.1\",\"12.1.0-12.1.4\",\"11.5.2-11.6.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"15.1.0\",\"15.0.1\",\"14.1.0.6\",\"14.0.0.5\",\"13.1.3\",\"12.1.5\",\"11.6.5.1\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:24:23", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has bind packages installed that are affected by a vulnerability:\n\n - A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0167)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0167_BIND.NASL", "href": "https://www.tenable.com/plugins/nessus/127454", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0167. The text\n# itself is copyright (C) ZTE, Inc.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127454);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : bind Vulnerability (NS-SA-2019-0167)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has bind packages installed that are affected by a\nvulnerability:\n\n - A flaw was found in the way bind implemented tunable\n which limited simultaneous TCP client connections. A\n remote attacker could use this flaw to exhaust the pool\n of file descriptors available to named, potentially\n affecting network connections and the management of\n files such as log files or zone journal files. In cases\n where the named process is not limited by OS-enforced\n per-process limits, this could additionally potentially\n lead to exhaustion of all available free file\n descriptors on that system. (CVE-2018-5743)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0167\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL bind packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-5743\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"bind-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-chroot-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-debuginfo-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-devel-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-libs-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-sdb-9.8.2-0.68.rc1.el6_10.3\",\n \"bind-utils-9.8.2-0.68.rc1.el6_10.3\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:22:40", "description": "Multiple vulnerabilities were found in the BIND DNS server :\n\n - CVE-2018-5743 Connection limits were incorrectly enforced.\n\n - CVE-2018-5745 The 'managed-keys' feature was susceptible to denial of service by triggering an assert.\n\n - CVE-2019-6465 ACLs for zone transfers were incorrectly enforced for dynamically loadable zones (DLZs).", "cvss3": {"score": 5.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2019-05-10T00:00:00", "type": "nessus", "title": "Debian DSA-4440-1 : bind9 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2020-01-21T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bind9", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4440.NASL", "href": "https://www.tenable.com/plugins/nessus/124722", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4440. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(124722);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/21\");\n\n script_cve_id(\"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n script_xref(name:\"DSA\", value:\"4440\");\n\n script_name(english:\"Debian DSA-4440-1 : bind9 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the BIND DNS server :\n\n - CVE-2018-5743\n Connection limits were incorrectly enforced.\n\n - CVE-2018-5745\n The 'managed-keys' feature was susceptible to denial of\n service by triggering an assert.\n\n - CVE-2019-6465\n ACLs for zone transfers were incorrectly enforced for\n dynamically loadable zones (DLZs).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-6465\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/bind9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4440\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the bind9 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 1:9.10.3.dfsg.P4-12.3+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bind9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"bind9\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9-doc\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9-host\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"bind9utils\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"dnsutils\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"host\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind-dev\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind-export-dev\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libbind9-140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns-export162\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns-export162-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libdns162\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs-export141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs-export141-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libirs141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc-export160\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc-export160-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisc160\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc-export140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc-export140-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccc140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg-export140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg-export140-udeb\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libisccfg140\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"liblwres141\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"lwresd\", reference:\"1:9.10.3.dfsg.P4-12.3+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-25T14:39:53", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-libs-debuginfo", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-1449-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1449-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125799);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"SUSE SLES12 Security Update : bind (SUSE-SU-2019:1449-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls\nover to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6465/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191449-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f727aa3\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2019-1449=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-chrootenv-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-debuginfo-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-debugsource-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-devel-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-32bit-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-libs-debuginfo-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-utils-9.9.9P1-28.42.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"bind-utils-debuginfo-9.9.9P1-28.42.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:39:53", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-04T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-devel", "p-cpe:/a:novell:suse_linux:bind-lwresd", "p-cpe:/a:novell:suse_linux:bind-lwresd-debuginfo", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "p-cpe:/a:novell:suse_linux:libbind9", "p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo", "p-cpe:/a:novell:suse_linux:libdns169", "p-cpe:/a:novell:suse_linux:libdns169-debuginfo", "p-cpe:/a:novell:suse_linux:libirs-devel", "p-cpe:/a:novell:suse_linux:libirs160", "p-cpe:/a:novell:suse_linux:libirs160-debuginfo", "p-cpe:/a:novell:suse_linux:libisc166", "p-cpe:/a:novell:suse_linux:libisc166-debuginfo", "p-cpe:/a:novell:suse_linux:libisccc160", "p-cpe:/a:novell:suse_linux:libisccc160-debuginfo", "p-cpe:/a:novell:suse_linux:libisccfg160", "p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo", "p-cpe:/a:novell:suse_linux:liblwres160", "p-cpe:/a:novell:suse_linux:liblwres160-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-1407-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125703", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:1407-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125703);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2019:1407-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust\nanchor rolls over to an unsupported key algorithm when using\nmanaged-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be\ncaused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6465/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20191407-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96c92c58\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1:zypper in\n-t patch SUSE-SLE-Module-Server-Applications-15-SP1-2019-1407=1\n\nSUSE Linux Enterprise Module for Server Applications 15:zypper in -t\npatch SUSE-SLE-Module-Server-Applications-15-2019-1407=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1407=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-1407=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-1407=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-1407=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-chrootenv-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-chrootenv-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-debugsource-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-lwresd-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-lwresd-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-utils-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"bind-utils-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libbind9-160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libbind9-160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libdns169-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libdns169-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libirs-devel-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libirs160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libirs160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisc166-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisc166-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccc160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccc160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccfg160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"libisccfg160-debuginfo-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblwres160-9.11.2-12.11.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"liblwres160-debuginfo-9.11.2-12.11.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:51:56", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys. (bsc#1126068)\n\n - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective. (bsc#1133185)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2019-1532)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-libs", "p-cpe:/a:novell:opensuse:bind-libs-32bit", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo", "p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2019-1532.NASL", "href": "https://www.tenable.com/plugins/nessus/125807", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1532.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125807);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2019-1532)\");\n script_summary(english:\"Check for the openSUSE-2019-1532 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2018-5740: Fixed a denial of service vulnerability\n in the 'deny-answer-aliases' feature (bsc#1104129).\n\n - CVE-2019-6465: Fixed an issue where controls for zone\n transfers may not be properly applied to Dynamically\n Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: An assertion failure can occur if a trust\n anchor rolls over to an unsupported key algorithm when\n using managed-keys. (bsc#1126068)\n\n - CVE-2018-5743: Limiting simultaneous TCP clients is\n ineffective. (bsc#1133185)\n\nThis update was imported from the SUSE:SLE-12-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-chrootenv-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-debugsource-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-devel-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-libs-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-libs-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-lwresd-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-lwresd-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-utils-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"bind-utils-debuginfo-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.9P1-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"bind-libs-debuginfo-32bit-9.9.9P1-56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T14:51:22", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-doc", "p-cpe:/a:novell:suse_linux:bind-libs", "p-cpe:/a:novell:suse_linux:bind-utils", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-14074-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125759", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:14074-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125759);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2018-5740\",\n \"CVE-2018-5743\",\n \"CVE-2018-5745\",\n \"CVE-2019-6465\"\n );\n\n script_name(english:\"SUSE SLES11 Security Update : bind (SUSE-SU-2019:14074-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nCVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n(bsc#1133185)\n\nCVE-2018-5745: An assertion failure can occur if a trust anchor rolls\nover to an unsupported key algorithm when using managed-keys.\n(bsc#1126068)\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5740/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5743/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-5745/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6465/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-201914074-1.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b110680\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch\nslessp4-bind-14074=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-bind-14074=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-bind-14074=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-bind-14074=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-libs-32bit-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"bind-libs-32bit-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-chrootenv-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-doc-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-libs-9.9.6P1-0.51.15.4\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"bind-utils-9.9.6P1-0.51.15.4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:39:53", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).\n\n - CVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).\n\n - CVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : bind (openSUSE-2019-1533)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2020-09-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:bind", "p-cpe:/a:novell:opensuse:bind-chrootenv", "p-cpe:/a:novell:opensuse:bind-debuginfo", "p-cpe:/a:novell:opensuse:bind-debugsource", "p-cpe:/a:novell:opensuse:bind-devel", "p-cpe:/a:novell:opensuse:bind-devel-32bit", "p-cpe:/a:novell:opensuse:bind-lwresd", "p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo", "p-cpe:/a:novell:opensuse:bind-utils", "p-cpe:/a:novell:opensuse:bind-utils-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-160", "p-cpe:/a:novell:opensuse:libbind9-160-32bit", "p-cpe:/a:novell:opensuse:libbind9-160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libbind9-160-debuginfo", "p-cpe:/a:novell:opensuse:libdns169", "p-cpe:/a:novell:opensuse:libdns169-32bit", "p-cpe:/a:novell:opensuse:libdns169-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libdns169-debuginfo", "p-cpe:/a:novell:opensuse:libirs-devel", "p-cpe:/a:novell:opensuse:libirs160", "p-cpe:/a:novell:opensuse:libirs160-32bit", "p-cpe:/a:novell:opensuse:libirs160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libirs160-debuginfo", "p-cpe:/a:novell:opensuse:libisc166", "p-cpe:/a:novell:opensuse:libisc166-32bit", "p-cpe:/a:novell:opensuse:libisc166-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisc166-debuginfo", "p-cpe:/a:novell:opensuse:libisccc160", "p-cpe:/a:novell:opensuse:libisccc160-32bit", "p-cpe:/a:novell:opensuse:libisccc160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccc160-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg160", "p-cpe:/a:novell:opensuse:libisccfg160-32bit", "p-cpe:/a:novell:opensuse:libisccfg160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:libisccfg160-debuginfo", "p-cpe:/a:novell:opensuse:liblwres160", "p-cpe:/a:novell:opensuse:liblwres160-32bit", "p-cpe:/a:novell:opensuse:liblwres160-32bit-debuginfo", "p-cpe:/a:novell:opensuse:liblwres160-debuginfo", "p-cpe:/a:novell:opensuse:python3-bind", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-1533.NASL", "href": "https://www.tenable.com/plugins/nessus/125808", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1533.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125808);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/23\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n\n script_name(english:\"openSUSE Security Update : bind (openSUSE-2019-1533)\");\n script_summary(english:\"Check for the openSUSE-2019-1533 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2019-6465: Fixed an issue where controls for zone\n transfers may not be properly applied to Dynamically\n Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: Fixed a denial of service vulnerability\n if a trust anchor rolls over to an unsupported key\n algorithm when using managed-keys (bsc#1126068).\n\n - CVE-2018-5743: Fixed a denial of service vulnerability\n which could be caused by to many simultaneous TCP\n connections (bsc#1133185).\n\n - CVE-2018-5740: Fixed a denial of service vulnerability\n in the 'deny-answer-aliases' feature (bsc#1104129).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-lwresd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libbind9-160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libdns169-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libirs160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisc166-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccc160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libisccfg160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:liblwres160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-chrootenv-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-debugsource-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-devel-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-lwresd-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-lwresd-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-utils-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"bind-utils-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbind9-160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libbind9-160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdns169-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libdns169-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs-devel-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libirs160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisc166-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisc166-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccc160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccc160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccfg160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libisccfg160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"liblwres160-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"liblwres160-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"python3-bind-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"bind-devel-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libbind9-160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libbind9-160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdns169-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libdns169-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libirs160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libirs160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisc166-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisc166-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccc160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccc160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccfg160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"libisccfg160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"liblwres160-32bit-9.11.2-lp151.11.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", cpu:\"x86_64\", reference:\"liblwres160-32bit-debuginfo-9.11.2-lp151.11.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chrootenv / bind-debuginfo / bind-debugsource / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-25T14:44:31", "description": "This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may not be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687)\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be caused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the 'deny-answer-aliases' feature (bsc#1104129).\n\nNon-security issues fixed: Don't rely on /etc/insserv.conf anymore for proper dependencies against nss-lookup.target in named.service and lwresd.service (bsc#1118367, bsc#1118368).\n\nFix FIPS related regression (bsc#1128220).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6471"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:bind", "p-cpe:/a:novell:suse_linux:bind-chrootenv", "p-cpe:/a:novell:suse_linux:bind-debuginfo", "p-cpe:/a:novell:suse_linux:bind-debugsource", "p-cpe:/a:novell:suse_linux:bind-utils", "p-cpe:/a:novell:suse_linux:bind-utils-debuginfo", "p-cpe:/a:novell:suse_linux:libbind9", "p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo", "p-cpe:/a:novell:suse_linux:libdns169", "p-cpe:/a:novell:suse_linux:libdns169-debuginfo", "p-cpe:/a:novell:suse_linux:libirs160", "p-cpe:/a:novell:suse_linux:libirs160-debuginfo", "p-cpe:/a:novell:suse_linux:libisc166", "p-cpe:/a:novell:suse_linux:libisc166-debuginfo", "p-cpe:/a:novell:suse_linux:libisccc160", "p-cpe:/a:novell:suse_linux:libisccc160-debuginfo", "p-cpe:/a:novell:suse_linux:libisccfg160", "p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo", "p-cpe:/a:novell:suse_linux:liblwres160", "p-cpe:/a:novell:suse_linux:liblwres160-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2502-1.NASL", "href": "https://www.tenable.com/plugins/nessus/129526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2502-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129526);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\", \"CVE-2019-6471\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2019:2502-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for bind fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2019-6465: Fixed an issue where controls for zone transfers may\nnot be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\nCVE-2019-6471: Fixed a reachable assert in dispatch.c. (bsc#1138687)\n\nCVE-2018-5745: Fixed a denial of service vulnerability if a trust\nanchor rolls over to an unsupported key algorithm when using\nmanaged-keys (bsc#1126068).\n\nCVE-2018-5743: Fixed a denial of service vulnerability which could be\ncaused by to many simultaneous TCP connections (bsc#1133185).\n\nCVE-2018-5740: Fixed a denial of service vulnerability in the\n'deny-answer-aliases' feature (bsc#1104129).\n\nNon-security issues fixed: Don't rely on /etc/insserv.conf anymore for\nproper dependencies against nss-lookup.target in named.service and\nlwresd.service (bsc#1118367, bsc#1118368).\n\nFix FIPS related regression (bsc#1128220).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118368\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5740/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5743/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5745/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6465/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-6471/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192502-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5b6341fa\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-2502=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-2502=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-2502=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-6465\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bind-utils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libbind9-160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libdns169-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libirs160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisc166-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccc160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libisccfg160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:liblwres160-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-chrootenv-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-debugsource-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-utils-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"bind-utils-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libbind9-160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libbind9-160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdns169-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libdns169-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libirs160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libirs160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-debuginfo-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisc166-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccc160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccc160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccfg160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libisccfg160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"liblwres160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"liblwres160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-debugsource-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"bind-utils-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libbind9-160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libbind9-160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libdns169-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libdns169-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libirs160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libirs160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-debuginfo-32bit-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisc166-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccc160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccc160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccfg160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"libisccfg160-debuginfo-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"liblwres160-9.11.2-3.10.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"liblwres160-debuginfo-9.11.2-3.10.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T15:15:09", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0021 for details.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.6, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-06-05T00:00:00", "type": "nessus", "title": "OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4095", "CVE-2007-2241", "CVE-2007-2925", "CVE-2007-2926", "CVE-2007-6283", "CVE-2008-0122", "CVE-2008-1447", "CVE-2009-0025", "CVE-2009-0696", "CVE-2010-0097", "CVE-2010-0290", "CVE-2011-0414", "CVE-2011-1910", "CVE-2011-2464", "CVE-2012-1033", "CVE-2012-1667", "CVE-2012-3817", "CVE-2012-4244", "CVE-2012-5166", "CVE-2012-5688", "CVE-2012-5689", "CVE-2013-2266", "CVE-2013-4854", "CVE-2014-0591", "CVE-2014-8500", "CVE-2015-1349", "CVE-2015-4620", "CVE-2015-5477", "CVE-2015-5722", "CVE-2015-8000", "CVE-2015-8704", "CVE-2016-1285", "CVE-2016-1286", "CVE-2016-2776", "CVE-2016-2848", "CVE-2016-8864", "CVE-2016-9147", "CVE-2017-3136", "CVE-2017-3137", "CVE-2017-3142", "CVE-2017-3143", "CVE-2017-3145", "CVE-2018-5740", "CVE-2018-5743", "CVE-2020-8616", "CVE-2020-8617"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:bind-libs", "p-cpe:/a:oracle:vm:bind-utils", "cpe:/o:oracle:vm_server:3.3", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/137170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0021.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137170);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2006-4095\", \"CVE-2007-2241\", \"CVE-2007-2925\", \"CVE-2007-2926\", \"CVE-2007-6283\", \"CVE-2008-0122\", \"CVE-2008-1447\", \"CVE-2009-0025\", \"CVE-2009-0696\", \"CVE-2010-0097\", \"CVE-2010-0290\", \"CVE-2011-0414\", \"CVE-2011-1910\", \"CVE-2011-2464\", \"CVE-2012-1033\", \"CVE-2012-1667\", \"CVE-2012-3817\", \"CVE-2012-4244\", \"CVE-2012-5166\", \"CVE-2012-5688\", \"CVE-2012-5689\", \"CVE-2013-2266\", \"CVE-2013-4854\", \"CVE-2014-0591\", \"CVE-2014-8500\", \"CVE-2015-1349\", \"CVE-2015-4620\", \"CVE-2015-5477\", \"CVE-2015-5722\", \"CVE-2015-8000\", \"CVE-2015-8704\", \"CVE-2016-1285\", \"CVE-2016-1286\", \"CVE-2016-2776\", \"CVE-2016-2848\", \"CVE-2016-8864\", \"CVE-2016-9147\", \"CVE-2017-3136\", \"CVE-2017-3137\", \"CVE-2017-3142\", \"CVE-2017-3143\", \"CVE-2017-3145\", \"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2020-8616\", \"CVE-2020-8617\");\n script_bugtraq_id(19859, 25037, 27283, 30131, 33151, 35848, 37118, 37865, 46491, 48007, 48566, 51898, 53772, 54658, 55522, 55852, 56817, 57556, 58736, 61479, 64801, 71590, 72673, 75588);\n\n script_name(english:\"OracleVM 3.3 / 3.4 : bind (OVMSA-2020-0021)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2020-0021 for details.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000984.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000981.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2020-June/000982.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected bind-libs / bind-utils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2008-0122\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 189, 200, 287);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/09/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.7\")) flag++;\nif (rpm_check(release:\"OVS3.3\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.7\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-libs-9.8.2-0.68.rc1.el6_10.7\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"bind-utils-9.8.2-0.68.rc1.el6_10.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind-libs / bind-utils\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:50", "description": "DHCP (Dynamic Host Configuration Protocol) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-05-06T00:46:52", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: dhcp-4.3.6-34.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-06T00:46:52", "id": "FEDORA:81469604E7E9", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UGIFSHDIWQD6WI247VW4R6T243VQFVHW/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "DHCP (Dynamic Host Configuration Protocol) ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-06-05T02:02:00", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: dhcp-4.3.6-31.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-06-05T02:02:00", "id": "FEDORA:5E78E608FD00", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CO42JSXTUC3QDLEEZJZDG2BNGDYUJZF7/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf(1) and resperf(1) man pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-06-05T02:02:00", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: dnsperf-2.2.1-4.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-06-05T02:02:00", "id": "FEDORA:7BEB760AAB1E", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XMHOREAJRSBQFRNZLCQULXF3FAWO7O7I/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-05-06T00:46:52", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: bind-9.11.6-3.P1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-06T00:46:52", "id": "FEDORA:0C9E6604E7C5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2EIREDRKVYZPUUVFAJWZMATLY5FSGMZL/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-06-05T02:02:00", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: bind-dyndb-ldap-11.1-15.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-06-05T02:02:00", "id": "FEDORA:23EF6608C00F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JAWQZ6NMKUFFGG7QXCBR7QH6U6Y6VUG3/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "This is dnsperf, a collection of DNS server performance testing tools. For more information, see the dnsperf(1) and resperf(1) man pages. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-05-06T00:46:52", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: dnsperf-2.2.1-4.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-06T00:46:52", "id": "FEDORA:9F86B604E849", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/INCFEXP46UY5YZGY3X2SJWQK7W5S44TJ/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:50", "description": "This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-05-06T00:46:52", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: bind-dyndb-ldap-11.1-15.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-06T00:46:52", "id": "FEDORA:619C3604E7E5", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QZGAZLLUEXJPY3ATNMO7SMDZ7KFX3ECA/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-06-05T02:01:58", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: bind-9.11.6-2.P1.fc29", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-06-05T02:01:58", "id": "FEDORA:2EED9608C00F", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLUFN44CLFTGVCZPRMRKR32GGFBXXUIT/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-07-22T01:04:30", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: bind-9.11.8-1.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2019-6471"], "modified": "2019-07-22T01:04:30", "id": "FEDORA:A45AD604D0C6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XNFFCVCTKCXL6U4HFW7PCQSOEY6KLQJO/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:46:51", "description": "BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-13T01:04:40", "type": "fedora", "title": "[SECURITY] Fedora 30 Update: bind-9.11.13-2.fc30", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2019-6477"], "modified": "2019-12-13T01:04:40", "id": "FEDORA:BF4FB6291CB6", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BECUKGXT5OFHDM26TSBQZLIPZZINETKW/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2022-07-07T11:07:55", "description": "A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-13T06:37:49", "type": "redhatcve", "title": "CVE-2018-5743", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2022-07-07T10:59:56", "id": "RH:CVE-2018-5743", "href": "https://access.redhat.com/security/cve/cve-2018-5743", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-07T17:44:17", "description": "A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and potentially affecting network connections and the management of files such as log files or zone journal files.\n#### Mitigation\n\nThe vulnerability can be mitigated by disabling server TCP-pipelining: \n\n \n \n keep-response-order { any; }; \n \n\nand then restarting BIND. The server restart is necessary because neither a 'reload' nor a 'reconfig' operation will properly reset currently pipelining TCP clients. \nDisabling TCP-pipelining entirely is completely effective at mitigating the vulnerability with minimal impact to clients that use pipelined TCP connections and with no impact to clients that do not support TCP-pipelining. The majority of Internet client DNS queries are transported over UDP or TCP without use of TCP-pipelining. \nNote: This mitigation will only work with bind-9.11 and above. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-08T05:07:02", "type": "redhatcve", "title": "CVE-2019-6477", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2019-6477"], "modified": "2022-07-07T12:11:21", "id": "RH:CVE-2019-6477", "href": "https://access.redhat.com/security/cve/cve-2019-6477", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2019-11-06T12:15:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for bind-dyndb-ldap FEDORA-2019-f791948895", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876156", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876156\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:37:02 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for bind-dyndb-ldap FEDORA-2019-f791948895\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f791948895\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZGAZLLUEXJPY3ATNMO7SMDZ7KFX3ECA\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind-dyndb-ldap'\n package(s) announced via the FEDORA-2019-f791948895 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package provides an LDAP back-end plug-in for BIND. It features\nsupport for dynamic updates and internal caching, to lift the load\noff of your LDAP server.\");\n\n script_tag(name:\"affected\", value:\"'bind-dyndb-ldap' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-dyndb-ldap\", rpm:\"bind-dyndb-ldap~11.1~15.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:13:03", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for dhcp FEDORA-2019-f791948895", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876125", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876125\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:35:27 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for dhcp FEDORA-2019-f791948895\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f791948895\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGIFSHDIWQD6WI247VW4R6T243VQFVHW\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dhcp'\n package(s) announced via the FEDORA-2019-f791948895 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"DHCP (Dynamic Host Configuration Protocol)\");\n\n script_tag(name:\"affected\", value:\"'dhcp' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.3.6~34.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-11T18:47:19", "description": "ISC BIND is prone to a denial of service vulnerability due to ineffective\n simultaneous TCP client limiting.", "cvss3": {}, "published": "2019-04-30T00:00:00", "type": "openvas", "title": "ISC BIND DoS Vulnerability - CVE-2018-5743 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310142320", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142320", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:isc:bind\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142320\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-30 06:22:02 +0000 (Tue, 30 Apr 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ISC BIND DoS Vulnerability - CVE-2018-5743 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"bind_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"isc/bind/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"ISC BIND is prone to a denial of service vulnerability due to ineffective\n simultaneous TCP client limiting.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"By design, BIND is intended to limit the number of TCP clients that can be\n connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults\n to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of\n simultaneous connections contains an error which can be exploited to grow the number of simultaneous connections\n beyond this limit.\");\n\n script_tag(name:\"impact\", value:\"By exploiting the failure to limit simultaneous TCP connections, an attacker\n can deliberately exhaust the pool of file descriptors available to named, potentially affecting network\n connections and the management of files such as log files or zone journal files.\n\n In cases where the named process is not limited by OS-enforced per-process limits, this could additionally\n potentially lead to exhaustion of all available free file descriptors on that system.\");\n\n script_tag(name:\"affected\", value:\"BIND 9.9.0 to 9.10.8-P1, 9.11.0 to 9.11.6, 9.12.0 to 9.12.4, 9.14.0. BIND 9\n Supported Preview Edition versions 9.9.3-S1 to 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 to 9.13.7 of the 9.13\n development branch.\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.11.6-P1, 9.12.4-P1, 9.14.1, 9.11.5-S6, 9.11.6-S1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/cve-2018-5743\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_proto(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version !~ \"^9\\.\")\n exit(99);\n\nif (version =~ \"^9\\.(9|10|11)\\.[0-9]s[0-9]\") {\n if (version_in_range(version: version, test_version: \"9.9.3s1\", test_version2: \"9.11.5s5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.5-S6/9.11.6-S1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_in_range(version: version, test_version: \"9.9.0\", test_version2: \"9.11.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.6-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.12.0\", test_version2: \"9.12.4\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.12.4-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.13.0\", test_version2: \"9.13.7\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.14.1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:14:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-06T00:00:00", "type": "openvas", "title": "Fedora Update for dhcp FEDORA-2019-0370ad8310", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876460", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876460", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876460\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-06 02:09:45 +0000 (Thu, 06 Jun 2019)\");\n script_name(\"Fedora Update for dhcp FEDORA-2019-0370ad8310\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-0370ad8310\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CO42JSXTUC3QDLEEZJZDG2BNGDYUJZF7\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dhcp'\n package(s) announced via the FEDORA-2019-0370ad8310 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"DHCP (Dynamic Host Configuration Protocol)\");\n\n script_tag(name:\"affected\", value:\"'dhcp' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"dhcp\", rpm:\"dhcp~4.3.6~31.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:48", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1730)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191730", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191730", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1730\");\n script_version(\"2020-01-23T12:21:11+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:21:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:21:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1730)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1730\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1730\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-1730 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~61.1.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:34:11", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-2040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192040", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192040", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2040\");\n script_version(\"2020-01-23T12:31:38+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:31:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:31:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-2040)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2040\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2040\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-2040 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~61.1.h4\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:18:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-04-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for bind9 USN-3956-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310843989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843989", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843989\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-26 02:00:31 +0000 (Fri, 26 Apr 2019)\");\n script_name(\"Ubuntu Update for bind9 USN-3956-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.10|UBUNTU19\\.04|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3956-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3956-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind9'\n package(s) announced via the USN-3956-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Bind incorrectly handled limiting the number of\nsimultaneous TCP clients. A remote attacker could possibly use this issue\nto cause Bind to consume resources, leading to a denial of service.\");\n\n script_tag(name:\"affected\", value:\"'bind9' package(s) on Ubuntu 19.04, Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.11.4+dfsg-3ubuntu5.3\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.11.5.P1+dfsg-1ubuntu2.3\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.11.3+dfsg-1ubuntu1.7\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.10.3.dfsg.P4-8ubuntu1.14\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:11:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2019-f791948895", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876171", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876171", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876171\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:37:48 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for bind FEDORA-2019-f791948895\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f791948895\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2EIREDRKVYZPUUVFAJWZMATLY5FSGMZL\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the FEDORA-2019-f791948895 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating properly.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.6~3.P1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:14:26", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-07T00:00:00", "type": "openvas", "title": "Fedora Update for dnsperf FEDORA-2019-f791948895", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310875746", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875746", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875746\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:19:08 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for dnsperf FEDORA-2019-f791948895\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f791948895\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/INCFEXP46UY5YZGY3X2SJWQK7W5S44TJ\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dnsperf'\n package(s) announced via the FEDORA-2019-f791948895 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This is dnsperf, a collection of DNS server performance testing tools.\nFor more information, see the dnsperf(1) and resperf(1) man pages.\");\n\n script_tag(name:\"affected\", value:\"'dnsperf' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"dnsperf\", rpm:\"dnsperf~2.2.1~4.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:19:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-19T00:00:00", "type": "openvas", "title": "CentOS Update for bind CESA-2019:1492 centos6 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310883067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883067", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883067\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-19 02:00:50 +0000 (Wed, 19 Jun 2019)\");\n script_name(\"CentOS Update for bind CESA-2019:1492 centos6 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n\n script_xref(name:\"CESA\", value:\"2019:1492\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-June/023331.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the CESA-2019:1492 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named), a resolver\nlibrary (routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on CentOS 6.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS6\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.2~0.68.rc1.el6_10.3\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.8.2~0.68.rc1.el6_10.3\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.8.2~0.68.rc1.el6_10.3\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.8.2~0.68.rc1.el6_10.3\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.8.2~0.68.rc1.el6_10.3\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.8.2~0.68.rc1.el6_10.3\", rls:\"CentOS6\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:10:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-06T00:00:00", "type": "openvas", "title": "Fedora Update for bind-dyndb-ldap FEDORA-2019-0370ad8310", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876458", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876458", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876458\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-06 02:09:42 +0000 (Thu, 06 Jun 2019)\");\n script_name(\"Fedora Update for bind-dyndb-ldap FEDORA-2019-0370ad8310\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-0370ad8310\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JAWQZ6NMKUFFGG7QXCBR7QH6U6Y6VUG3\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind-dyndb-ldap'\n package(s) announced via the FEDORA-2019-0370ad8310 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This package provides an LDAP back-end plug-in for BIND. It features\nsupport for dynamic updates and internal caching, to lift the load\noff of your LDAP server.\");\n\n script_tag(name:\"affected\", value:\"'bind-dyndb-ldap' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-dyndb-ldap\", rpm:\"bind-dyndb-ldap~11.1~15.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:30:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for bind9 (DLA-1859-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891859", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891859", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891859\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-22 02:00:07 +0000 (Mon, 22 Jul 2019)\");\n script_name(\"Debian LTS: Security Advisory for bind9 (DLA-1859-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/07/msg00019.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1859-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind9'\n package(s) announced via the DLA-1859-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in the Bind DNS Server. Limits on\nsimultaneous tcp connections have not been enforced correctly and could\nlead to exhaustion of file descriptors. In the worst case this could\naffect the file descriptors of the whole system.\");\n\n script_tag(name:\"affected\", value:\"'bind9' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1:9.9.5.dfsg-9+deb8u18.\n\nWe recommend that you upgrade your bind9 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"host\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-export-dev\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind9-90\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns-export100\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns100\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libirs-export91\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc-export95\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc95\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccc90\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg-export90\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg90\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"liblwres90\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.9.5.dfsg-9+deb8u18\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:53", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1641)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191641", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1641\");\n script_version(\"2020-01-23T12:18:41+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:18:41 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:18:41 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1641)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1641\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1641\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-1641 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-export-devel\", rpm:\"bind-export-devel~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-export-libs\", rpm:\"bind-export-libs~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-bind\", rpm:\"python3-bind~9.11.4~10.P2.h7.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-11T18:47:19", "description": "ISC BIND is prone to a denial of service vulnerability due to ineffective\n simultaneous TCP client limiting.", "cvss3": {}, "published": "2019-04-30T00:00:00", "type": "openvas", "title": "ISC BIND DoS Vulnerability - CVE-2018-5743 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310142321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310142321", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:isc:bind\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.142321\");\n script_version(\"2019-12-10T15:03:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 15:03:15 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-04-30 06:22:02 +0000 (Tue, 30 Apr 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2018-5743\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ISC BIND DoS Vulnerability - CVE-2018-5743 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"bind_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"isc/bind/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"ISC BIND is prone to a denial of service vulnerability due to ineffective\n simultaneous TCP client limiting.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"By design, BIND is intended to limit the number of TCP clients that can be\n connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults\n to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of\n simultaneous connections contains an error which can be exploited to grow the number of simultaneous connections\n beyond this limit.\");\n\n script_tag(name:\"impact\", value:\"By exploiting the failure to limit simultaneous TCP connections, an attacker\n can deliberately exhaust the pool of file descriptors available to named, potentially affecting network\n connections and the management of files such as log files or zone journal files.\n\n In cases where the named process is not limited by OS-enforced per-process limits, this could additionally\n potentially lead to exhaustion of all available free file descriptors on that system.\");\n\n script_tag(name:\"affected\", value:\"BIND 9.9.0 to 9.10.8-P1, 9.11.0 to 9.11.6, 9.12.0 to 9.12.4, 9.14.0. BIND 9\n Supported Preview Edition versions 9.9.3-S1 to 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 to 9.13.7 of the 9.13\n development branch.\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.11.6-P1, 9.12.4-P1, 9.14.1, 9.11.5-S6, 9.11.6-S1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/cve-2018-5743\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_proto(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version !~ \"^9\\.\")\n exit(99);\n\nif (version =~ \"^9\\.(9|10|11)\\.[0-9]s[0-9]\") {\n if (version_in_range(version: version, test_version: \"9.9.3s1\", test_version2: \"9.11.5s5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.5-S6/9.11.6-S1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_in_range(version: version, test_version: \"9.9.0\", test_version2: \"9.11.6\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.6-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.12.0\", test_version2: \"9.12.4\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.12.4-P1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.13.0\", test_version2: \"9.13.7\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.14.1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:10:51", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-06T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2019-0370ad8310", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876461", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876461", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876461\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-06 02:09:45 +0000 (Thu, 06 Jun 2019)\");\n script_name(\"Fedora Update for bind FEDORA-2019-0370ad8310\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-0370ad8310\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUFN44CLFTGVCZPRMRKR32GGFBXXUIT\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the FEDORA-2019-0370ad8310 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating properly.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.6~2.P1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:29", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1664)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191664", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191664", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1664\");\n script_version(\"2020-01-23T12:19:20+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:19:20 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:19:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1664)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1664\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1664\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-1664 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system.(CVE-2018-5743)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~61.1.h4.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:13:53", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-06T00:00:00", "type": "openvas", "title": "Fedora Update for dnsperf FEDORA-2019-0370ad8310", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876462", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876462", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876462\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-06 02:09:46 +0000 (Thu, 06 Jun 2019)\");\n script_name(\"Fedora Update for dnsperf FEDORA-2019-0370ad8310\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-0370ad8310\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XMHOREAJRSBQFRNZLCQULXF3FAWO7O7I\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'dnsperf'\n package(s) announced via the FEDORA-2019-0370ad8310 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This is dnsperf, a collection of DNS server performance testing tools.\nFor more information, see the dnsperf(1) and resperf(1) man pages.\");\n\n script_tag(name:\"affected\", value:\"'dnsperf' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"dnsperf\", rpm:\"dnsperf~2.2.1~4.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:20:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-11T00:00:00", "type": "openvas", "title": "CentOS Update for bind CESA-2019:1294 centos7 ", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310883062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883062", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883062\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 02:00:35 +0000 (Tue, 11 Jun 2019)\");\n script_name(\"CentOS Update for bind CESA-2019:1294 centos7 \");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2019:1294\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2019-June/023321.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the CESA-2019:1294 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named), a resolver\nlibrary (routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chroot\", rpm:\"bind-chroot~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lite-devel\", rpm:\"bind-lite-devel~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11\", rpm:\"bind-pkcs11~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-devel\", rpm:\"bind-pkcs11-devel~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-libs\", rpm:\"bind-pkcs11-libs~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-pkcs11-utils\", rpm:\"bind-pkcs11-utils~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-sdb\", rpm:\"bind-sdb~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-sdb-chroot\", rpm:\"bind-sdb-chroot~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~74.el7_6.1\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:38:42", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1704)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5743"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191704", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1704\");\n script_version(\"2020-01-23T14:23:06+0000\");\n script_cve_id(\"CVE-2018-5743\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 14:23:06 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:20:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2019-1704)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1704\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1704\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'bind' package(s) announced via the EulerOS-SA-2019-1704 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.(CVE-2018-5743)\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.4~61.1.h4\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-lite\", rpm:\"bind-libs-lite~9.9.4~61.1.h4\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-license\", rpm:\"bind-license~9.9.4~61.1.h4\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.4~61.1.h4\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-30T12:56:55", "description": "ISC BIND is prone to a denial of service vulnerability as TCP-pipelined\n queries can bypass tcp-clients limit.", "cvss3": {}, "published": "2019-11-22T00:00:00", "type": "openvas", "title": "ISC BIND DoS Vulnerability - CVE-2019-6477 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6477", "CVE-2018-5743"], "modified": "2019-12-28T00:00:00", "id": "OPENVAS:1361412562310143161", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143161", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:isc:bind\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143161\");\n script_version(\"2019-12-28T10:21:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-28 10:21:15 +0000 (Sat, 28 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-22 02:45:53 +0000 (Fri, 22 Nov 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2019-6477\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ISC BIND DoS Vulnerability - CVE-2019-6477 (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"bind_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"isc/bind/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"ISC BIND is prone to a denial of service vulnerability as TCP-pipelined\n queries can bypass tcp-clients limit.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"By design, BIND is intended to limit the number of TCP clients that can be\n connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND\n calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP\n client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a\n large number of DNS requests over a single connection. Each outstanding query will be handled internally as an\n independent client request, thus bypassing the new TCP clients limit.\");\n\n script_tag(name:\"impact\", value:\"With pipelining enabled each incoming query on a TCP connection requires a\n similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a\n TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle.\n When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these\n multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively\n or from cache.\");\n\n script_tag(name:\"affected\", value:\"BIND 9.11.6-P1 - 9.11.12, 9.12.4-P1 - 9.12.4-P2, 9.14.1 - 9.14.7 and\n 9.11.5-S6 - 9.11.12-S1. Also affects all releases in the 9.15 development branch.\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.11.13, 9.14.8, 9.15.6, 9.11.13-S1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/cve-2019-6477\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_proto(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version !~ \"^9\\.\")\n exit(99);\n\nif (version =~ \"^9\\.11\\.[0-9]s[0-9]\") {\n if (version_in_range(version: version, test_version: \"9.11.5s6\", test_version2: \"9.11.12s1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.13-S1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_in_range(version: version, test_version: \"9.11.6p1\", test_version2: \"9.11.12\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.13\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.12.4p1\", test_version2: \"9.12.4p2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.14.8\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.14.1\", test_version2: \"9.14.7\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.14.8\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.15.0\", test_version2: \"9.15.5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.15.6\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-30T12:42:35", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-15T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2019-c703d2304a", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6477", "CVE-2018-5743"], "modified": "2019-12-28T00:00:00", "id": "OPENVAS:1361412562310877080", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877080", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877080\");\n script_version(\"2019-12-28T10:21:15+0000\");\n script_cve_id(\"CVE-2018-5743\", \"CVE-2019-6477\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-28 10:21:15 +0000 (Sat, 28 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-15 03:31:19 +0000 (Sun, 15 Dec 2019)\");\n script_name(\"Fedora Update for bind FEDORA-2019-c703d2304a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-c703d2304a\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BECUKGXT5OFHDM26TSBQZLIPZZINETKW\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the FEDORA-2019-c703d2304a advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating properly.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.13~2.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-30T12:56:54", "description": "ISC BIND is prone to a denial of service vulnerability as TCP-pipelined\n queries can bypass tcp-clients limit.", "cvss3": {}, "published": "2019-11-22T00:00:00", "type": "openvas", "title": "ISC BIND DoS Vulnerability - CVE-2019-6477 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6477", "CVE-2018-5743"], "modified": "2019-12-28T00:00:00", "id": "OPENVAS:1361412562310143162", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310143162", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:isc:bind\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.143162\");\n script_version(\"2019-12-28T10:21:15+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-28 10:21:15 +0000 (Sat, 28 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-22 03:02:09 +0000 (Fri, 22 Nov 2019)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_cve_id(\"CVE-2019-6477\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"ISC BIND DoS Vulnerability - CVE-2019-6477 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"bind_version.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"isc/bind/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"ISC BIND is prone to a denial of service vulnerability as TCP-pipelined\n queries can bypass tcp-clients limit.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"By design, BIND is intended to limit the number of TCP clients that can be\n connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND\n calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP\n client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a\n large number of DNS requests over a single connection. Each outstanding query will be handled internally as an\n independent client request, thus bypassing the new TCP clients limit.\");\n\n script_tag(name:\"impact\", value:\"With pipelining enabled each incoming query on a TCP connection requires a\n similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a\n TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle.\n When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these\n multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively\n or from cache.\");\n\n script_tag(name:\"affected\", value:\"BIND 9.11.6-P1 - 9.11.12, 9.12.4-P1 - 9.12.4-P2, 9.14.1 - 9.14.7 and\n 9.11.5-S6 - 9.11.12-S1. Also affects all releases in the 9.15 development branch.\");\n\n script_tag(name:\"solution\", value:\"Update to version 9.11.13, 9.14.8, 9.15.6, 9.11.13-S1 or later.\");\n\n script_xref(name:\"URL\", value:\"https://kb.isc.org/docs/cve-2019-6477\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif(!infos = get_app_version_and_proto(cpe: CPE, port: port, exit_no_version: TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nproto = infos[\"proto\"];\n\nif (version !~ \"^9\\.\")\n exit(99);\n\nif (version =~ \"^9\\.11\\.[0-9]s[0-9]\") {\n if (version_in_range(version: version, test_version: \"9.11.5s6\", test_version2: \"9.11.12s1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.13-S1\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n} else {\n if (version_in_range(version: version, test_version: \"9.11.6p1\", test_version2: \"9.11.12\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.11.13\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.12.4p1\", test_version2: \"9.12.4p2\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.14.8\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.14.1\", test_version2: \"9.14.7\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.14.8\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n\n if (version_in_range(version: version, test_version: \"9.15.0\", test_version2: \"9.15.5\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"9.15.6\");\n security_message(port: port, data: report, proto: proto);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:13:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "openvas", "title": "Fedora Update for bind FEDORA-2019-f72801c260", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-6471", "CVE-2018-5743"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310876596", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876596", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876596\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\", \"CVE-2019-6471\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-07-22 02:18:07 +0000 (Mon, 22 Jul 2019)\");\n script_name(\"Fedora Update for bind FEDORA-2019-f72801c260\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2019-f72801c260\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNFFCVCTKCXL6U4HFW7PCQSOEY6KLQJO\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the FEDORA-2019-f72801c260 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n(Domain Name System) protocols. BIND includes a DNS server (named),\nwhich resolves host names to IP addresses, a resolver library\n(routines for applications to use when interfacing with DNS), and\ntools for verifying that the DNS server is operating properly.\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.8~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-06T12:21:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-05-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4440-1 (bind9 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5745", "CVE-2018-5743", "CVE-2019-6465"], "modified": "2019-11-05T00:00:00", "id": "OPENVAS:1361412562310704440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704440", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704440\");\n script_version(\"2019-11-05T09:17:26+0000\");\n script_cve_id(\"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-11-05 09:17:26 +0000 (Tue, 05 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-11 02:00:19 +0000 (Sat, 11 May 2019)\");\n script_name(\"Debian Security Advisory DSA 4440-1 (bind9 - security update)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2019/dsa-4440.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4440-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind9'\n package(s) announced via the DSA-4440-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in the BIND DNS server:\n\nCVE-2018-5743\nConnection limits were incorrectly enforced.\n\nCVE-2018-5745\nThe 'managed-keys' feature was susceptible to denial of service by\ntriggering an assert.\n\nCVE-2019-6465\nACLs for zone transfers were incorrectly enforced for dynamically\nloadable zones (DLZs).\");\n\n script_tag(name:\"affected\", value:\"'bind9' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u5.\n\nWe recommend that you upgrade your bind9 packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"host\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind-export-dev\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libbind9-140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns-export162\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdns162\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libirs-export141\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libirs141\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc-export160\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisc160\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccc-export140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccc140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg-export140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libisccfg140\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"liblwres141\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.10.3.dfsg.P4-12.3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T16:51:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bind (openSUSE-SU-2019:1532-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5745", "CVE-2018-5743", "CVE-2019-6465"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852551", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852551", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852551\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 02:01:30 +0000 (Tue, 11 Jun 2019)\");\n script_name(\"openSUSE: Security Advisory for bind (openSUSE-SU-2019:1532-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1532-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00026.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the openSUSE-SU-2019:1532-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for bind fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-5740: Fixed a denial of service vulnerability in the\n 'deny-answer-aliases' feature (bsc#1104129).\n\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not\n be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls\n over to an unsupported key algorithm when using managed-keys.\n (bsc#1126068)\n\n - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n (bsc#1133185)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1532=1\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on openSUSE Leap 42.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo\", rpm:\"bind-libs-debuginfo~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd\", rpm:\"bind-lwresd~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd-debuginfo\", rpm:\"bind-lwresd-debuginfo~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils-debuginfo\", rpm:\"bind-utils-debuginfo~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-libs-debuginfo-32bit\", rpm:\"bind-libs-debuginfo-32bit~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ind-doc\", rpm:\"ind-doc~9.9.9P1~56.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-31T16:48:01", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-06-11T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for bind (openSUSE-SU-2019:1533-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-5740", "CVE-2018-5745", "CVE-2018-5743", "CVE-2019-6465"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852553", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852553\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2018-5740\", \"CVE-2018-5743\", \"CVE-2018-5745\", \"CVE-2019-6465\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 02:01:53 +0000 (Tue, 11 Jun 2019)\");\n script_name(\"openSUSE: Security Advisory for bind (openSUSE-SU-2019:1533-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1533-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-06/msg00027.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the openSUSE-SU-2019:1533-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for bind fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not\n be properly applied to Dynamically Loadable Zones (bsc#1126069).\n\n - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor\n rolls over to an unsupported key algorithm when using managed-keys\n (bsc#1126068).\n\n - CVE-2018-5743: Fixed a denial of service vulnerability which could be\n caused by to many simultaneous TCP connections (bsc#1133185).\n\n - CVE-2018-5740: Fixed a denial of service vulnerability in the\n 'deny-answer-aliases' feature (bsc#1104129).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1533=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1533=1\");\n\n script_tag(name:\"affected\", value:\"'bind' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debuginfo\", rpm:\"bind-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-debugsource\", rpm:\"bind-debugsource~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd\", rpm:\"bind-lwresd~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-lwresd-debuginfo\", rpm:\"bind-lwresd-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-utils-debuginfo\", rpm:\"bind-utils-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbind9-160\", rpm:\"libbind9-160~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbind9-160-debuginfo\", rpm:\"libbind9-160-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdns169\", rpm:\"libdns169~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdns169-debuginfo\", rpm:\"libdns169-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libirs-devel\", rpm:\"libirs-devel~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libirs160\", rpm:\"libirs160~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libirs160-debuginfo\", rpm:\"libirs160-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisc166\", rpm:\"libisc166~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisc166-debuginfo\", rpm:\"libisc166-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccc160\", rpm:\"libisccc160~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccc160-debuginfo\", rpm:\"libisccc160-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccfg160\", rpm:\"libisccfg160~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccfg160-debuginfo\", rpm:\"libisccfg160-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblwres160\", rpm:\"liblwres160~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblwres160-debuginfo\", rpm:\"liblwres160-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-bind\", rpm:\"python3-bind~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"bind-devel-32bit\", rpm:\"bind-devel-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbind9-160-32bit\", rpm:\"libbind9-160-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libbind9-160-32bit-debuginfo\", rpm:\"libbind9-160-32bit-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdns169-32bit\", rpm:\"libdns169-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libdns169-32bit-debuginfo\", rpm:\"libdns169-32bit-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libirs160-32bit\", rpm:\"libirs160-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libirs160-32bit-debuginfo\", rpm:\"libirs160-32bit-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisc166-32bit\", rpm:\"libisc166-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisc166-32bit-debuginfo\", rpm:\"libisc166-32bit-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccc160-32bit\", rpm:\"libisccc160-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccc160-32bit-debuginfo\", rpm:\"libisccc160-32bit-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccfg160-32bit\", rpm:\"libisccfg160-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libisccfg160-32bit-debuginfo\", rpm:\"libisccfg160-32bit-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblwres160-32bit\", rpm:\"liblwres160-32bit~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"liblwres160-32bit-debuginfo\", rpm:\"liblwres160-32bit-debuginfo~9.11.2~lp150.8.13.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:18:25", "description": "\nA vulnerability was found in the Bind DNS Server. Limits on\nsimultaneous tcp connections have not been enforced correctly and could\nlead to exhaustion of file descriptors. In the worst case this could\naffect the file descriptors of the whole system.\n\n\nFor Debian 8 Jessie, this problem has been fixed in version\n1:9.9.5.dfsg-9+deb8u18.\n\n\nWe recommend that you upgrade your bind9 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-21T00:00:00", "type": "osv", "title": "bind9 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2022-07-21T05:52:44", "id": "OSV:DLA-1859-1", "href": "https://osv.dev/vulnerability/DLA-1859-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-21T08:23:24", "description": "\nMultiple vulnerabilities were found in the BIND DNS server:\n\n\n* [CVE-2018-5743](https://security-tracker.debian.org/tracker/CVE-2018-5743)\nConnection limits were incorrectly enforced.\n* [CVE-2018-5745](https://security-tracker.debian.org/tracker/CVE-2018-5745)\nThe \"managed-keys\" feature was susceptible to denial of service by\n triggering an assert.\n* [CVE-2019-6465](https://security-tracker.debian.org/tracker/CVE-2019-6465)\nACLs for zone transfers were incorrectly enforced for dynamically\n loadable zones (DLZs).\n\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u5.\n\n\nWe recommend that you upgrade your bind9 packages.\n\n\nFor the detailed security status of bind9 please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/bind9](https://security-tracker.debian.org/tracker/bind9)\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-09T00:00:00", "type": "osv", "title": "bind9 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5745", "CVE-2018-5743", "CVE-2019-6465"], "modified": "2022-07-21T05:50:10", "id": "OSV:DSA-4440-1", "href": "https://osv.dev/vulnerability/DSA-4440-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:00", "description": "[32:9.8.2-0.68.rc1.3]\n- Use only selected documentation files\n[32:9.8.2-0.68.rc1.2]\n- Fix CVE-2018-5743", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-06-18T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-06-18T00:00:00", "id": "ELSA-2019-1492", "href": "http://linux.oracle.com/errata/ELSA-2019-1492.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:24:44", "description": "[32:9.11.4-17.P2]\n- Fix inefective limit of TCP clients (CVE-2018-5743)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-07-30T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-07-30T00:00:00", "id": "ELSA-2019-1145", "href": "http://linux.oracle.com/errata/ELSA-2019-1145.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:24:28", "description": "[32:9.9.4-74.1]\n- Remove again broken test (CVE-2018-5743)\n[32:9.9.4-74]\n- Fix CVE-2018-5743", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-05-30T00:00:00", "type": "oraclelinux", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-30T00:00:00", "id": "ELSA-2019-1294", "href": "http://linux.oracle.com/errata/ELSA-2019-1294.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-07-28T14:25:14", "description": "[32:9.11.4-9.P2]\n- Fix CVE-2019-6471\n[32:9.11.4-8.P2]\n- Fix scriptlet errors when selinux-policy is not installed (#1647659)\n[32:9.11.4-7.P2]\n- Fix inefective limit of TCP clients (CVE-2018-5743)\n[32:9.11.4-6.P2]\n- Use /sbin/nologin again (#1676661)\n[32:9.11.4-5.P2]\n- Make sure selinux-policy is installed soon enough (#1647659)\n[32:9.11.4-4.P2]\n- Disable custom random generator for export libs (#1685940)\n[32:9.11.4-3.P2]\n- Fix memory handling in zone2ldap tool\n[32:9.11.4-2.P2]\n- Move dnssec utilities back to bind package\n- Remove separate python-bind package\n[32:9.11.4-1.P2]\n- Rebase features patches\n- Disable autodetected eddsa algorithm ED448\n- Add versioned depends to all library subpackages\n- Fix multilib conflict of devel packages", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-08-13T00:00:00", "type": "oraclelinux", "title": "bind security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5741", "CVE-2018-5743", "CVE-2019-6471"], "modified": "2019-08-13T00:00:00", "id": "ELSA-2019-2057", "href": "http://linux.oracle.com/errata/ELSA-2019-2057.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ibm": [{"lastseen": "2022-06-28T22:13:56", "description": "## Summary\n\nISC BIND is vulnerable to this security vulnerability. IBM i has addressed this vulnerability.\n\n## Vulnerability Details\n\n**** **CVEID:** [CVE-2018-5743](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743>) \n**DESCRIPTION:** ISC BIND is vulnerable to a denial of service, caused by a flaw when setting the TCP client quota using the tcp-clients option. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the exhaustion of file descriptors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160127> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2, 7.3, and 7.4 of IBM i are affected.\n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to IBM i. \nReleases 7.1, 7.2, 7.3, and 7.4 of IBM i are supported and will be fixed.\n\nThe IBM i PTF numbers are: \n**Release 7.1 \u2013 SI69882 \nRelease 7.2 \u2013 SI69883 \nRelease 7.3 \u2013 SI69885 \nRelease 7.4 \u2013 SI69886**\n\n<https://www-945.ibm.com/support/fixcentral/>\n\n**Important note: **_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n17 June 2019: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Type\":\"MASTER\",\"Line of Business\":{\"code\":\"LOB57\",\"label\":\"Power\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SWG60\",\"label\":\"IBM i\"},\"Platform\":[{\"code\":\"PF012\",\"label\":\"IBM i\"}],\"Version\":\"7.1.0\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2018-5743", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-18T14:26:38", "id": "05DE1EFB30D692110AB36D7BB5C4B38E9ABAD670DF4D0E8931A22F173557C1C5", "href": "https://www.ibm.com/support/pages/node/883384", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-28T22:11:46", "description": "## Summary\n\nAT&T has released versions 1801-z for the Vyatta 5600. \n \nDetails of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-3863](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863>) \n**DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in user authenticate keyboard interactive. By sending a specially crafted message, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158347> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-3862](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862>) \n**DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with an exit status message and no payload. By sending specially crafted SSH_MSG_CHANNEL_REQUEST packets, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158346> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3861](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861>) \n**DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with a padding length value greater than the packet length. By sending a specially crafted SSH packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158345> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3860](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860>) \n**DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with empty payloads. By sending a specially crafted SFTP packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158344> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3859](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859>) \n**DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read in the _libssh2_packet_require and _libssh2_packet_requirev functions. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158343> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3858](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858>) \n**DESCRIPTION: **libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read. By sending a specially crafted SFTP packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158342> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[CVE-2019-3857](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857>) \n**DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit signal message, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158341> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-3856](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856>) \n**DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in keyboard interactive handling. By sending a specially crafted request, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158340> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-3855](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855>) \n**DESCRIPTION: **libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in transport read. By sending specially crafted packets, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and execute arbitrary code on the client system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158339> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-6465](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465>) \n**DESCRIPTION: **ISC BIND could allow a remote attacker to obtain sensitive information, caused by the failure to properly apply controls for zone transfers to Dynamically Loadable Zones (DLZs) if the zones are writable. An attacker could exploit this vulnerability to request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157377> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-5745](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745>) \n**DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by an error in the managed-keys feature. By replacing a trust anchor's keys with keys which use an unsupported algorithm, a remote authenticated attacker could exploit this vulnerability to cause an assertion failure. \nCVSS Base Score: 4.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157386> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2018-5743](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743>) \n**DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a flaw when setting the TCP client quota using the tcp-clients option. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the exhaustion of file descriptors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160127> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-8325](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8325>) \n**DESCRIPTION: **RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the Gem::CommandManager#run function. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform escape sequence injection. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159624> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-8324](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8324>) \n**DESCRIPTION: **RubyGems could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of multi-line name. By persuading a victim to install a specially-crafted gem, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159623> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-8323](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8323>) \n**DESCRIPTION: **RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the Gem::UserInteraction#verbose function. By sending a specially-crafted API response, an attacker could exploit this vulnerability to perform escape sequence injection. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159622> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-8322](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8322>) \n**DESCRIPTION: **RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the gem owner command. By sending a specially-crafted API response, an attacker could exploit this vulnerability to perform escape sequence injection. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159621> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-8321](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8321>) \n**DESCRIPTION: **RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the Gem::UserInteraction#verbose function. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform escape sequence injection. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159619> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-8320](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8320>) \n**DESCRIPTION: **RubyGems could allow a remote attacker to traverse directories on the system, caused by improper validation of user-supplied input. An attacker could send a specially-crafted symlink request containing \"dot dot\" sequences (/../) to delete arbitrary directory on the system. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) \n \n**CVEID: **[CVE-2019-7317](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317>) \n**DESCRIPTION: **Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in the png_image_free function in the libpng library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161346> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nVRA - Vyatta 5600\n\n## Remediation/Fixes\n\nPlease contact IBM Cloud Support to request that the ISO for the 1801-z be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window).\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSH5QD\",\"label\":\"Vyatta 5600\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF004\",\"label\":\"Appliance\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-07-15T22:35:01", "type": "ibm", "title": "Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-z", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5745", "CVE-2019-3855", "CVE-2019-3856", "CVE-2019-3857", "CVE-2019-3858", "CVE-2019-3859", "CVE-2019-3860", "CVE-2019-3861", "CVE-2019-3862", "CVE-2019-3863", "CVE-2019-6465", "CVE-2019-7317", "CVE-2019-8320", "CVE-2019-8321", "CVE-2019-8322", "CVE-2019-8323", "CVE-2019-8324", "CVE-2019-8325"], "modified": "2019-07-15T22:35:01", "id": "E817E7CC83FE8715306D28C653DB646FDADE31AB5B2E6D0633EF4C1838CEC408", "href": "https://www.ibm.com/support/pages/node/887793", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:40:21", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-08T09:20:48", "type": "redhat", "title": "(RHSA-2019:2977) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-10-08T09:44:22", "id": "RHSA-2019:2977", "href": "https://access.redhat.com/errata/RHSA-2019:2977", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:36:48", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-05-13T04:52:40", "type": "redhat", "title": "(RHSA-2019:1145) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-13T05:00:55", "id": "RHSA-2019:1145", "href": "https://access.redhat.com/errata/RHSA-2019:1145", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:40", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-05-29T17:27:00", "type": "redhat", "title": "(RHSA-2019:1294) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-29T17:41:55", "id": "RHSA-2019:1294", "href": "https://access.redhat.com/errata/RHSA-2019:1294", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:40:06", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-09-10T10:02:50", "type": "redhat", "title": "(RHSA-2019:2698) Important: bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-09-10T10:34:29", "id": "RHSA-2019:2698", "href": "https://access.redhat.com/errata/RHSA-2019:2698", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2022-11-01T21:58:57", "description": "**Issue Overview:**\n\nA flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743) \n\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 bind-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-pkcs11-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-pkcs11-utils-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-pkcs11-libs-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-pkcs11-devel-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-sdb-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-libs-lite-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-libs-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-utils-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-devel-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-lite-devel-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-chroot-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-sdb-chroot-9.9.4-74.amzn2.1.2.aarch64 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.9.4-74.amzn2.1.2.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 bind-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-pkcs11-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-pkcs11-utils-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-pkcs11-libs-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-pkcs11-devel-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-sdb-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-libs-lite-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-libs-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-utils-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-devel-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-lite-devel-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-chroot-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-sdb-chroot-9.9.4-74.amzn2.1.2.i686 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.9.4-74.amzn2.1.2.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 bind-license-9.9.4-74.amzn2.1.2.noarch \n \n src: \n \u00a0\u00a0\u00a0 bind-9.9.4-74.amzn2.1.2.src \n \n x86_64: \n \u00a0\u00a0\u00a0 bind-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-utils-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-libs-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-pkcs11-devel-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-sdb-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-libs-lite-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-libs-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-utils-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-devel-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-lite-devel-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-chroot-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-sdb-chroot-9.9.4-74.amzn2.1.2.x86_64 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.9.4-74.amzn2.1.2.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-5743](<https://access.redhat.com/security/cve/CVE-2018-5743>)\n\nMitre: [CVE-2018-5743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-25T21:06:00", "type": "amazon", "title": "Important: bind", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-07-01T21:56:00", "id": "ALAS2-2019-1231", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1231.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-11-01T23:31:38", "description": "**Issue Overview:**\n\nA flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone journal files. In cases where the named process is not limited by OS-enforced per-process limits, this could additionally potentially lead to exhaustion of all available free file descriptors on that system. (CVE-2018-5743)\n\n \n**Affected Packages:** \n\n\nbind\n\n \n**Issue Correction:** \nRun _yum update bind_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 bind-9.8.2-0.68.rc1.60.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-utils-9.8.2-0.68.rc1.60.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-libs-9.8.2-0.68.rc1.60.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-chroot-9.8.2-0.68.rc1.60.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-devel-9.8.2-0.68.rc1.60.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-sdb-9.8.2-0.68.rc1.60.amzn1.i686 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.8.2-0.68.rc1.60.amzn1.i686 \n \n src: \n \u00a0\u00a0\u00a0 bind-9.8.2-0.68.rc1.60.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 bind-chroot-9.8.2-0.68.rc1.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-debuginfo-9.8.2-0.68.rc1.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-sdb-9.8.2-0.68.rc1.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-9.8.2-0.68.rc1.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-devel-9.8.2-0.68.rc1.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-utils-9.8.2-0.68.rc1.60.amzn1.x86_64 \n \u00a0\u00a0\u00a0 bind-libs-9.8.2-0.68.rc1.60.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2018-5743](<https://access.redhat.com/security/cve/CVE-2018-5743>)\n\nMitre: [CVE-2018-5743](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-17T23:52:00", "type": "amazon", "title": "Important: bind", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-07-25T18:46:00", "id": "ALAS-2019-1244", "href": "https://alas.aws.amazon.com/ALAS-2019-1244.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "slackware": [{"lastseen": "2021-07-28T14:46:48", "description": "New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz: Upgraded.\n This update fixes a security issue:\n The TCP client quota set using the tcp-clients option could be exceeded\n in some cases. This could lead to exhaustion of file descriptors.\n For more information, see:\n https://kb.isc.org/docs/cve-2018-5743\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.11.6_P1-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.11.6_P1-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.14.1-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.14.1-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nd6835a3a22d339df9ca0afd5ab8561bc bind-9.11.6_P1-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n892265f47674a12362bf821dab2cc9fa bind-9.11.6_P1-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n4c55681ae3fb61df7d1af3c92fc53db5 bind-9.11.6_P1-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n932435bf42a652149c5d7a68267696f1 bind-9.11.6_P1-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n65779b9f25e221aa3bb1726e331218d4 bind-9.11.6_P1-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\na6b8c6ea2b4abd53b9cb21a77ffc93b7 bind-9.11.6_P1-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nc1f720dd751a405a60b8e6b59dcb3279 n/bind-9.14.1-i586-1.txz\n\nSlackware x86_64 -current package:\n65a617602a5e83d626d1a7045f346cf4 n/bind-9.14.1-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.11.6_P1-i586-1_slack14.2.txz\n\nThen, restart the name server:\n\n > /etc/rc.d/rc.bind restart", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-04-26T19:33:44", "type": "slackware", "title": "[slackware-security] bind", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-04-26T19:33:44", "id": "SSA-2019-116-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.433443", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:40:51", "description": "By design, BIND is intended to limit the number of TCP clients that can be\nconnected at any given time. The number of allowed connections is a tunable\nparameter which, if unset, defaults to a conservative value for most\nservers. Unfortunately, the code which was intended to limit the number of\nsimultaneous connections contained an error which could be exploited to\ngrow the number of simultaneous connections beyond this limit. Versions\naffected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4,\n9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3,\nand 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are\nalso affected. Versions prior to BIND 9.9.0 have not been evaluated for\nvulnerability to CVE-2018-5743.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-24T00:00:00", "type": "ubuntucve", "title": "CVE-2018-5743", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-04-24T00:00:00", "id": "UB:CVE-2018-5743", "href": "https://ubuntu.com/security/CVE-2018-5743", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2022-03-17T19:01:53", "description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-10-09T16:15:00", "type": "alpinelinux", "title": "CVE-2018-5743", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-18T18:15:00", "id": "ALPINE:CVE-2018-5743", "href": "https://security.alpinelinux.org/vuln/CVE-2018-5743", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:18", "description": "\nF5 Product Development has assigned ID 757023, 794413 (BIG-IP), ID 758914 (BIG-IQ), and ID 758915 (F5 iWorkflow) to this vulnerability. Additionally, [F5 iHealth](<https://www.f5.com/services/support/support-offerings/big-ip-ihealth-diagnostic-tool>) may list Heuristic H74009656 on the **Diagnostics** > **Identified** > **High** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 15.x | 15.0.0 | 15.1.0 \n15.0.1 | High | [7.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H>) | **named** \n14.x | 14.0.0 - 14.1.0 | 14.1.0.6 \n14.0.0.5 \n13.x | 13.0.0 - 13.1.1 | 13.1.3 \n12.x | 12.1.0 - 12.1.4 | 12.1.5 \n11.x | 11.5.2 - 11.6.5 | 11.6.5.1 \nEnterprise Manager | 3.x | 3.1.1 | None | Low | [2.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L>) | **named** \nBIG-IQ Centralized Management | 6.x | 6.0.0 - 6.1.0 | None | Low | [2.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L>) | **named** \n5.x | 5.0.0 - 5.4.0 | None \nF5 iWorkflow | 2.x | 2.3.0 | None | Low | [2.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L>) | **named** \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nF5 will not develop a fix for vulnerable products that do not already have a fixed version listed in this article, and will not update this table with subsequent vulnerable releases in the associated branches. F5 recommends that you update to more recent, non-vulnerable versions whenever feasible. For more information, refer to [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-04-25T07:30:00", "type": "f5", "title": "BIND vulnerability CVE-2018-5743", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-12T18:35:00", "id": "F5:K74009656", "href": "https://support.f5.com/csp/article/K74009656", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:41:26", "description": "**CentOS Errata and Security Advisory** CESA-2019:1294\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2019-June/072796.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-libs-lite\nbind-license\nbind-lite-devel\nbind-pkcs11\nbind-pkcs11-devel\nbind-pkcs11-libs\nbind-pkcs11-utils\nbind-sdb\nbind-sdb-chroot\nbind-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2019:1294", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-10T22:35:34", "type": "centos", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-06-10T22:35:34", "id": "CESA-2019:1294", "href": "https://lists.centos.org/pipermail/centos-announce/2019-June/072796.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-01T04:41:27", "description": "**CentOS Errata and Security Advisory** CESA-2019:1492\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nSecurity Fix(es):\n\n* bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2019-June/072806.html\n\n**Affected packages:**\nbind\nbind-chroot\nbind-devel\nbind-libs\nbind-sdb\nbind-utils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2019:1492", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-19T00:17:58", "type": "centos", "title": "bind security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-06-19T00:17:58", "id": "CESA-2019:1492", "href": "https://lists.centos.org/pipermail/centos-announce/2019-June/072806.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-10-22T12:48:20", "description": "Package : bind9\nVersion : 1:9.9.5.dfsg-9+deb8u18\nCVE ID : CVE-2018-5743\n\n\n\nA vulnerability was found in the Bind DNS Server. Limits on \nsimultaneous tcp connections have not been enforced correctly and could \nlead to exhaustion of file descriptors. In the worst case this could \naffect the file descriptors of the whole system.\n\n\n\nFor Debian 8 "Jessie", this problem has been fixed in version \n1:9.9.5.dfsg-9+deb8u18.\n\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-07-21T21:06:53", "type": "debian", "title": "[SECURITY] [DLA 1859-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-07-21T21:06:53", "id": "DEBIAN:DLA-1859-1:5A253", "href": "https://lists.debian.org/debian-lts-announce/2019/07/msg00019.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-03-26T13:19:37", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4440-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nMay 09, 2019 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nCVE ID : CVE-2018-5743 CVE-2018-5745 CVE-2019-6465\n\nMultiple vulnerabilities were found in the BIND DNS server:\n\nCVE-2018-5743\n\n Connection limits were incorrectly enforced.\n\nCVE-2018-5745\n\n The "managed-keys" feature was susceptible to denial of service by\n triggering an assert.\n\nCVE-2019-6465\n\n ACLs for zone transfers were incorrectly enforced for dynamically\n loadable zones (DLZs).\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:9.10.3.dfsg.P4-12.3+deb9u5.\n\nWe recommend that you upgrade your bind9 packages.\n\nFor the detailed security status of bind9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/bind9\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-09T20:23:59", "type": "debian", "title": "[SECURITY] [DSA 4440-1] bind9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2019-05-09T20:23:59", "id": "DEBIAN:DSA-4440-1:DE2A1", "href": "https://lists.debian.org/debian-security-announce/2019/msg00084.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T12:58:15", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n\n## Packages\n\n * bind9 \\- Internet Domain Name Server\n\nUSN-3956-1 fixed a vulnerability in Bind. This update provides \nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.\n\nOriginal advisory details:\n\nIt was discovered that Bind incorrectly handled limiting the number of \nsimultaneous TCP clients. A remote attacker could possibly use this issue \nto cause Bind to consume resources, leading to a denial of service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-05-09T00:00:00", "type": "ubuntu", "title": "Bind vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-05-09T00:00:00", "id": "USN-3956-2", "href": "https://ubuntu.com/security/notices/USN-3956-2", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-26T15:47:17", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.10 \n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * bind9 \\- Internet Domain Name Server\n\nIt was discovered that Bind incorrectly handled limiting the number of \nsimultaneous TCP clients. A remote attacker could possibly use this issue \nto cause Bind to consume resources, leading to a denial of service.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-04-25T00:00:00", "type": "ubuntu", "title": "Bind vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-04-25T00:00:00", "id": "USN-3956-1", "href": "https://ubuntu.com/security/notices/USN-3956-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-01-29T06:04:23", "description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-09T16:15:00", "type": "debiancve", "title": "CVE-2018-5743", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-10-09T16:15:00", "id": "DEBIANCVE:CVE-2018-5743", "href": "https://security-tracker.debian.org/tracker/CVE-2018-5743", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-11-05T15:08:06", "description": "By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-09T16:15:00", "type": "cve", "title": "CVE-2018-5743", "cwe": ["CWE-770"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743"], "modified": "2019-12-18T18:15:00", "cpe": ["cpe:/a:f5:big-ip_policy_enforcement_manager:14.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:12.1.4", "cpe:/a:f5:big-iq_centralized_management:5.4.0", "cpe:/a:f5:big-ip_global_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_local_traffic_manager:13.1.1", "cpe:/a:f5:big-ip_application_acceleration_manager:15.0.0", "cpe:/a:f5:big-ip_domain_name_system:13.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:13.1.1", "cpe:/a:f5:big-ip_edge_gateway:11.6.5", "cpe:/a:f5:big-ip_domain_name_system:14.1.0", "cpe:/a:f5:big-iq_centralized_management:6.1.0", "cpe:/a:f5:iworkflow:2.3.0", "cpe:/a:f5:big-ip_application_security_manager:15.0.0", "cpe:/a:f5:big-ip_link_controller:13.1.1", "cpe:/a:isc:bind:9.14.0", "cpe:/a:f5:big-ip_local_traffic_manager:12.1.4", "cpe:/a:f5:big-ip_application_security_manager:11.6.5", "cpe:/a:f5:big-ip_edge_gateway:13.1.1", "cpe:/a:f5:enterprise_manager:3.1.1", "cpe:/a:f5:big-ip_local_traffic_manager:15.0.0", "cpe:/a:f5:big-ip_application_security_manager:13.1.1", "cpe:/a:f5:big-ip_fraud_protection_service:13.1.1", "cpe:/a:f5:big-ip_webaccelerator:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:14.1.0", "cpe:/a:f5:big-ip_link_controller:12.1.4", "cpe:/a:f5:big-ip_edge_gateway:14.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.5", "cpe:/a:f5:big-ip_domain_name_system:15.0.0", "cpe:/a:isc:bind:9.11.5", "cpe:/a:f5:big-ip_access_policy_manager:13.1.1", "cpe:/a:f5:big-ip_edge_gateway:15.0.0", "cpe:/a:f5:big-ip_link_controller:11.6.5", "cpe:/a:f5:big-ip_application_acceleration_manager:12.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:14.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:15.0.0", "cpe:/a:isc:bind:9.13.7", "cpe:/a:f5:big-ip_access_policy_manager:11.6.5", "cpe:/a:f5:big-ip_global_traffic_manager:13.1.1", "cpe:/a:isc:bind:9.11.6", "cpe:/a:isc:bind:9.12.4", "cpe:/a:f5:big-ip_webaccelerator:13.1.1", "cpe:/a:f5:big-ip_webaccelerator:11.6.5", "cpe:/a:f5:big-ip_link_controller:15.0.0", "cpe:/a:f5:big-ip_application_security_manager:14.1.1", "cpe:/a:isc:bind:9.10.8", "cpe:/a:f5:big-ip_access_policy_manager:12.1.4", "cpe:/a:f5:big-ip_webaccelerator:14.1.0", "cpe:/a:f5:big-ip_fraud_protection_service:11.6.5", "cpe:/a:f5:big-ip_application_security_manager:12.1.4", "cpe:/a:isc:bind:9.9.3", "cpe:/a:f5:big-ip_local_traffic_manager:14.1.0", "cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.5", "cpe:/a:f5:big-ip_local_traffic_manager:11.6.5", "cpe:/a:f5:big-ip_advanced_firewall_manager:13.1.1", "cpe:/a:f5:big-ip_policy_enforcement_manager:12.1.4", "cpe:/a:f5:big-ip_link_controller:14.1.0", "cpe:/a:f5:big-ip_domain_name_system:12.1.4", "cpe:/a:f5:big-ip_advanced_firewall_manager:12.1.4", "cpe:/a:f5:big-ip_analytics:13.1.1", "cpe:/a:f5:big-ip_analytics:14.1.0", "cpe:/a:f5:big-ip_application_acceleration_manager:13.1.1", "cpe:/a:f5:big-ip_analytics:15.0.0", "cpe:/a:f5:big-ip_global_traffic_manager:15.0.0", "cpe:/a:f5:big-ip_fraud_protection_service:14.1.0", "cpe:/a:f5:big-ip_edge_gateway:12.1.4", "cpe:/a:f5:big-ip_analytics:11.6.5", "cpe:/a:f5:big-ip_fraud_protection_service:15.0.0", "cpe:/a:f5:big-ip_application_acceleration_manager:11.6.5", "cpe:/a:f5:big-ip_access_policy_manager:15.0.0", "cpe:/a:f5:big-ip_global_traffic_manager:11.6.5", "cpe:/a:f5:big-ip_access_policy_manager:14.1.0", "cpe:/a:f5:big-ip_domain_name_system:11.6.5", "cpe:/a:f5:big-ip_analytics:12.1.4", "cpe:/a:f5:big-ip_global_traffic_manager:14.1.0", "cpe:/a:f5:big-ip_policy_enforcement_manager:15.0.0", "cpe:/a:f5:big-ip_webaccelerator:12.1.4"], "id": "CVE-2018-5743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5743", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:f5:big-ip_analytics:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.13.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.6:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-iq_centralized_management:5.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:14.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.11.5:s5:*:*:supported_preview:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:isc:bind:9.14.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_fraud_protection_service:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_analytics:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-iq_centralized_management:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:iworkflow:2.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:14.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:11.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_domain_name_system:13.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:14.1.0:*:*:*:*:*:*:*"]}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated bind packages fix security vulnerabilities Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) In addition to those two security issues, this package releases also fixes two additional issues: \\- a missing conflict tag between old bind and bnew ind-utils subpackages, preventing upgrade due to a file conflict \\- missing root.key file, despite this one being refered in default configuration \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-23T21:06:40", "type": "mageia", "title": "Updated bind packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2019-6471"], "modified": "2019-10-23T21:06:39", "id": "MGASA-2019-0299", "href": "https://advisories.mageia.org/MGASA-2019-0299.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cisa": [{"lastseen": "2021-02-24T18:07:11", "description": "The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.\n\nThe Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for [CVE-2018-5743](<https://kb.isc.org/docs/cve-2018-5743>), [CVE-2019-6467](<https://kb.isc.org/docs/cve-2019-6467>), and [CVE-2019-6468](<https://kb.isc.org/docs/cve-2019-6468>) and apply the necessary updates.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2019/04/25/ICS-Releases-BIND-Security-Updates>); we'd welcome your feedback.\n", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-04-25T00:00:00", "type": "cisa", "title": "ISC Releases BIND Security Updates", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2019-6467", "CVE-2019-6468"], "modified": "2019-04-25T00:00:00", "id": "CISA:31A9423F65C396263BEB65CAE22F1B69", "href": "https://us-cert.cisa.gov/ncas/current-activity/2019/04/25/ICS-Releases-BIND-Security-Updates", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2022-04-18T12:41:57", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for bind fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not\n be properly applied to Dynamically Loadable Zones (bsc#1126069).\n - CVE-2018-5745: Fixed a denial of service vulnerability if a trust anchor\n rolls over to an unsupported key algorithm when using managed-keys\n (bsc#1126068).\n - CVE-2018-5743: Fixed a denial of service vulnerability which could be\n caused by to many simultaneous TCP connections (bsc#1133185).\n - CVE-2018-5740: Fixed a denial of service vulnerability in the\n \"deny-answer-aliases\" feature (bsc#1104129).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2019-1533=1\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2019-1533=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-10T00:00:00", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2019-06-10T00:00:00", "id": "OPENSUSE-SU-2019:1533-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DP6CCQYSAQ2GWBMKJAVZIUX7ZUNRET73/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-04-18T12:41:57", "description": "An update that fixes four vulnerabilities is now available.\n\nDescription:\n\n This update for bind fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-5740: Fixed a denial of service vulnerability in the\n \"deny-answer-aliases\" feature (bsc#1104129).\n - CVE-2019-6465: Fixed an issue where controls for zone transfers may not\n be properly applied to Dynamically Loadable Zones (bsc#1126069).\n - CVE-2018-5745: An assertion failure can occur if a trust anchor rolls\n over to an unsupported key algorithm when using managed-keys.\n (bsc#1126068)\n - CVE-2018-5743: Limiting simultaneous TCP clients is ineffective.\n (bsc#1133185)\n\n This update was imported from the SUSE:SLE-12-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2019-1532=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-06-10T00:00:00", "type": "suse", "title": "Security update for bind (important)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5740", "CVE-2018-5743", "CVE-2018-5745", "CVE-2019-6465"], "modified": "2019-06-10T00:00:00", "id": "OPENSUSE-SU-2019:1532-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WBUJIKMVSVPU6MG5ID545Q4TTTFQ5HN5/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2022-05-12T18:24:47", "description": "Updates of ['bindutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-30T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2019-0199", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471", "CVE-2019-6475", "CVE-2019-6476"], "modified": "2019-12-30T00:00:00", "id": "PHSA-2019-0199", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-199", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T18:49:58", "description": "Updates of ['bindutils', 'sqlite'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-18T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0049", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-19925", "CVE-2019-20218", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6471"], "modified": "2020-01-18T00:00:00", "id": "PHSA-2020-0049", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-49", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:05:12", "description": "Updates of ['sudo', 'dbus', 'sqlite-autoconf', 'apache-tomcat', 'yarn', 'go', 'openssl', 'bindutils', 'kubernetes'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2020-0264", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5743", "CVE-2018-5744", "CVE-2018-5745", "CVE-2019-10773", "CVE-2019-11253", "CVE-2019-12418", "CVE-2019-12749", "CVE-2019-1551", "CVE-2019-16276", "CVE-2019-17563", "CVE-2019-17596", "CVE-2019-19232", "CVE-2019-19234", "CVE-2019-19317", "CVE-2019-19603", "CVE-2019-19645", "CVE-2019-19646", "CVE-2019-19880", "CVE-2019-20218", "CVE-2019-6465", "CVE-2019-6467", "CVE-2019-6468", "CVE-2019-6469", "CVE-2019-6471"], "modified": "2020-01-15T00:00:00", "id": "PHSA-2020-0264", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-264", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}