DATABASE RESOURCES PRICING ABOUT US

{"id": "RHSA-2022:0632", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2022:0632) Moderate: unbound security update", "description": "The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n* unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n* unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n* unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n* unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n* unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n* unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n* unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n* unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n* unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n* unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2022-02-22T14:34:04", "modified": "2022-02-22T14:43:51", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2022:0632", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "immutableFields": [], "lastseen": "2022-02-22T16:19:43", "viewCount": 25, "enchantments": {"backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1853"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-28935"]}, {"type": "amazon", "idList": ["ALAS2-2021-1683"]}, {"type": "archlinux", "idList": ["ASA-202012-17", "ASA-202012-18"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:EF66FE5FEBE8216F66D049B74386E613"]}, {"type": "cve", "idList": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2556-1:967CA", "DEBIAN:DLA-2652-1:FFCF4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-28935"]}, {"type": "freebsd", "idList": ["388EBB5B-3C95-11EB-929D-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202101-38"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1683.NASL", "CENTOS8_RHSA-2021-1853.NASL", "DEBIAN_DLA-2556.NASL", "EULEROS_SA-2021-1176.NASL", "EULEROS_SA-2021-1857.NASL", "EULEROS_SA-2021-2124.NASL", "EULEROS_SA-2021-2172.NASL", "EULEROS_SA-2021-2175.NASL", "EULEROS_SA-2021-2210.NASL", "FREEBSD_PKG_388EBB5B3C9511EB929DD4C9EF517024.NASL", "GENTOO_GLSA-202101-38.NASL", "OPENSUSE-2020-2222.NASL", "ORACLELINUX_ELSA-2021-1853.NASL", "PHOTONOS_PHSA-2021-1_0-0362_UNBOUND.NASL", "PHOTONOS_PHSA-2021-1_0-0390_UNBOUND.NASL", "PHOTONOS_PHSA-2021-2_0-0320_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0197_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0236_UNBOUND.NASL", "REDHAT-RHSA-2021-1853.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1853"]}, {"type": "photon", "idList": ["PHSA-2021-0320", "PHSA-2021-0342", "PHSA-2021-0362", "PHSA-2021-0390", "PHSA-2021-1.0-0362", "PHSA-2021-1.0-0390", "PHSA-2021-2.0-0320", "PHSA-2021-3.0-0197", "PHSA-2021-3.0-0236"]}, {"type": "redhat", "idList": ["RHSA-2021:2461"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-28935"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2222-1"]}, {"type": "ubuntu", "idList": ["USN-4938-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-25032", "UB:CVE-2019-25034", "UB:CVE-2019-25035", "UB:CVE-2019-25036", "UB:CVE-2019-25037", "UB:CVE-2019-25038", "UB:CVE-2019-25039", "UB:CVE-2019-25040", "UB:CVE-2019-25041", "UB:CVE-2019-25042"]}]}, "score": {"value": 3.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:1853"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-28935"]}, {"type": "amazon", "idList": ["ALAS2-2021-1683"]}, {"type": "archlinux", "idList": ["ASA-202012-17", "ASA-202012-18"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:EF66FE5FEBE8216F66D049B74386E613"]}, {"type": "cve", "idList": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2556-1:967CA", "DEBIAN:DLA-2652-1:FFCF4"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-25032", "DEBIANCVE:CVE-2019-25034", "DEBIANCVE:CVE-2019-25035", "DEBIANCVE:CVE-2019-25036", "DEBIANCVE:CVE-2019-25037", "DEBIANCVE:CVE-2019-25038", "DEBIANCVE:CVE-2019-25039", "DEBIANCVE:CVE-2019-25040", "DEBIANCVE:CVE-2019-25041", "DEBIANCVE:CVE-2019-25042", "DEBIANCVE:CVE-2020-28935"]}, {"type": "freebsd", "idList": ["388EBB5B-3C95-11EB-929D-D4C9EF517024"]}, {"type": "gentoo", "idList": ["GLSA-202101-38"]}, {"type": "mageia", "idList": ["MGASA-2021-0154"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1683.NASL", "CENTOS8_RHSA-2021-1853.NASL", "DEBIAN_DLA-2556.NASL", "DEBIAN_DLA-2652.NASL", "EULEROS_SA-2021-1018.NASL", "EULEROS_SA-2021-1037.NASL", "EULEROS_SA-2021-1176.NASL", "EULEROS_SA-2021-1401.NASL", "EULEROS_SA-2021-1426.NASL", "EULEROS_SA-2021-1523.NASL", "EULEROS_SA-2021-1579.NASL", "EULEROS_SA-2021-1629.NASL", "EULEROS_SA-2021-1634.NASL", "EULEROS_SA-2021-1709.NASL", "EULEROS_SA-2021-1857.NASL", "EULEROS_SA-2021-2124.NASL", "EULEROS_SA-2021-2172.NASL", "EULEROS_SA-2021-2175.NASL", "EULEROS_SA-2021-2210.NASL", "EULEROS_SA-2021-2259.NASL", "EULEROS_SA-2021-2285.NASL", "EULEROS_SA-2021-2318.NASL", "EULEROS_SA-2021-2351.NASL", "EULEROS_SA-2021-2436.NASL", "EULEROS_SA-2021-2620.NASL", "EULEROS_SA-2021-2909.NASL", "EULEROS_SA-2022-1100.NASL", "EULEROS_SA-2022-1150.NASL", "FREEBSD_PKG_388EBB5B3C9511EB929DD4C9EF517024.NASL", "GENTOO_GLSA-202101-38.NASL", "NEWSTART_CGSL_NS-SA-2022-0064_UNBOUND.NASL", "OPENSUSE-2020-2222.NASL", "OPENSUSE-2022-0176-1.NASL", "ORACLELINUX_ELSA-2021-1853.NASL", "PHOTONOS_PHSA-2021-1_0-0362_UNBOUND.NASL", "PHOTONOS_PHSA-2021-1_0-0390_UNBOUND.NASL", "PHOTONOS_PHSA-2021-2_0-0320_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0197_UNBOUND.NASL", "PHOTONOS_PHSA-2021-3_0-0236_UNBOUND.NASL", "REDHAT-RHSA-2021-1853.NASL", "REDHAT-RHSA-2022-0632.NASL", "SUSE_SU-2022-0176-1.NASL", "SUSE_SU-2022-0176-2.NASL", "SUSE_SU-2022-0301-1.NASL", "UBUNTU_USN-4938-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-1853"]}, {"type": "osv", "idList": ["OSV:DLA-2556-1", "OSV:DLA-2652-1"]}, {"type": "photon", "idList": ["PHSA-2021-0197", "PHSA-2021-0236", "PHSA-2021-0320", "PHSA-2021-0342", "PHSA-2021-1.0-0362", "PHSA-2021-1.0-0390", "PHSA-2021-2.0-0320", "PHSA-2021-3.0-0197", "PHSA-2021-3.0-0236", "PHSA-2022-0441"]}, {"type": "redhat", "idList": ["RHSA-2021:1853", "RHSA-2021:2121", "RHSA-2021:2461", "RHSA-2021:2920", "RHSA-2021:3119"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-25032", "RH:CVE-2019-25034", "RH:CVE-2019-25035", "RH:CVE-2019-25036", "RH:CVE-2019-25037", "RH:CVE-2019-25038", "RH:CVE-2019-25039", "RH:CVE-2019-25040", "RH:CVE-2019-25041", "RH:CVE-2019-25042", "RH:CVE-2020-28935"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:2222-1", "OPENSUSE-SU-2022:0176-1"]}, {"type": "ubuntu", "idList": ["USN-4938-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-25032", "UB:CVE-2019-25033", "UB:CVE-2019-25034", "UB:CVE-2019-25035", "UB:CVE-2019-25036", "UB:CVE-2019-25037", "UB:CVE-2019-25038", "UB:CVE-2019-25039", "UB:CVE-2019-25040", "UB:CVE-2019-25041", "UB:CVE-2019-25042", "UB:CVE-2020-28935"]}, {"type": "veracode", "idList": ["VERACODE:28058", "VERACODE:30557", "VERACODE:30560", "VERACODE:30561", "VERACODE:30562", "VERACODE:30563", "VERACODE:30565", "VERACODE:30566", "VERACODE:30567", "VERACODE:30568", "VERACODE:30570"]}]}, "epss": [{"cve": "CVE-2019-25032", "epss": "0.001960000", "percentile": "0.557500000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25034", "epss": "0.001960000", "percentile": "0.557500000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25035", "epss": "0.001960000", "percentile": "0.557500000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25036", "epss": "0.000920000", "percentile": "0.378190000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25037", "epss": "0.000920000", "percentile": "0.378190000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25038", "epss": "0.001960000", "percentile": "0.557500000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25039", "epss": "0.001960000", "percentile": "0.557500000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25040", "epss": "0.000920000", "percentile": "0.378190000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25041", "epss": "0.000920000", "percentile": "0.378190000", "modified": "2023-03-17"}, {"cve": "CVE-2019-25042", "epss": "0.001960000", "percentile": "0.557500000", "modified": "2023-03-17"}, {"cve": "CVE-2020-28935", "epss": "0.000420000", "percentile": "0.056410000", "modified": "2023-03-17"}], "vulnersScore": 3.2}, "_state": {"dependencies": 1660032824, "score": 1660034202, "epss": 1679179052}, "_internal": {"score_hash": "32ddd141abb94e968ab7ac9b4b0d8d2c"}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-devel-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "unbound-devel"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "unbound-libs"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-debuginfo-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "unbound-libs-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-debuginfo-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "python3-unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "i686", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-debuginfo-1.7.3-12.el8_2.i686.rpm", "operator": "lt", "packageName": "unbound-libs-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "i686", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-debuginfo-1.7.3-12.el8_2.i686.rpm", "operator": "lt", "packageName": "python3-unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "python3-unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-debuginfo-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "python3-unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "i686", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debuginfo-1.7.3-12.el8_2.i686.rpm", "operator": "lt", "packageName": "unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-devel-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "unbound-devel"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debuginfo-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-debuginfo-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "unbound-libs-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "python3-unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "unbound-libs"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debuginfo-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "unbound-libs"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debuginfo-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-debuginfo-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "unbound-libs-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "python3-unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debugsource-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "unbound-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-debuginfo-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "unbound-libs-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-devel-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "unbound-devel"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debugsource-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "unbound-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-devel-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "unbound-devel"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-debuginfo-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "python3-unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debuginfo-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-1.7.3-12.el8_2.ppc64le.rpm", "operator": "lt", "packageName": "unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "i686", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-1.7.3-12.el8_2.i686.rpm", "operator": "lt", "packageName": "unbound-libs"}, {"OS": "RedHat", "OSVersion": "8", "arch": "i686", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-devel-1.7.3-12.el8_2.i686.rpm", "operator": "lt", "packageName": "unbound-devel"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debugsource-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "unbound-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-libs-1.7.3-12.el8_2.x86_64.rpm", "operator": "lt", "packageName": "unbound-libs"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-1.7.3-12.el8_2.s390x.rpm", "operator": "lt", "packageName": "python3-unbound"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debugsource-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "unbound-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "aarch64", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "python3-unbound-debuginfo-1.7.3-12.el8_2.aarch64.rpm", "operator": "lt", "packageName": "python3-unbound-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "i686", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-debugsource-1.7.3-12.el8_2.i686.rpm", "operator": "lt", "packageName": "unbound-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "1.7.3-12.el8_2", "packageFilename": "unbound-1.7.3-12.el8_2.src.rpm", "operator": "lt", "packageName": "unbound"}], "vendorCvss": {"severity": "moderate"}}

{"almalinux": [{"lastseen": "2021-08-11T15:48:32", "description": "The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n* unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n* unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n* unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n* unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n* unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n* unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n* unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n* unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n* unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n* unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-18T06:15:09", "type": "almalinux", "title": "Moderate: unbound security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-08-11T13:42:14", "id": "ALSA-2021:1853", "href": "https://errata.almalinux.org/8/ALSA-2021-1853.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:30", "description": "[1.7.3-15]\n- Fix SPEC file to not check md5 mtime and size of /var/lib/unbound/root.key\n- Resolves: rhbz#1714175\n- Use system-wide crypto policy setting (PROFILE=SYSTEM) instead of custom setting\n- Resolves: rhbz#1842837\n- Enable additional logging in unbound\n- Resolves: rhbz#1850460\n- security hardening from x41 report\n- Resolves: rhbz#1859933\n- symbolic link traversal when writing PID file\n- Resolves: rhbz#1899058", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-25T00:00:00", "type": "oraclelinux", "title": "unbound security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-05-25T00:00:00", "id": "ELSA-2021-1853", "href": "http://linux.oracle.com/errata/ELSA-2021-1853.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:36:32", "description": "The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n* unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n* unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n* unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n* unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n* unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n* unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n* unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n* unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n* unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n* unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-18T06:15:09", "type": "redhat", "title": "(RHSA-2021:1853) Moderate: unbound security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-05-18T11:34:55", "id": "RHSA-2021:1853", "href": "https://access.redhat.com/errata/RHSA-2021:1853", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:02", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site reliability\nengineers face as they work across a range of public and private cloud environments.\nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See\nthe following Release Notes documentation, which will be updated shortly for\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-16T15:19:08", "type": "redhat", "title": "(RHSA-2021:2461) Moderate: Red Hat Advanced Cluster Management 2.2.4 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13776", "CVE-2020-15358", "CVE-2020-24330", "CVE-2020-24331", "CVE-2020-24332", "CVE-2020-24977", "CVE-2020-25648", "CVE-2020-25692", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27170", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-28196", "CVE-2020-28362", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8648", "CVE-2020-8927", "CVE-2021-21309", "CVE-2021-21639", "CVE-2021-21640", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-27219", "CVE-2021-28092", "CVE-2021-28163", "CVE-2021-28165", "CVE-2021-28918", "CVE-2021-3114", "CVE-2021-3177", "CVE-2021-3326", "CVE-2021-3347", "CVE-2021-3501", "CVE-2021-3543"], "modified": "2021-06-16T15:19:59", "id": "RHSA-2021:2461", "href": "https://access.redhat.com/errata/RHSA-2021:2461", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:38:19", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization <version_number> images:\n\nRHEL-8-CNV-2.6\n\nhostpath-provisioner-container-v2.6.6-3\nvm-import-controller-container-v2.6.6-5\nvm-import-virtv2v-container-v2.6.6-5\nvm-import-operator-container-v2.6.6-5\nvirt-cdi-apiserver-container-v2.6.6-4\nvirt-cdi-controller-container-v2.6.6-4\nvirt-cdi-cloner-container-v2.6.6-4\nvirt-cdi-importer-container-v2.6.6-4\nvirt-cdi-uploadserver-container-v2.6.6-4\nvirt-cdi-uploadproxy-container-v2.6.6-4\nvirt-cdi-operator-container-v2.6.6-4\novs-cni-marker-container-v2.6.6-5\nkubevirt-ssp-operator-container-v2.6.6-5\nkubemacpool-container-v2.6.6-7\nkubevirt-vmware-container-v2.6.6-4\nkubevirt-kvm-info-nfd-plugin-container-v2.6.6-4\nkubevirt-cpu-model-nfd-plugin-container-v2.6.6-4\nkubevirt-cpu-node-labeller-container-v2.6.6-4\nvirtio-win-container-v2.6.6-4\nkubevirt-template-validator-container-v2.6.6-4\ncnv-containernetworking-plugins-container-v2.6.6-4\nnode-maintenance-operator-container-v2.6.6-4\nkubevirt-v2v-conversion-container-v2.6.6-4\ncluster-network-addons-operator-container-v2.6.6-4\novs-cni-plugin-container-v2.6.6-4\nbridge-marker-container-v2.6.6-4\nkubernetes-nmstate-handler-container-v2.6.6-7\nhyperconverged-cluster-webhook-container-v2.6.6-4\ncnv-must-gather-container-v2.6.6-16\nhyperconverged-cluster-operator-container-v2.6.6-4\nvirt-launcher-container-v2.6.6-7\nhostpath-provisioner-operator-container-v2.6.6-5\nvirt-api-container-v2.6.6-7\nvirt-handler-container-v2.6.6-7\nvirt-controller-container-v2.6.6-7\nvirt-operator-container-v2.6.6-7\nhco-bundle-registry-container-v2.6.6-70\n\nSecurity Fix(es):\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T13:16:13", "type": "redhat", "title": "(RHSA-2021:3119) Moderate: OpenShift Virtualization 2.6.6 Images security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-13012", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-9169", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-14344", "CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14347", "CVE-2020-14360", "CVE-2020-14361", "CVE-2020-14362", "CVE-2020-14363", "CVE-2020-15358", "CVE-2020-25659", "CVE-2020-25712", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-28196", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-36242", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-20201", "CVE-2021-20271", "CVE-2021-23239", "CVE-2021-23240", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-25217", "CVE-2021-27219", "CVE-2021-28211", "CVE-2021-3114", "CVE-2021-3177", "CVE-2021-32399", "CVE-2021-3326", "CVE-2021-33909", "CVE-2021-33910", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-3560"], "modified": "2021-08-10T13:16:44", "id": "RHSA-2021:3119", "href": "https://access.redhat.com/errata/RHSA-2021:3119", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:01", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following OpenShift Virtualization 4.8.0 images:\n\nRHEL-8-CNV-4.8\n==============\n\nkubevirt-template-validator-container-v4.8.0-9\nkubevirt-ssp-operator-container-v4.8.0-41\nvirt-cdi-uploadserver-container-v4.8.0-25\ncnv-must-gather-container-v4.8.0-50\nvirt-cdi-uploadproxy-container-v4.8.0-25\nvirt-cdi-cloner-container-v4.8.0-25\nvirt-cdi-apiserver-container-v4.8.0-25\nkubevirt-v2v-conversion-container-v4.8.0-10\nhostpath-provisioner-operator-container-v4.8.0-17\nhyperconverged-cluster-webhook-container-v4.8.0-62\nhyperconverged-cluster-operator-container-v4.8.0-62\nvirt-cdi-operator-container-v4.8.0-25\nvirt-cdi-importer-container-v4.8.0-25\nvirt-cdi-controller-container-v4.8.0-25\ncnv-containernetworking-plugins-container-v4.8.0-14\nkubemacpool-container-v4.8.0-22\novs-cni-plugin-container-v4.8.0-17\novs-cni-marker-container-v4.8.0-17\nbridge-marker-container-v4.8.0-17\ncluster-network-addons-operator-container-v4.8.0-28\nkubernetes-nmstate-handler-container-v4.8.0-21\nvirtio-win-container-v4.8.0-9\nkubevirt-vmware-container-v4.8.0-11\nhostpath-provisioner-container-v4.8.0-14\nnode-maintenance-operator-container-v4.8.0-19\nvirt-launcher-container-v4.8.0-67\nvm-import-virtv2v-container-v4.8.0-18\nvm-import-controller-container-v4.8.0-18\nvm-import-operator-container-v4.8.0-18\nvirt-handler-container-v4.8.0-67\nvirt-api-container-v4.8.0-67\nvirt-controller-container-v4.8.0-67\nvirt-operator-container-v4.8.0-67\nhco-bundle-registry-container-v4.8.0-451\n\nSecurity Fix(es):\n\n* golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-27T12:20:29", "type": "redhat", "title": "(RHSA-2021:2920) Moderate: OpenShift Virtualization 4.8.0 Images", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2019-13012", "CVE-2019-14866", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-13434", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-13776", "CVE-2020-14344", "CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14347", "CVE-2020-14360", "CVE-2020-14361", "CVE-2020-14362", "CVE-2020-14363", "CVE-2020-15358", "CVE-2020-24977", "CVE-2020-25659", "CVE-2020-25712", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-26541", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-27813", "CVE-2020-28196", "CVE-2020-28935", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-29652", "CVE-2020-36242", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-20201", "CVE-2021-20271", "CVE-2021-23239", "CVE-2021-23240", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-25217", "CVE-2021-27219", "CVE-2021-28211", "CVE-2021-29482", "CVE-2021-3114", "CVE-2021-3121", "CVE-2021-3177", "CVE-2021-33034", "CVE-2021-3326", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-3560"], "modified": "2021-07-27T12:21:10", "id": "RHSA-2021:2920", "href": "https://access.redhat.com/errata/RHSA-2021:2920", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:40:33", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-01T04:39:40", "type": "redhat", "title": "(RHSA-2021:2121) Moderate: OpenShift Container Platform 4.7.13 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2019-13012", "CVE-2019-14866", "CVE-2019-18811", "CVE-2019-19523", "CVE-2019-19528", "CVE-2019-25013", "CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2019-2708", "CVE-2019-3842", "CVE-2019-9169", "CVE-2020-0431", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11608", "CVE-2020-12114", "CVE-2020-12362", "CVE-2020-12464", "CVE-2020-13434", "CVE-2020-13543", "CVE-2020-13584", "CVE-2020-13776", "CVE-2020-14314", "CVE-2020-14344", "CVE-2020-14345", "CVE-2020-14346", "CVE-2020-14347", "CVE-2020-14356", "CVE-2020-14360", "CVE-2020-14361", "CVE-2020-14362", "CVE-2020-14363", "CVE-2020-15358", "CVE-2020-15437", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-24330", "CVE-2020-24331", "CVE-2020-24332", "CVE-2020-24394", "CVE-2020-24977", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25659", "CVE-2020-25704", "CVE-2020-25712", "CVE-2020-26116", "CVE-2020-26137", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-27783", "CVE-2020-27786", "CVE-2020-27835", "CVE-2020-28196", "CVE-2020-28935", "CVE-2020-28974", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-35508", "CVE-2020-36242", "CVE-2020-36322", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2020-9948", "CVE-2020-9951", "CVE-2020-9983", "CVE-2021-0342", "CVE-2021-21642", "CVE-2021-21643", "CVE-2021-21644", "CVE-2021-21645", "CVE-2021-23336", "CVE-2021-25215", "CVE-2021-30465", "CVE-2021-3121", "CVE-2021-3177", "CVE-2021-3326"], "modified": "2021-06-01T04:42:49", "id": "RHSA-2021:2121", "href": "https://access.redhat.com/errata/RHSA-2021:2121", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-02-25T14:24:44", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "CentOS 8 : unbound (CESA-2021:1853)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-06-02T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:python3-unbound", "p-cpe:/a:centos:centos:unbound", "p-cpe:/a:centos:centos:unbound-devel", "p-cpe:/a:centos:centos:unbound-libs"], "id": "CENTOS8_RHSA-2021-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/149745", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:1853. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149745);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/02\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1853\");\n\n script_name(english:\"CentOS 8 : unbound (CESA-2021:1853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write\n (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1853\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / unbound-libs');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:24:59", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1853 advisory.\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of- bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : unbound (ELSA-2021-1853)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-05-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:python3-unbound", "p-cpe:/a:oracle:linux:unbound", "p-cpe:/a:oracle:linux:unbound-devel", "p-cpe:/a:oracle:linux:unbound-libs"], "id": "ORACLELINUX_ELSA-2021-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/149938", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1853.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149938);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/26\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"Oracle Linux 8 : unbound (ELSA-2021-1853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1853 advisory.\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-\n bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid\n packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1853.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:unbound-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:24:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "RHEL 8 : unbound (RHSA-2021:1853)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:python3-unbound", "p-cpe:/a:redhat:enterprise_linux:unbound", "p-cpe:/a:redhat:enterprise_linux:unbound-devel", "p-cpe:/a:redhat:enterprise_linux:unbound-libs"], "id": "REDHAT-RHSA-2021-1853.NASL", "href": "https://www.tenable.com/plugins/nessus/149675", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1853. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149675);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"RHSA\", value:\"2021:1853\");\n\n script_name(english:\"RHEL 8 : unbound (RHSA-2021:1853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1853 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write\n (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1853\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1878761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954804\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 190, 617, 787, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / unbound-libs');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:25:58", "description": "The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1683 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : unbound (ALAS-2021-1683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-07-01T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python2-unbound", "p-cpe:/a:amazon:linux:python3-unbound", "p-cpe:/a:amazon:linux:unbound", "p-cpe:/a:amazon:linux:unbound-debuginfo", "p-cpe:/a:amazon:linux:unbound-devel", "p-cpe:/a:amazon:linux:unbound-libs", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1683.NASL", "href": "https://www.tenable.com/plugins/nessus/151275", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1683.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151275);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/01\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1683\");\n\n script_name(english:\"Amazon Linux 2 : unbound (ALAS-2021-1683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1683 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1683.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update unbound' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python2-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'python2-unbound-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-unbound-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python2-unbound-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-debuginfo-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-debuginfo-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-debuginfo-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-15.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python2-unbound / python3-unbound / unbound / etc\");\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:14:49", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0632 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-23T00:00:00", "type": "nessus", "title": "RHEL 8 : unbound (RHSA-2022:0632)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:python3-unbound", "p-cpe:/a:redhat:enterprise_linux:unbound", "p-cpe:/a:redhat:enterprise_linux:unbound-devel", "p-cpe:/a:redhat:enterprise_linux:unbound-libs"], "id": "REDHAT-RHSA-2022-0632.NASL", "href": "https://www.tenable.com/plugins/nessus/158321", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0632. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158321);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"RHSA\", value:\"2022:0632\");\n\n script_name(english:\"RHEL 8 : unbound (RHSA-2022:0632)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:0632 advisory.\n\n - unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n - unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write\n (CVE-2019-25034)\n\n - unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n - unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n - unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n - unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n - unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n - unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n - unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n - unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n - unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1878761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954796\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1954804\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 190, 617, 787, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-libs\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-unbound-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-12.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / unbound-libs');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T10:39:47", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple vulnerabilities:\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:python3-unbound", "p-cpe:/a:zte:cgsl_main:python3-unbound-debuginfo", "p-cpe:/a:zte:cgsl_main:unbound", "p-cpe:/a:zte:cgsl_main:unbound-debuginfo", "p-cpe:/a:zte:cgsl_main:unbound-debugsource", "p-cpe:/a:zte:cgsl_main:unbound-devel", "p-cpe:/a:zte:cgsl_main:unbound-libs", "p-cpe:/a:zte:cgsl_main:unbound-libs-debuginfo", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0064_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/160818", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0064. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160818);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2019-25032\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : unbound Multiple Vulnerabilities (NS-SA-2022-0064)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has unbound packages installed that are affected by multiple\nvulnerabilities:\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0064\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL unbound packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python3-unbound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:unbound-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'python3-unbound-1.7.3-15.el8',\n 'python3-unbound-debuginfo-1.7.3-15.el8',\n 'unbound-1.7.3-15.el8',\n 'unbound-debuginfo-1.7.3-15.el8',\n 'unbound-debugsource-1.7.3-15.el8',\n 'unbound-devel-1.7.3-15.el8',\n 'unbound-libs-1.7.3-15.el8',\n 'unbound-libs-debuginfo-1.7.3-15.el8'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:30:36", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : unbound (EulerOS-SA-2021-2436)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2436.NASL", "href": "https://www.tenable.com/plugins/nessus/153267", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153267);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : unbound (EulerOS-SA-2021-2436)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2436\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd88756a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h5\",\n \"unbound-libs-1.6.6-1.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:10:18", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : unbound (openSUSE-SU-2022:0176-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libunbound2", "p-cpe:/a:novell:opensuse:unbound", "p-cpe:/a:novell:opensuse:unbound-anchor", "p-cpe:/a:novell:opensuse:unbound-devel", "p-cpe:/a:novell:opensuse:unbound-munin", "p-cpe:/a:novell:opensuse:unbound-python", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157088", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0176-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157088);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : unbound (openSUSE-SU-2022:0176-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JTS3PI42CZC7TVKVUTBOIMO2PDFTABYC/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0a9bcef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-munin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:unbound-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-munin-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-python-1.6.8-10.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound / unbound-anchor / unbound-devel / unbound-munin / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T14:11:39", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : unbound (SUSE-SU-2022:0176-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libunbound2:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:unbound-anchor:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:unbound-devel:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0176-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157078", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0176-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157078);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0176-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : unbound (SUSE-SU-2022:0176-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0176-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010064.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1900b34a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libunbound2, unbound-anchor and / or unbound-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.2', 'SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound-anchor / unbound-devel');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-16T14:32:59", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0176-2 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0176-2)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libunbound2:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:unbound-anchor:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:unbound-devel:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0176-2.NASL", "href": "https://www.tenable.com/plugins/nessus/158091", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0176-2. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158091);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0176-2\");\n\n script_name(english:\"SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0176-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0176-2 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010225.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6acdf69\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libunbound2, unbound-anchor and / or unbound-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},\n {'reference':'unbound-anchor-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']},\n {'reference':'unbound-devel-1.6.8-10.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound-anchor / unbound-devel');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-15T14:14:14", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0301-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0301-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:libunbound2:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:unbound-anchor:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:unbound-devel:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-0301-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157347", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0301-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157347);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0301-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : unbound (SUSE-SU-2022:0301-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0301-1 advisory.\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1076963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1112033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179191\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185387\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185392\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2022-February/021588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25035\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25038\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-25042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libunbound2, unbound-anchor and / or unbound-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'libunbound2-1.6.8-3.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'unbound-anchor-1.6.8-3.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'unbound-devel-1.6.8-3.9.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound2 / unbound-anchor / unbound-devel');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:24:29", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4938-1 advisory.\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man- in-the-middle attack against a cleartext HTTP session. (CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.\n (CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of- bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-06T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4938-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libunbound-dev", "p-cpe:/a:canonical:ubuntu_linux:libunbound2", "p-cpe:/a:canonical:ubuntu_linux:libunbound8", "p-cpe:/a:canonical:ubuntu_linux:python-unbound", "p-cpe:/a:canonical:ubuntu_linux:python3-unbound", "p-cpe:/a:canonical:ubuntu_linux:unbound", "p-cpe:/a:canonical:ubuntu_linux:unbound-anchor", "p-cpe:/a:canonical:ubuntu_linux:unbound-host"], "id": "UBUNTU_USN-4938-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149324", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4938-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149324);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\",\n \"CVE-2020-28935\"\n );\n script_xref(name:\"USN\", value:\"4938-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Unbound vulnerabilities (USN-4938-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4938-1 advisory.\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-\n in-the-middle attack against a cleartext HTTP session. (CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.\n (CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.\n (CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-\n bounds write. (CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. (CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. (CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid\n packet. (CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n (CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. (CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. (CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. (CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. (CVE-2019-25042)\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version\n 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID\n file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case\n the file was already present, they would follow symlinks if the file happened to be a symlink instead of a\n regular file. An additional chown of the file would then take place after it was written, making the user\n Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user\n Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would\n like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root\n privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability\n that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker\n having access to the limited permission user Unbound/NSD runs as and point through the symlink to a\n critical file on the system. (CVE-2020-28935)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4938-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libunbound-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libunbound2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libunbound8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:unbound-host\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'libunbound-dev', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'libunbound2', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'python-unbound', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'python3-unbound', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'unbound', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'unbound-anchor', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '18.04', 'pkgname': 'unbound-host', 'pkgver': '1.6.7-1ubuntu2.4'},\n {'osver': '20.04', 'pkgname': 'libunbound-dev', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'libunbound8', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'python-unbound', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'python3-unbound', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'unbound', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'unbound-anchor', 'pkgver': '1.9.4-2ubuntu1.2'},\n {'osver': '20.04', 'pkgname': 'unbound-host', 'pkgver': '1.9.4-2ubuntu1.2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libunbound-dev / libunbound2 / libunbound8 / python-unbound / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-26T15:13:46", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : unbound (EulerOS-SA-2021-2620)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-10-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2620.NASL", "href": "https://www.tenable.com/plugins/nessus/154384", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154384);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/25\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : unbound (EulerOS-SA-2021-2620)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2620\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?64dc4eed\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-1.6.6-1.h5\",\n \"unbound-libs-1.6.6-1.h5\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:24:29", "description": "Several security vulnerabilities have been discovered in Unbound, a validating, recursive, caching DNS resolver, by security researchers of X41 D-SEC located in Aachen, Germany. Integer overflows, assertion failures, an out-of-bound write and an infinite loop vulnerability may lead to a denial of service or have a negative impact on data confidentiality.\n\nFor Debian 9 stretch, these problems have been fixed in version 1.9.0-2+deb10u2~deb9u2.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-07T00:00:00", "type": "nessus", "title": "Debian DLA-2652-1 : unbound1.9 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libunbound8", "p-cpe:/a:debian:debian_linux:unbound", "p-cpe:/a:debian:debian_linux:unbound-anchor", "p-cpe:/a:debian:debian_linux:unbound-host", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2652.NASL", "href": "https://www.tenable.com/plugins/nessus/149342", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2652-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(149342);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/11\");\n\n script_cve_id(\"CVE-2019-25031\", \"CVE-2019-25032\", \"CVE-2019-25033\", \"CVE-2019-25034\", \"CVE-2019-25035\", \"CVE-2019-25036\", \"CVE-2019-25037\", \"CVE-2019-25038\", \"CVE-2019-25039\", \"CVE-2019-25040\", \"CVE-2019-25041\", \"CVE-2019-25042\");\n\n script_name(english:\"Debian DLA-2652-1 : unbound1.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities have been discovered in Unbound, a\nvalidating, recursive, caching DNS resolver, by security researchers\nof X41 D-SEC located in Aachen, Germany. Integer overflows, assertion\nfailures, an out-of-bound write and an infinite loop vulnerability may\nlead to a denial of service or have a negative impact on data\nconfidentiality.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u2.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/unbound1.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/unbound1.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libunbound8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-host\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libunbound8\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-anchor\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-host\", reference:\"1.9.0-2+deb10u2~deb9u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:24:58", "description": "An update of the unbound package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-21T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Unbound PHSA-2021-3.0-0236", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-05-21T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unbound", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0236_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/149828", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0236. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149828);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/21\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"Photon OS 3.0: Unbound PHSA-2021-3.0-0236\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unbound package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-236.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-1.13.1-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-devel-1.13.1-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-docs-1.13.1-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:28:16", "description": "According to the versions of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in unbound. An out-of-bounds write in the rdata_copy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25042)\n\n - A flaw was found in unbound. A reachable assertion in the dname_pkt_copy function can be triggered through compressed names. The highest threat from this vulnerability is to service availability.(CVE-2019-25041)\n\n - A flaw was found in unbound. An infinite loop in dname_pkt_copy function could be triggered by a remote attacker. The highest threat from this vulnerability is to service availability.(CVE-2019-25040)\n\n - A flaw was found in unbound. An integer overflow in ub_packed_rrset_key function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25039)\n\n - A flaw was found in unbound. An integer overflow in dnsc_load_local_data function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25038)\n\n - A flaw was found in unbound. A reachable assertion in the dname_pkt_copy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability.(CVE-2019-25037)\n\n - A flaw was found in unbound. A reachable assertion in the synth_cname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dname_pkt_copy function. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25036)\n\n - A flaw was found in unbound. An out-of-bounds write in the sldns_bget_token_par function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25035)\n\n - A flaw was found in unbound. An integer overflow in the sldns_str2wire_dname_buf_origin function may lead to a buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25034)\n\n - A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGN_UP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25033)\n\n - A flaw was found in unbound. An integer overflow in regional_alloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2019-25032)\n\n - A flaw was found in unbound. The create_unbound_ad_servers.sh bash script does not properly sanitize input data, which is retrieved using an unencrypted, unauthenticated HTTP request, before writing the configuration file allowing a man-in-the-middle attack. The highest threat from this vulnerability is to data integrity and system availability.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2021-2124)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2124.NASL", "href": "https://www.tenable.com/plugins/nessus/151309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151309);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2021-2124)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in unbound. An out-of-bounds write in\n the rdata_copy function may be abused by a remote\n attacker. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as\n service availability.(CVE-2019-25042)\n\n - A flaw was found in unbound. A reachable assertion in\n the dname_pkt_copy function can be triggered through\n compressed names. The highest threat from this\n vulnerability is to service\n availability.(CVE-2019-25041)\n\n - A flaw was found in unbound. An infinite loop in\n dname_pkt_copy function could be triggered by a remote\n attacker. The highest threat from this vulnerability is\n to service availability.(CVE-2019-25040)\n\n - A flaw was found in unbound. An integer overflow in\n ub_packed_rrset_key function may lead to a buffer\n overflow of the allocated buffer if the size can be\n controlled by an attacker. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25039)\n\n - A flaw was found in unbound. An integer overflow in\n dnsc_load_local_data function may lead to a buffer\n overflow of the allocated buffer if the size can be\n controlled by an attacker. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25038)\n\n - A flaw was found in unbound. A reachable assertion in\n the dname_pkt_copy function can be triggered by sending\n invalid packets to the server. The highest threat from\n this vulnerability is to service\n availability.(CVE-2019-25037)\n\n - A flaw was found in unbound. A reachable assertion in\n the synth_cname function can be triggered by sending\n invalid packets to the server. If asserts are disabled\n during compilation, this issue might lead to an\n out-of-bounds write in dname_pkt_copy function. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as service\n availability.(CVE-2019-25036)\n\n - A flaw was found in unbound. An out-of-bounds write in\n the sldns_bget_token_par function may be abused by a\n remote attacker. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25035)\n\n - A flaw was found in unbound. An integer overflow in the\n sldns_str2wire_dname_buf_origin function may lead to a\n buffer overflow. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as service availability.(CVE-2019-25034)\n\n - A flaw was found in unbound. An integer overflow in the\n regional allocator via the ALIGN_UP macro may lead to a\n buffer overflow if the size can be controlled by an\n attacker. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as\n service availability.(CVE-2019-25033)\n\n - A flaw was found in unbound. An integer overflow in\n regional_alloc function may lead to a buffer overflow\n of the allocated buffer if the size can be controlled\n by an attacker and can be big enough. The highest\n threat from this vulnerability is to data\n confidentiality and integrity as well as service\n availability.(CVE-2019-25032)\n\n - A flaw was found in unbound. The\n create_unbound_ad_servers.sh bash script does not\n properly sanitize input data, which is retrieved using\n an unencrypted, unauthenticated HTTP request, before\n writing the configuration file allowing a\n man-in-the-middle attack. The highest threat from this\n vulnerability is to data integrity and system\n availability.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2124\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c85bf820\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-libs-1.6.6-1.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T14:55:13", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : unbound (EulerOS-SA-2021-2318)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-08-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-unbound", "p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2318.NASL", "href": "https://www.tenable.com/plugins/nessus/152401", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152401);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/12\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : unbound (EulerOS-SA-2021-2318)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2318\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91cc194d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python2-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"python3-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-libs-1.7.3-9.h6.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:28:57", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2259)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2259.NASL", "href": "https://www.tenable.com/plugins/nessus/152284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152284);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2259)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2259\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e5dafb4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T14:54:02", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2285)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-08-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2285.NASL", "href": "https://www.tenable.com/plugins/nessus/152307", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152307);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/11\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2285)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2285\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e777f56d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:30:24", "description": "According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-07T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : unbound (EulerOS-SA-2021-2351)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-09-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2351.NASL", "href": "https://www.tenable.com/plugins/nessus/153069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153069);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/09\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : unbound (EulerOS-SA-2021-2351)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound before 1.9.5 allows configuration injection in\n create_unbound_ad_servers.sh upon a successful\n man-in-the-middle attack against a cleartext HTTP\n session.(CVE-2019-25031)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via regional_alloc.(CVE-2019-25032)\n\n - Unbound before 1.9.5 allows an integer overflow in the\n regional allocator via the ALIGN_UP\n macro.(CVE-2019-25033)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write.(CVE-2019-25034)\n\n - Unbound before 1.9.5 allows an out-of-bounds write in\n sldns_bget_token_par.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in synth_cname.(CVE-2019-25036)\n\n - Unbound before 1.9.5 allows an assertion failure and\n denial of service in dname_pkt_copy via an invalid\n packet.(CVE-2019-25037)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in\n dnscrypt/dnscrypt.c.(CVE-2019-25038)\n\n - Unbound before 1.9.5 allows an integer overflow in a\n size calculation in respip/respip.c.(CVE-2019-25039)\n\n - Unbound before 1.9.5 allows an infinite loop via a\n compressed name in dname_pkt_copy.(CVE-2019-25040)\n\n - Unbound before 1.9.5 allows an assertion failure via a\n compressed name in dname_pkt_copy.(CVE-2019-25041)\n\n - Unbound before 1.9.5 allows an out-of-bounds write via\n a compressed name in rdata_copy.(CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2351\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a85ad13f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h5.eulerosv2r7\",\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T14:49:18", "description": "According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : unbound (EulerOS-SA-2021-2909)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2022-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2909.NASL", "href": "https://www.tenable.com/plugins/nessus/156512", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156512);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/06\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : unbound (EulerOS-SA-2021-2909)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2909\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?133caf1a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:14:25", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : unbound (EulerOS-SA-2022-1100)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2022-02-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-unbound", "p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-1100.NASL", "href": "https://www.tenable.com/plugins/nessus/158024", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158024);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/13\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : unbound (EulerOS-SA-2022-1100)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1100\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13dbc7cd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python2-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"python3-unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-1.7.3-9.h6.eulerosv2r8\",\n \"unbound-libs-1.7.3-9.h6.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T04:41:13", "description": "According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2023-1299)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2023-01-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2023-1299.NASL", "href": "https://www.tenable.com/plugins/nessus/170806", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170806);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2023-1299)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1299\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f0840c8f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:14:44", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2022-1150)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2022-02-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-1150.NASL", "href": "https://www.tenable.com/plugins/nessus/158030", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158030);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/13\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25032\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2022-1150)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a\n successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider\n this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from\n the community that facilitates automatic configuration creation. It is not part of the Unbound\n installation. (CVE-2019-25031)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via\n regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25032)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading\n to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may\n be vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25035)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy\n via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in\n dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be\n vulnerable, a running Unbound installation cannot be remotely or locally exploited. (CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally exploited. (CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.\n NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running\n Unbound installation cannot be remotely or locally exploited. (CVE-2019-25042)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1150\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46c8f0a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"unbound-1.6.6-1.h5.eulerosv2r7\",\n \"unbound-libs-1.6.6-1.h5.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:27:30", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2021-2175)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-2175.NASL", "href": "https://www.tenable.com/plugins/nessus/151556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151556);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2021-2175)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write via a compressed name in\n rdata_copy. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite\n loop via a compressed name in dname_pkt_copy. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in dname_pkt_copy via an\n invalid packet. NOTE: The vendor disputes that this is\n a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in synth_cname. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows\n configuration injection in create_unbound_ad_servers.sh\n upon a successful man-in-the-middle attack against a\n cleartext HTTP session. NOTE: The vendor does not\n consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script\n from the community that facilitates automatic\n configuration creation. It is not part of the Unbound\n installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2175\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a201e0ce\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-25T14:28:30", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : unbound (EulerOS-SA-2021-2210)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-07-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-2210.NASL", "href": "https://www.tenable.com/plugins/nessus/151554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151554);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/15\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25033\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25038\",\n \"CVE-2019-25039\",\n \"CVE-2019-25040\",\n \"CVE-2019-25041\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : unbound (EulerOS-SA-2021-2210)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write via a compressed name in\n rdata_copy. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25042)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure via a compressed name in dname_pkt_copy. NOTE:\n The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25041)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an infinite\n loop via a compressed name in dname_pkt_copy. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25040)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in respip/respip.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25039)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in a size calculation in dnscrypt/dnscrypt.c.\n NOTE: The vendor disputes that this is a vulnerability.\n Although the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25038)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in dname_pkt_copy via an\n invalid packet. NOTE: The vendor disputes that this is\n a vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25037)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an assertion\n failure and denial of service in synth_cname. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25036)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an\n out-of-bounds write in sldns_bget_token_par. NOTE: The\n vendor disputes that this is a vulnerability. Although\n the code may be vulnerable, a running Unbound\n installation cannot be remotely or locally\n exploited.(CVE-2019-25035)\n\n - Unbound before 1.9.5 allows an integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an\n out-of-bounds write. (CVE-2019-25034)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows an integer\n overflow in the regional allocator via the ALIGN_UP\n macro. NOTE: The vendor disputes that this is a\n vulnerability. Although the code may be vulnerable, a\n running Unbound installation cannot be remotely or\n locally exploited.(CVE-2019-25033)\n\n - ** DISPUTED ** Unbound before 1.9.5 allows\n configuration injection in create_unbound_ad_servers.sh\n upon a successful man-in-the-middle attack against a\n cleartext HTTP session. NOTE: The vendor does not\n consider this a vulnerability of the Unbound software.\n create_unbound_ad_servers.sh is a contributed script\n from the community that facilitates automatic\n configuration creation. It is not part of the Unbound\n installation.(CVE-2019-25031)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2210\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a09237b4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h6.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h6.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T14:48:24", "description": "An update of the unbound package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-26T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Unbound PHSA-2021-1.0-0390", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25042"], "modified": "2021-05-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unbound", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0390_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/149920", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0390. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149920);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/26\");\n\n script_cve_id(\n \"CVE-2019-25031\",\n \"CVE-2019-25034\",\n \"CVE-2019-25035\",\n \"CVE-2019-25036\",\n \"CVE-2019-25037\",\n \"CVE-2019-25042\"\n );\n\n script_name(english:\"Photon OS 1.0: Unbound PHSA-2021-1.0-0390\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unbound package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-390.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-25042\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'unbound-1.6.8-4.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'unbound-devel-1.6.8-4.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'unbound-docs-1.6.8-4.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:40:26", "description": "According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-1037)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1037.NASL", "href": "https://www.tenable.com/plugins/nessus/144659", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144659);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-1037)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1037\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?71082c61\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h3.eulerosv2r9\",\n \"unbound-1.7.3-18.h3.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:55:36", "description": "NLNetLabs reports :\n\nUnbound and NSD when writing the PID file would not check if an existing file was a symlink. This could allow for a local symlink \\ attack if an attacker has access to the user Unbound/NSD runs as.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "FreeBSD : Unbound/NSD -- Denial of service vulnerability (388ebb5b-3c95-11eb-929d-d4c9ef517024)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2020-12-16T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:nsd", "p-cpe:/a:freebsd:freebsd:unbound", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_388EBB5B3C9511EB929DD4C9EF517024.NASL", "href": "https://www.tenable.com/plugins/nessus/144193", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144193);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/16\");\n\n script_cve_id(\"CVE-2020-28935\");\n\n script_name(english:\"FreeBSD : Unbound/NSD -- Denial of service vulnerability (388ebb5b-3c95-11eb-929d-d4c9ef517024)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"NLNetLabs reports :\n\nUnbound and NSD when writing the PID file would not check if an\nexisting file was a symlink. This could allow for a local symlink \\\nattack if an attacker has access to the user Unbound/NSD runs as.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt\"\n );\n # https://vuxml.freebsd.org/freebsd/388ebb5b-3c95-11eb-929d-d4c9ef517024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?311dcbdc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"unbound<1.13.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nsd<4.3.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:39:15", "description": "An update of the unbound package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-23T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Unbound PHSA-2021-3.0-0197", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-02-25T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unbound", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0197_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/146778", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0197. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146778);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\"CVE-2020-28935\");\n\n script_name(english:\"Photon OS 3.0: Unbound PHSA-2021-3.0-0197\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unbound package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-197.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28935\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-1.8.0-5.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-devel-1.8.0-5.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'unbound-docs-1.8.0-5.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-30T14:56:54", "description": "An update of the unbound package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-23T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Unbound PHSA-2021-2.0-0320", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-02-25T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unbound", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0320_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/146770", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0320. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146770);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/25\");\n\n script_cve_id(\"CVE-2020-28935\");\n\n script_name(english:\"Photon OS 2.0: Unbound PHSA-2021-2.0-0320\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unbound package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-320.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28935\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'unbound-1.6.8-3.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'unbound-devel-1.6.8-3.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'unbound-docs-1.6.8-3.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:44:33", "description": "According to the version of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : unbound (EulerOS-SA-2021-1579)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-03-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-1579.NASL", "href": "https://www.tenable.com/plugins/nessus/147099", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147099);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : unbound (EulerOS-SA-2021-1579)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1579\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d654b95\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-libs-1.7.3-9.h5.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:40:27", "description": "According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : unbound (EulerOS-SA-2021-1176)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-02-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python2-unbound", "p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1176.NASL", "href": "https://www.tenable.com/plugins/nessus/145740", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145740);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/04\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : unbound (EulerOS-SA-2021-1176)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1176\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f7d8c3f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"python2-unbound-1.7.3-9.h5.eulerosv2r8\",\n \"python3-unbound-1.7.3-9.h5.eulerosv2r8\",\n \"unbound-1.7.3-9.h5.eulerosv2r8\",\n \"unbound-libs-1.7.3-9.h5.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:37:45", "description": "The remote host is affected by the vulnerability described in GLSA-202101-38 (NSD: Symbolic link traversal)\n\n A local vulnerability was discovered that would allow for a local symlink attack due to how NSD handles PID files.\n Impact :\n\n A local attacker could cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "GLSA-202101-38 : NSD: Symbolic link traversal", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:nsd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202101-38.NASL", "href": "https://www.tenable.com/plugins/nessus/145564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202101-38.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(145564);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/02\");\n\n script_cve_id(\"CVE-2020-28935\");\n script_xref(name:\"GLSA\", value:\"202101-38\");\n\n script_name(english:\"GLSA-202101-38 : NSD: Symbolic link traversal\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-202101-38\n(NSD: Symbolic link traversal)\n\n A local vulnerability was discovered that would allow for a local\n symlink attack due to how NSD handles PID files.\n \nImpact :\n\n A local attacker could cause a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/202101-38\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All NSD users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-dns/nsd-4.3.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:nsd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-dns/nsd\", unaffected:make_list(\"ge 4.3.4\"), vulnerable:make_list(\"lt 4.3.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"NSD\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:44:47", "description": "According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : unbound (EulerOS-SA-2021-1857)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1857.NASL", "href": "https://www.tenable.com/plugins/nessus/149150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149150);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : unbound (EulerOS-SA-2021-1857)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1857\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a46f9a7e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h4\",\n \"unbound-libs-1.6.6-1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:39:14", "description": "An update of the unbound package has been released.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-25T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Unbound PHSA-2021-1.0-0362", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-02-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:unbound", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0362_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/146862", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0362. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146862);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/26\");\n\n script_cve_id(\"CVE-2020-28935\");\n\n script_name(english:\"Photon OS 1.0: Unbound PHSA-2021-1.0-0362\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the unbound package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-362.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-28935\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'unbound-1.6.8-3.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'unbound-devel-1.6.8-3.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'unbound-docs-1.6.8-3.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:43:19", "description": "According to the version of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2021-1523)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-03-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-1523.NASL", "href": "https://www.tenable.com/plugins/nessus/147055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147055);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/08\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2021-1523)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1523\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76942c65\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h4.eulerosv2r7\",\n \"unbound-libs-1.6.6-1.h4.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-30T14:57:56", "description": "According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : unbound (EulerOS-SA-2021-1709)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-03-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1709.NASL", "href": "https://www.tenable.com/plugins/nessus/148040", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148040);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/26\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : unbound (EulerOS-SA-2021-1709)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1709\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d0259dc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h4.eulerosv2r7\",\n \"unbound-libs-1.6.6-1.h4.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:42:09", "description": "According to the version of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2021-1401)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-1401.NASL", "href": "https://www.tenable.com/plugins/nessus/147596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147596);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2021-1401)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1401\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a60ec705\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-libs-1.6.6-1.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:41:11", "description": "According to the version of the unbound package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : unbound (EulerOS-SA-2021-1426)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-03-16T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-1426.NASL", "href": "https://www.tenable.com/plugins/nessus/147520", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147520);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/16\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : unbound (EulerOS-SA-2021-1426)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1426\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2acde175\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-libs-1.6.6-1.h4.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:38:54", "description": "According to the version of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-04T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-1018)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1018.NASL", "href": "https://www.tenable.com/plugins/nessus/144662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144662);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-1018)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1018\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7f9a9824\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h3.eulerosv2r9\",\n \"unbound-1.7.3-18.h3.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-10T14:55:44", "description": "This update for nsd fixes the following issues :\n\nnsd was updated to the new upstream release 4.3.4\n\nFEATURES :\n\n - Merge PR #141: ZONEMD RR type.\n\nBUG FIXES :\n\n - Fix that symlink does not interfere with chown of pidfile (boo#1179191, CVE-2020-28935)\n\n - Fix #128: Fix that the invalid port number is logged for sendmmsg failed: Invalid argument.\n\n - Fix #133: fix 0-init of local ( stack ) buffer.\n\n - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.\n\n - Fix to add missing closest encloser NSEC3 for wildcard nodata type DS answer.\n\n - Fix #138: NSD returns non-EDNS answer when QUESTION is empty.\n\n - Fix #142: NODATA answers missin SOA in authority section after CNAME chain.\n\nNew upstream release 4.3.3 :\n\nFEATURES :\n\n - Follow DNS flag day 2020 advice and set default EDNS message size to 1232.\n\n - Merged PR #113 with fixes. Instead of listing an IP-address to listen on, an interface name can be specified in nsd.conf, with ip-address: eth0. The IP-addresses for that interface are then used.\n\n - New upstream release 4.3.2\n\nFEATURES :\n\n - Fix #96: log-only-syslog: yes sets to only use syslog, fixes that the default configuration and systemd results in duplicate log messages.\n\n - Fix #107: nsd -v shows configure line, openssl version and libevent version.\n\n - Fix #103 with #110: min-expire-time option. To provide a lower bound for expire period. Expressed in number of seconds or refresh+retry+1.\n\nBUG FIXES :\n\n - Fix to omit the listen-on lines from log at startup, unless verbose.\n\n - Fix #97: EDNS unknown version: query not in response.\n\n - Fix #99: Fix copying of socket properties with reuseport enabled.\n\n - Document default value for tcp-timeout.\n\n - Merge PR#102 from and0x000: add missing default in documentation for drop-updates.\n\n - Fix unlink of pidfile warning if not possible due to permissions, nsd can display the message at high verbosity levels.\n\n - Removed contrib/nsd.service, example is too complicated and not useful.\n\n - Merge #108 from Nomis: Make the max-retry-time description clearer.\n\n - Retry when udp send buffer is full to wait until buffer space is available.\n\n - Remove errno reset behaviour from sendmmsg and recvmmsg replacement functions.\n\n - Fix unit test for different nsd-control-setup -h exit code.\n\n - Merge #112 from jaredmauch: log old and new serials when NSD rejects an IXFR due to an old serial number.\n\n - Fix #106: Adhere better to xfrd bounds. Refresh and retry times.\n\n - Fix #105: Clearing hash_tree means just emptying the tree.\n\nNew upstream release 4.3.1\n\nBUG FIXES :\n\n - Merge PR #91 by gearnode: nsd-control-setup recreate certificates. The '-r' option recreates certificates.\n Without it it creates them if they do not exist, and does not modify them otherwise.\n\nNew upstream release 4.3.0\n\nFEATURES :\n\n - Fix to use getrandom() for randomness, if available.\n\n - Fix #56: Drop sparse TSIG signing support in NSD. Sign every axfr packet with TSIG, according to the latest draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.\n\n - Merge pull request #59 from buddyns: add FreeBSD support for conf key ip-transparent.\n\n - Add feature to pin server processes to specific cpus.\n\n - Add feature to pin IP addresses to selected server processes.\n\n - Set process title to identify individual processes.\n\n - Merge PR#22: minimise-any: prefer polular and not large RRset, from Daisuke Higashi.\n\n - Add support for SO_BINDTODEVICE on Linux.\n\n - Add feature to drop queries with opcode UPDATE.\n\nBUG FIXES :\n\n - Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.\n\n - use-systemd is ignored in nsd.conf, when NSD is compiled with libsystemd it always signals readiness, if possible.\n\n - Note that use-systemd is not necessary and ignored in man page.\n\n - Fix responses for IXFR so that the authority section is not echoed in the response.\n\n - Fix that the retry wait does not exceed one day for zone transfers.\n\n - Update keyring as per https://nlnetlabs.nl/people/\n\nNew upstream release 4.2.3 :\n\n - confine-to-zone configures NSD to not return out-of-zone additional information.\n\n - pidfile '' allows to run NSD without a pidfile\n\n - adds support for readiness notification with READY_FD\n\n - fix excessive logging of ixfr failures, it stops the log when fallback to axfr is possible. log is enabled at high verbosity.\n\n - The nsd.conf includes are sorted ascending, for include statements with a '*' from glob.\n\n - Fix log address and failure reason with tls handshake errors, squelches (the same as unbound) some unless high verbosity is used.\n\n - Number of different UDP handlers has been reduced to one. recvmmsg and sendmmsg implementations are now used on all platforms.\n\n - Socket options are now set in designated functions for easy reuse.\n\n - Socket setup has been simplified for easy reuse.\n\n - Configuration parser is now aware of the context in which an option was specified.\n\n - document that remote-control is a top-level nsd.conf attribute.\n\n - Remove legacy upgrade of nsd users in %post (boo#1157331)\n\nNew upstream release 4.2.2 :\n\n - Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the dname_concatenate() function. Reported by Frederic Cambus. It causes the zone parser to crash on a malformed zone file, with assertions enabled, an assertion catches it.\n\n - Fix #19: Out-of-bounds read caused by improper validation of array index. Reported by Frederic Cambus.\n The zone parser fails on type SIG because of mismatched definition with RRSIG.\n\n - PR #23: Fix typo in nsd.conf man-page.\n\n - Fix that NSD warns for wrong length of the hash in SSHFP records.\n\n - Fix #25: NSD doesn't refresh zones after extended downtime, it refreshes the old zones.\n\n - Set no renegotiation on the SSL context to stop client session renegotiation.\n\n - Fix #29: SSHFP check NULL pointer dereference.\n\n - Fix #30: SSHFP check failure due to missing domain name.\n\n - Fix to timeval_add in minievent for remaining second in microseconds.\n\n - PR #31: nsd-control: Add missing stdio header.\n\n - PR #32: tsig: Fix compilation without HAVE_SSL.\n\n - Cleanup tls context on xfrd exit.\n\n - Fix #33: Fix segfault in service of remaining streams on exit.\n\n - Fix error message for out of zone data to have more information.\n\nNew upstream release 4.2.1 :\n\n - FEATURES :\n\n - Added num.tls and num.tls6 stat counters.\n\n - PR #12: send-buffer-size, receive-buffer-size, tcp-reject-overflow options for nsd.conf, from Jeroen Koekkoek.\n\n - Fix #14, tcp connections have 1/10 to be active and have to work every second, and then they get time to complete during a reload, this is a process that lingers with the old version during a version update.\n\n - BUG FIXES :\n\n - Fix #13: Stray dot at the end of some log entries, removes dot after updated serial number in log entry.\n\n - Fix TLS cipher selection, the previous was redundant, prefers CHACHA20-POLY1305 over AESGCM and was not as readable as it could be.\n\n - Fix #15: crash in SSL library, initialize variables for TCP access when TLS is configured.\n\n - Fix tls handshake event callback function mistake, reported by Mykhailo Danylenko.\n\n - Fix output of nsd-checkconf -h.\n\nNew upstream release 4.2.0 :\n\n - Implement TCP fast open\n\n - Added DNS over TLS\n\n - TLS OCSP stapling support with the tls-service-ocsp option\n\n - New option hide-identity can be used in nsd.conf to stop NSD from responding with the hostname for probe queries that elicit the chaos class response, this is conform RFC4892\n\n - Disable TLS1.0, TLS1.1 and weak ciphers, enable CIPHER_SERVER_PREFERENCE\n\nUpdate to upstream release 4.1.27 :\n\n - FEATURES :\n\n - Deny ANY with only one RR in response, by default. Patch from Daisuke Higashi. The deny-any statement in nsd.conf sets ANY queries over UDP to be further moved to TCP as well. Also no additional section processig for type ANY, reducing the response size.\n\n - Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig and del_tsig. These changes are gone after reload, edit the config file (or a file included from it) to make changes that last after restart.\n\n - BUG FIXES :\n\nUpdate to upstream release 4.1.26 :\n\n - FEATURES :\n\n - DNSTAP support for NSD, --enable-dnstap and then config in nsd.conf.\n\n - Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes option in nsd.conf.\n\n - Added nsd-control changezone. nsd-control changezone name pattern allows the change of a zone pattern option without downtime for the zone, in one operation.\n\n - BUG FIXES :\n\n - Fix #4194: Zone file parser derailed by non-FQDN names in RHS of DNSSEC RRs.\n\n - Fix #4202: nsd-control delzone incorrect exit code on error.\n\n - Fix to not set GLOB_NOSORT so the nsd.conf include:\n files are sorted and in a predictable order.\n\n - Fix #3433: document that reconfig does not change per-zone stats.\n\nUpdate to upstream release 4.1.25 :\n\n - FEATURES :\n\n - nsd-control prints neater errors for file failures.\n\n - BUG FIXES :\n\n - Fix that nsec3 precompile deletion happens before the RRs of the zone are deleted.\n\n - Fix printout of accepted remote control connection for unix sockets.\n\n - Fix use_systemd typo/leftover in remote.c.\n\n - Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu.\n\n - append_trailing_slash has one implementation and is not repeated differently.\n\n - Fix coding style in nsd.c\n\n - Fix to combine the same error function into one, from Xiaobo Liu.\n\n - Fix initialisation in remote.c.\n\n - please clang analyzer and fix parse of IPSECKEY with bad gateway.\n\n - Fix nsd-checkconf fail on bad zone name.\n\n - Annotate exit functions with noreturn.\n\n - Remove unused if clause during server service startup.\n\n - Fix #4156: Fix systemd service manager state change notification When it is compiled, systemd readiness signalling is enabled. The option in nsd.conf is not used, it is ignored when read.\n\nUpdate to upstream release 4.1.24 :\n\n - Features\n\n - #4102: control interface via local socket\n\n - configure --enable-systemd (needs pkg-config and libsystemd) can be used to then use-systemd: yes in nsd.conf and have readiness signalling with systemd.\n\n - RFC8162 support, for record type SMIMEA.\n\n - Bug Fixes\n\n - Patch to fix openwrt for mac os build darwin detection in configure.\n\n - Fix that first control-interface determines if TLS is used. Warn when IP address interfaces are used without TLS.\n\n - #4106: Fix that stats printed from nsd-control are recast from unsigned long to unsigned (remote.c).\n\n - Fix that type CAA (and URI) in the zone file can contain dots when not in quotes.\n\n - #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM chain, NSD leniently attempts to find a working NSEC3PARAM.\n\nUpdate to upstream release 4.1.23 :\n\n - Fix NSD time sensitive TSIG compare vulnerability.\n\nUpdate to upstream release 4.1.22 :\n\n - Features :\n\n - refuse-any sends truncation (+TC) in reply to ANY queries over UDP, and allows TCP queries like normal.\n\n - Use accept4 to speed up answer of TCP queries\n\n - Bug fixes :\n\n - Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.\n\n - Fix to use same condition for nsec3 hash allocation and free.\n\n - Changes in version 4.1.21 :\n\n - Features :\n\n - --enable-memclean cleans up memory for use with memory checkers, eg. valgrind.\n\n - refuse-any nsd.conf option that refuses queries of type ANY.\n\n - lower memory usage for tcp connections, so tcp-count can be higher.\n\n - Bug fixes :\n\n - Fix spelling error in xfr-inspect.\n\n - Fix buffer size warnings from compiler on filename lengths.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "openSUSE Security Update : nsd (openSUSE-2020-2222)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13207", "CVE-2020-28935"], "modified": "2020-12-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:nsd", "p-cpe:/a:novell:opensuse:nsd-debuginfo", "p-cpe:/a:novell:opensuse:nsd-debugsource", "cpe:/o:novell:opensuse:15.1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-2222.NASL", "href": "https://www.tenable.com/plugins/nessus/144120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2222.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144120);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/16\");\n\n script_cve_id(\"CVE-2019-13207\", \"CVE-2020-28935\");\n\n script_name(english:\"openSUSE Security Update : nsd (openSUSE-2020-2222)\");\n script_summary(english:\"Check for the openSUSE-2020-2222 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for nsd fixes the following issues :\n\nnsd was updated to the new upstream release 4.3.4\n\nFEATURES :\n\n - Merge PR #141: ZONEMD RR type.\n\nBUG FIXES :\n\n - Fix that symlink does not interfere with chown of\n pidfile (boo#1179191, CVE-2020-28935)\n\n - Fix #128: Fix that the invalid port number is logged for\n sendmmsg failed: Invalid argument.\n\n - Fix #133: fix 0-init of local ( stack ) buffer.\n\n - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs\n EDNS_MAX_MESSAGE_LEN.\n\n - Fix to add missing closest encloser NSEC3 for wildcard\n nodata type DS answer.\n\n - Fix #138: NSD returns non-EDNS answer when QUESTION is\n empty.\n\n - Fix #142: NODATA answers missin SOA in authority section\n after CNAME chain.\n\nNew upstream release 4.3.3 :\n\nFEATURES :\n\n - Follow DNS flag day 2020 advice and set default EDNS\n message size to 1232.\n\n - Merged PR #113 with fixes. Instead of listing an\n IP-address to listen on, an interface name can be\n specified in nsd.conf, with ip-address: eth0. The\n IP-addresses for that interface are then used.\n\n - New upstream release 4.3.2\n\nFEATURES :\n\n - Fix #96: log-only-syslog: yes sets to only use syslog,\n fixes that the default configuration and systemd results\n in duplicate log messages.\n\n - Fix #107: nsd -v shows configure line, openssl version\n and libevent version.\n\n - Fix #103 with #110: min-expire-time option. To provide a\n lower bound for expire period. Expressed in number of\n seconds or refresh+retry+1.\n\nBUG FIXES :\n\n - Fix to omit the listen-on lines from log at startup,\n unless verbose.\n\n - Fix #97: EDNS unknown version: query not in response.\n\n - Fix #99: Fix copying of socket properties with reuseport\n enabled.\n\n - Document default value for tcp-timeout.\n\n - Merge PR#102 from and0x000: add missing default in\n documentation for drop-updates.\n\n - Fix unlink of pidfile warning if not possible due to\n permissions, nsd can display the message at high\n verbosity levels.\n\n - Removed contrib/nsd.service, example is too complicated\n and not useful.\n\n - Merge #108 from Nomis: Make the max-retry-time\n description clearer.\n\n - Retry when udp send buffer is full to wait until buffer\n space is available.\n\n - Remove errno reset behaviour from sendmmsg and recvmmsg\n replacement functions.\n\n - Fix unit test for different nsd-control-setup -h exit\n code.\n\n - Merge #112 from jaredmauch: log old and new serials when\n NSD rejects an IXFR due to an old serial number.\n\n - Fix #106: Adhere better to xfrd bounds. Refresh and\n retry times.\n\n - Fix #105: Clearing hash_tree means just emptying the\n tree.\n\nNew upstream release 4.3.1\n\nBUG FIXES :\n\n - Merge PR #91 by gearnode: nsd-control-setup recreate\n certificates. The '-r' option recreates certificates.\n Without it it creates them if they do not exist, and\n does not modify them otherwise.\n\nNew upstream release 4.3.0\n\nFEATURES :\n\n - Fix to use getrandom() for randomness, if available.\n\n - Fix #56: Drop sparse TSIG signing support in NSD. Sign\n every axfr packet with TSIG, according to the latest\n draft-ietf-dnsop-rfc2845bis-06, Section 5.3.1.\n\n - Merge pull request #59 from buddyns: add FreeBSD support\n for conf key ip-transparent.\n\n - Add feature to pin server processes to specific cpus.\n\n - Add feature to pin IP addresses to selected server\n processes.\n\n - Set process title to identify individual processes.\n\n - Merge PR#22: minimise-any: prefer polular and not large\n RRset, from Daisuke Higashi.\n\n - Add support for SO_BINDTODEVICE on Linux.\n\n - Add feature to drop queries with opcode UPDATE.\n\nBUG FIXES :\n\n - Fix whitespace in nsd.conf.sample.in, patch from Paul\n Wouters.\n\n - use-systemd is ignored in nsd.conf, when NSD is compiled\n with libsystemd it always signals readiness, if\n possible.\n\n - Note that use-systemd is not necessary and ignored in\n man page.\n\n - Fix responses for IXFR so that the authority section is\n not echoed in the response.\n\n - Fix that the retry wait does not exceed one day for zone\n transfers.\n\n - Update keyring as per https://nlnetlabs.nl/people/\n\nNew upstream release 4.2.3 :\n\n - confine-to-zone configures NSD to not return out-of-zone\n additional information.\n\n - pidfile '' allows to run NSD without a pidfile\n\n - adds support for readiness notification with READY_FD\n\n - fix excessive logging of ixfr failures, it stops the log\n when fallback to axfr is possible. log is enabled at\n high verbosity.\n\n - The nsd.conf includes are sorted ascending, for include\n statements with a '*' from glob.\n\n - Fix log address and failure reason with tls handshake\n errors, squelches (the same as unbound) some unless high\n verbosity is used.\n\n - Number of different UDP handlers has been reduced to\n one. recvmmsg and sendmmsg implementations are now used\n on all platforms.\n\n - Socket options are now set in designated functions for\n easy reuse.\n\n - Socket setup has been simplified for easy reuse.\n\n - Configuration parser is now aware of the context in\n which an option was specified.\n\n - document that remote-control is a top-level nsd.conf\n attribute.\n\n - Remove legacy upgrade of nsd users in %post\n (boo#1157331)\n\nNew upstream release 4.2.2 :\n\n - Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in\n the dname_concatenate() function. Reported by Frederic\n Cambus. It causes the zone parser to crash on a\n malformed zone file, with assertions enabled, an\n assertion catches it.\n\n - Fix #19: Out-of-bounds read caused by improper\n validation of array index. Reported by Frederic Cambus.\n The zone parser fails on type SIG because of mismatched\n definition with RRSIG.\n\n - PR #23: Fix typo in nsd.conf man-page.\n\n - Fix that NSD warns for wrong length of the hash in SSHFP\n records.\n\n - Fix #25: NSD doesn't refresh zones after extended\n downtime, it refreshes the old zones.\n\n - Set no renegotiation on the SSL context to stop client\n session renegotiation.\n\n - Fix #29: SSHFP check NULL pointer dereference.\n\n - Fix #30: SSHFP check failure due to missing domain name.\n\n - Fix to timeval_add in minievent for remaining second in\n microseconds.\n\n - PR #31: nsd-control: Add missing stdio header.\n\n - PR #32: tsig: Fix compilation without HAVE_SSL.\n\n - Cleanup tls context on xfrd exit.\n\n - Fix #33: Fix segfault in service of remaining streams on\n exit.\n\n - Fix error message for out of zone data to have more\n information.\n\nNew upstream release 4.2.1 :\n\n - FEATURES :\n\n - Added num.tls and num.tls6 stat counters.\n\n - PR #12: send-buffer-size, receive-buffer-size,\n tcp-reject-overflow options for nsd.conf, from Jeroen\n Koekkoek.\n\n - Fix #14, tcp connections have 1/10 to be active and have\n to work every second, and then they get time to complete\n during a reload, this is a process that lingers with the\n old version during a version update.\n\n - BUG FIXES :\n\n - Fix #13: Stray dot at the end of some log entries,\n removes dot after updated serial number in log entry.\n\n - Fix TLS cipher selection, the previous was redundant,\n prefers CHACHA20-POLY1305 over AESGCM and was not as\n readable as it could be.\n\n - Fix #15: crash in SSL library, initialize variables for\n TCP access when TLS is configured.\n\n - Fix tls handshake event callback function mistake,\n reported by Mykhailo Danylenko.\n\n - Fix output of nsd-checkconf -h.\n\nNew upstream release 4.2.0 :\n\n - Implement TCP fast open\n\n - Added DNS over TLS\n\n - TLS OCSP stapling support with the tls-service-ocsp\n option\n\n - New option hide-identity can be used in nsd.conf to stop\n NSD from responding with the hostname for probe queries\n that elicit the chaos class response, this is conform\n RFC4892\n\n - Disable TLS1.0, TLS1.1 and weak ciphers, enable\n CIPHER_SERVER_PREFERENCE\n\nUpdate to upstream release 4.1.27 :\n\n - FEATURES :\n\n - Deny ANY with only one RR in response, by default. Patch\n from Daisuke Higashi. The deny-any statement in nsd.conf\n sets ANY queries over UDP to be further moved to TCP as\n well. Also no additional section processig for type ANY,\n reducing the response size.\n\n - Fix #4215: on-the-fly change of TSIG keys with patch\n from Igor, adds nsd-control print_tsig, update_tsig,\n add_tsig, assoc_tsig and del_tsig. These changes are\n gone after reload, edit the config file (or a file\n included from it) to make changes that last after\n restart.\n\n - BUG FIXES :\n\nUpdate to upstream release 4.1.26 :\n\n - FEATURES :\n\n - DNSTAP support for NSD, --enable-dnstap and then config\n in nsd.conf.\n\n - Support SO_REUSEPORT_LB in FreeBSD 12 with the\n reuseport: yes option in nsd.conf.\n\n - Added nsd-control changezone. nsd-control changezone\n name pattern allows the change of a zone pattern option\n without downtime for the zone, in one operation.\n\n - BUG FIXES :\n\n - Fix #4194: Zone file parser derailed by non-FQDN names\n in RHS of DNSSEC RRs.\n\n - Fix #4202: nsd-control delzone incorrect exit code on\n error.\n\n - Fix to not set GLOB_NOSORT so the nsd.conf include:\n files are sorted and in a predictable order.\n\n - Fix #3433: document that reconfig does not change\n per-zone stats.\n\nUpdate to upstream release 4.1.25 :\n\n - FEATURES :\n\n - nsd-control prints neater errors for file failures.\n\n - BUG FIXES :\n\n - Fix that nsec3 precompile deletion happens before the\n RRs of the zone are deleted.\n\n - Fix printout of accepted remote control connection for\n unix sockets.\n\n - Fix use_systemd typo/leftover in remote.c.\n\n - Fix codingstyle in nsd-checkconf.c in patch from Sharp\n Liu.\n\n - append_trailing_slash has one implementation and is not\n repeated differently.\n\n - Fix coding style in nsd.c\n\n - Fix to combine the same error function into one, from\n Xiaobo Liu.\n\n - Fix initialisation in remote.c.\n\n - please clang analyzer and fix parse of IPSECKEY with bad\n gateway.\n\n - Fix nsd-checkconf fail on bad zone name.\n\n - Annotate exit functions with noreturn.\n\n - Remove unused if clause during server service startup.\n\n - Fix #4156: Fix systemd service manager state change\n notification When it is compiled, systemd readiness\n signalling is enabled. The option in nsd.conf is not\n used, it is ignored when read.\n\nUpdate to upstream release 4.1.24 :\n\n - Features\n\n - #4102: control interface via local socket\n\n - configure --enable-systemd (needs pkg-config and\n libsystemd) can be used to then use-systemd: yes in\n nsd.conf and have readiness signalling with systemd.\n\n - RFC8162 support, for record type SMIMEA.\n\n - Bug Fixes\n\n - Patch to fix openwrt for mac os build darwin detection\n in configure.\n\n - Fix that first control-interface determines if TLS is\n used. Warn when IP address interfaces are used without\n TLS.\n\n - #4106: Fix that stats printed from nsd-control are\n recast from unsigned long to unsigned (remote.c).\n\n - Fix that type CAA (and URI) in the zone file can contain\n dots when not in quotes.\n\n - #4133: Fix that when IXFR contains a zone with broken\n NSEC3PARAM chain, NSD leniently attempts to find a\n working NSEC3PARAM.\n\nUpdate to upstream release 4.1.23 :\n\n - Fix NSD time sensitive TSIG compare vulnerability.\n\nUpdate to upstream release 4.1.22 :\n\n - Features :\n\n - refuse-any sends truncation (+TC) in reply to ANY\n queries over UDP, and allows TCP queries like normal.\n\n - Use accept4 to speed up answer of TCP queries\n\n - Bug fixes :\n\n - Fix nsec3 hash of parent and child co-hosted nsec3\n enabled zones.\n\n - Fix to use same condition for nsec3 hash allocation and\n free.\n\n - Changes in version 4.1.21 :\n\n - Features :\n\n - --enable-memclean cleans up memory for use with memory\n checkers, eg. valgrind.\n\n - refuse-any nsd.conf option that refuses queries of type\n ANY.\n\n - lower memory usage for tcp connections, so tcp-count can\n be higher.\n\n - Bug fixes :\n\n - Fix spelling error in xfr-inspect.\n\n - Fix buffer size warnings from compiler on filename\n lengths.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1157331\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://nlnetlabs.nl/people/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected nsd packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nsd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nsd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:nsd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1|SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1 / 15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nsd-4.1.27-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nsd-debuginfo-4.1.27-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"nsd-debugsource-4.1.27-lp151.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nsd-4.3.4-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nsd-debuginfo-4.3.4-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"nsd-debugsource-4.3.4-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nsd / nsd-debuginfo / nsd-debugsource\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-29T14:43:18", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\n - Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.(CVE-2019-16866)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : unbound (EulerOS-SA-2021-1634)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16866", "CVE-2020-28935"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1634.NASL", "href": "https://www.tenable.com/plugins/nessus/147670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147670);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2019-16866\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : unbound (EulerOS-SA-2021-1634)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\n - Unbound before 1.9.4 accesses uninitialized memory,\n which allows remote attackers to trigger a crash via a\n crafted NOTIFY query. The source IP address of the\n query must match an access-control\n rule.(CVE-2019-16866)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1634\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38ac9602\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h3.eulerosv2r9\",\n \"unbound-1.7.3-18.h3.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:42:12", "description": "According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\n - Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.(CVE-2019-16866)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2021-1629)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16866", "CVE-2020-28935"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1629.NASL", "href": "https://www.tenable.com/plugins/nessus/147617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147617);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\n \"CVE-2019-16866\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : unbound (EulerOS-SA-2021-1629)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\n - Unbound before 1.9.4 accesses uninitialized memory,\n which allows remote attackers to trigger a crash via a\n crafted NOTIFY query. The source IP address of the\n query must match an access-control\n rule.(CVE-2019-16866)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1629\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c19d111d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"python3-unbound-1.7.3-18.h3.eulerosv2r9\",\n \"unbound-libs-1.7.3-18.h3.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-29T14:39:14", "description": "Several security vulnerabilities have been corrected in unbound, a validating, recursive, caching DNS resolver. Support for the unbound DNS server has been resumed, the sources can be found in the unbound1.9 source package.\n\nCVE-2020-12662\n\nUnbound has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue. This is triggered by random subdomains in the NSDNAME in NS records.\n\nCVE-2020-12663\n\nUnbound has an infinite loop via malformed DNS answers received from upstream servers.\n\nCVE-2020-28935\n\nUnbound contains a local vulnerability that would allow for a local symlink attack. When writing the PID file Unbound creates the file if it is not there, or opens an existing file for writing. In case the file was already present, it would follow symlinks if the file happened to be a symlink instead of a regular file. \n\nFor Debian 9 stretch, these problems have been fixed in version 1.9.0-2+deb10u2~deb9u1.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "Debian DLA-2556-1 : unbound1.9 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12662", "CVE-2020-12663", "CVE-2020-28935"], "modified": "2021-02-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libunbound8", "p-cpe:/a:debian:debian_linux:unbound", "p-cpe:/a:debian:debian_linux:unbound-anchor", "p-cpe:/a:debian:debian_linux:unbound-host", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2556.NASL", "href": "https://www.tenable.com/plugins/nessus/146527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2556-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146527);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-12662\", \"CVE-2020-12663\", \"CVE-2020-28935\");\n\n script_name(english:\"Debian DLA-2556-1 : unbound1.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities have been corrected in unbound, a\nvalidating, recursive, caching DNS resolver. Support for the unbound\nDNS server has been resumed, the sources can be found in the\nunbound1.9 source package.\n\nCVE-2020-12662\n\nUnbound has Insufficient Control of Network Message Volume, aka an\n'NXNSAttack' issue. This is triggered by random subdomains in the\nNSDNAME in NS records.\n\nCVE-2020-12663\n\nUnbound has an infinite loop via malformed DNS answers received from\nupstream servers.\n\nCVE-2020-28935\n\nUnbound contains a local vulnerability that would allow for a local\nsymlink attack. When writing the PID file Unbound creates the file if\nit is not there, or opens an existing file for writing. In case the\nfile was already present, it would follow symlinks if the file\nhappened to be a symlink instead of a regular file. \n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u1.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/unbound1.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/unbound1.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libunbound8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-host\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libunbound8\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-anchor\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-host\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-11T14:52:24", "description": "According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.(CVE-2020-28935)\n\n - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue. This is triggered by random subdomains in the NSDNAME in NS records.(CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.(CVE-2020-12663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-07-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2021-2172)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12662", "CVE-2020-12663", "CVE-2020-28935"], "modified": "2021-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.2"], "id": "EULEROS_SA-2021-2172.NASL", "href": "https://www.tenable.com/plugins/nessus/151378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151378);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/08\");\n\n script_cve_id(\n \"CVE-2020-12662\",\n \"CVE-2020-12663\",\n \"CVE-2020-28935\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2021-2172)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - NLnet Labs Unbound, up to and including version 1.12.0,\n and NLnet Labs NSD, up to and including version 4.3.3,\n contain a local vulnerability that would allow for a\n local symlink attack. When writing the PID file,\n Unbound and NSD create the file if it is not there, or\n open an existing file for writing. In case the file was\n already present, they would follow symlinks if the file\n happened to be a symlink instead of a regular file. An\n additional chown of the file would then take place\n after it was written, making the user Unbound/NSD is\n supposed to run as the new owner of the file. If an\n attacker has local access to the user Unbound/NSD runs\n as, she could create a symlink in place of the PID file\n pointing to a file that she would like to erase. If\n then Unbound/NSD is killed and the PID file is not\n cleared, upon restarting with root privileges,\n Unbound/NSD will rewrite any file pointed at by the\n symlink. This is a local vulnerability that could\n create a Denial of Service of the system Unbound/NSD is\n running on. It requires an attacker having access to\n the limited permission user Unbound/NSD runs as and\n point through the symlink to a critical file on the\n system.(CVE-2020-28935)\n\n - Unbound before 1.10.1 has Insufficient Control of\n Network Message Volume, aka an 'NXNSAttack' issue. This\n is triggered by random subdomains in the NSDNAME in NS\n records.(CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via\n malformed DNS answers received from upstream\n servers.(CVE-2020-12663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2172\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7bb71aaf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-libs-1.6.6-1.h4.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2023-02-08T17:32:10", "description": "**Issue Overview:**\n\nA flaw was found in unbound. An integer overflow in regional_alloc function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker and can be big enough. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2019-25032)\n\nA flaw was found in unbound. An integer overflow in the sldns_str2wire_dname_buf_origin function may lead to a buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2019-25034)\n\nA flaw was found in unbound. An out-of-bounds write in the sldns_bget_token_par function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2019-25035)\n\nA flaw was found in unbound. A reachable assertion in the synth_cname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dname_pkt_copy function. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2019-25036)\n\nA flaw was found in unbound. A reachable assertion in the dname_pkt_copy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability. (CVE-2019-25037)\n\nA flaw was found in unbound. An integer overflow in dnsc_load_local_data function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2019-25038)\n\nA flaw was found in unbound. An integer overflow in ub_packed_rrset_key function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2019-25039)\n\nA flaw was found in unbound. An infinite loop in dname_pkt_copy function could be triggered by a remote attacker. The highest threat from this vulnerability is to service availability. (CVE-2019-25040)\n\nA flaw was found in unbound. A reachable assertion in the dname_pkt_copy function can be triggered through compressed names. The highest threat from this vulnerability is to service availability. (CVE-2019-25041)\n\nA flaw was found in unbound. An out-of-bounds write in the rdata_copy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2019-25042)\n\nNLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system. (CVE-2020-28935)\n\n \n**Affected Packages:** \n\n\nunbound\n\n \n**Issue Correction:** \nRun _yum update unbound_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 unbound-1.7.3-15.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 unbound-devel-1.7.3-15.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 unbound-libs-1.7.3-15.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 python2-unbound-1.7.3-15.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 python3-unbound-1.7.3-15.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 unbound-debuginfo-1.7.3-15.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 unbound-1.7.3-15.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 unbound-devel-1.7.3-15.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 unbound-libs-1.7.3-15.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 python2-unbound-1.7.3-15.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 python3-unbound-1.7.3-15.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 unbound-debuginfo-1.7.3-15.amzn2.0.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 unbound-1.7.3-15.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 unbound-1.7.3-15.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 unbound-devel-1.7.3-15.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 unbound-libs-1.7.3-15.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 python2-unbound-1.7.3-15.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 python3-unbound-1.7.3-15.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 unbound-debuginfo-1.7.3-15.amzn2.0.1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2019-25032](<https://access.redhat.com/security/cve/CVE-2019-25032>), [CVE-2019-25034](<https://access.redhat.com/security/cve/CVE-2019-25034>), [CVE-2019-25035](<https://access.redhat.com/security/cve/CVE-2019-25035>), [CVE-2019-25036](<https://access.redhat.com/security/cve/CVE-2019-25036>), [CVE-2019-25037](<https://access.redhat.com/security/cve/CVE-2019-25037>), [CVE-2019-25038](<https://access.redhat.com/security/cve/CVE-2019-25038>), [CVE-2019-25039](<https://access.redhat.com/security/cve/CVE-2019-25039>), [CVE-2019-25040](<https://access.redhat.com/security/cve/CVE-2019-25040>), [CVE-2019-25041](<https://access.redhat.com/security/cve/CVE-2019-25041>), [CVE-2019-25042](<https://access.redhat.com/security/cve/CVE-2019-25042>), [CVE-2020-28935](<https://access.redhat.com/security/cve/CVE-2020-28935>)\n\nMitre: [CVE-2019-25032](<https://vulners.com/cve/CVE-2019-25032>), [CVE-2019-25034](<https://vulners.com/cve/CVE-2019-25034>), [CVE-2019-25035](<https://vulners.com/cve/CVE-2019-25035>), [CVE-2019-25036](<https://vulners.com/cve/CVE-2019-25036>), [CVE-2019-25037](<https://vulners.com/cve/CVE-2019-25037>), [CVE-2019-25038](<https://vulners.com/cve/CVE-2019-25038>), [CVE-2019-25039](<https://vulners.com/cve/CVE-2019-25039>), [CVE-2019-25040](<https://vulners.com/cve/CVE-2019-25040>), [CVE-2019-25041](<https://vulners.com/cve/CVE-2019-25041>), [CVE-2019-25042](<https://vulners.com/cve/CVE-2019-25042>), [CVE-2020-28935](<https://vulners.com/cve/CVE-2020-28935>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T01:09:00", "type": "amazon", "title": "Medium: unbound", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-07-01T20:24:00", "id": "ALAS2-2021-1683", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1683.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rocky": [{"lastseen": "2023-02-02T17:12:01", "description": "An update is available for unbound.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032)\n\n* unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034)\n\n* unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035)\n\n* unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036)\n\n* unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037)\n\n* unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038)\n\n* unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039)\n\n* unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040)\n\n* unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041)\n\n* unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042)\n\n* unbound: symbolic link traversal when writing PID file (CVE-2020-28935)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-18T06:15:09", "type": "rocky", "title": "unbound security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-05-18T06:15:09", "id": "RLSA-2021:1853", "href": "https://errata.rockylinux.org/RLSA-2021:1853", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2023-01-26T15:22:53", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 LTS\n\n## Packages\n\n * unbound \\- validating, recursive, caching DNS resolver\n\nIt was discovered that Unbound contained multiple security issues. A \nremote attacker could possibly use these issues to cause a denial of \nservice, inject arbitrary commands, execute arbitrary code, and overwrite \nlocal files.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-06T00:00:00", "type": "ubuntu", "title": "Unbound vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-05-06T00:00:00", "id": "USN-4938-1", "href": "https://ubuntu.com/security/notices/USN-4938-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:37:38", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that Unbound contained multiple security issues. A remote attacker could possibly use these issues to cause a denial of service, inject arbitrary commands, execute arbitrary code, and overwrite local files.\n\nCVEs contained in this USN include: CVE-2019-25031, CVE-2019-25035, CVE-2019-25040, CVE-2019-25038, CVE-2019-25039, CVE-2019-25042, CVE-2019-25041, CVE-2020-28935, CVE-2019-25034, CVE-2019-25033, CVE-2019-25037, CVE-2019-25036, CVE-2019-25032.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.237.0\n * CF Deployment \n * All versions prior to 16.15.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade all versions to 0.237.0 or greater\n * CF Deployment \n * Upgrade all versions to 16.15.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4938-1/>)\n * [CVE-2019-25031](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25031>)\n * [CVE-2019-25035](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25035>)\n * [CVE-2019-25040](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25040>)\n * [CVE-2019-25038](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25038>)\n * [CVE-2019-25039](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25039>)\n * [CVE-2019-25042](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25042>)\n * [CVE-2019-25041](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25041>)\n * [CVE-2020-28935](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-28935>)\n * [CVE-2019-25034](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25034>)\n * [CVE-2019-25033](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25033>)\n * [CVE-2019-25037](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25037>)\n * [CVE-2019-25036](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25036>)\n * [CVE-2019-25032](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-25032>)\n\n## History\n\n2021-06-11: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-06-11T00:00:00", "type": "cloudfoundry", "title": "USN-4938-1: Unbound vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2021-06-11T00:00:00", "id": "CFOUNDRY:EF66FE5FEBE8216F66D049B74386E613", "href": "https://www.cloudfoundry.org/blog/usn-4938-1/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2022-11-08T06:10:02", "description": "An update that solves 13 vulnerabilities and has three\n fixes is now available.\n\nDescription:\n\n This update for unbound fixes the following issues:\n\n - CVE-2019-25031: Fixed configuration injection in\n create_unbound_ad_servers.sh upon a successful man-in-the-middle attack\n (bsc#1185382).\n - CVE-2019-25032: Fixed integer overflow in the regional allocator via\n regional_alloc (bsc#1185383).\n - CVE-2019-25033: Fixed integer overflow in the regional allocator via the\n ALIGN_UP macro (bsc#1185384).\n - CVE-2019-25034: Fixed integer overflow in\n sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write\n (bsc#1185385).\n - CVE-2019-25035: Fixed out-of-bounds write in sldns_bget_token_par\n (bsc#1185386).\n - CVE-2019-25036: Fixed assertion failure and denial of service in\n synth_cname (bsc#1185387).\n - CVE-2019-25037: Fixed assertion failure and denial of service in\n dname_pkt_copy via an invalid packet (bsc#1185388).\n - CVE-2019-25038: Fixed integer overflow in a size calculation in\n dnscrypt/dnscrypt.c (bsc#1185389).\n - CVE-2019-25039: Fixed integer overflow in a size calculation in\n respip/respip.c (bsc#1185390).\n - CVE-2019-25040: Fixed infinite loop via a compressed name in\n dname_pkt_copy (bsc#1185391).\n - CVE-2019-25041: Fixed assertion failure via a compressed name in\n dname_pkt_copy (bsc#1185392).\n - CVE-2019-25042: Fixed out-of-bounds write via a compressed name in\n rdata_copy (bsc#1185393).\n - CVE-2020-28935: Fixed symbolic link traversal when writing PID file\n (bsc#1179191).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-176=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-176=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-25T00:00:00", "type": "suse", "title": "Security update for unbound (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2020-28935"], "modified": "2022-01-25T00:00:00", "id": "OPENSUSE-SU-2022:0176-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JTS3PI42CZC7TVKVUTBOIMO2PDFTABYC/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-06T19:35:00", "description": "An update that fixes two vulnerabilities is now available.\n\nDescription:\n\n This update for nsd fixes the following issues:\n\n nsd was updated to the new upstream release 4.3.4\n\n FEATURES:\n\n - Merge PR #141: ZONEMD RR type.\n\n BUG FIXES:\n\n - Fix that symlink does not interfere with chown of pidfile (boo#1179191,\n CVE-2020-28935)\n - Fix #128: Fix that the invalid port number is logged for sendmmsg\n failed: Invalid argument.\n - Fix #133: fix 0-init of local ( stack ) buffer.\n - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.\n - Fix to add missing closest encloser NSEC3 for wildcard nodata type DS\n answer.\n - Fix #138: NSD returns non-EDNS answer when QUESTION is empty.\n - Fix #142: NODATA answers missin SOA in authority section after CNAME\n chain.\n\n New upstream release 4.3.3:\n\n FEATURES:\n\n - Follow DNS flag day 2020 advice and set default EDNS message size to\n 1232.\n - Merged PR #113 with fixes. Instead of listing an IP-address to listen\n on, an interface name can be specified in nsd.conf, with ip-address:\n eth0. The IP-addresses for that interface are then used.\n\n - New upstream release 4.3.2\n\n FEATURES:\n\n - Fix #96: log-only-syslog: yes sets to only use syslog, fixes that the\n default configuration and systemd results in duplicate log messages.\n - Fix #107: nsd -v shows configure line, openssl version and libevent\n version.\n - Fix #103 with #110: min-expire-time option. To provide a lower bound\n for expire period. Expressed in number of seconds or refresh+retry+1.\n\n BUG FIXES:\n\n - Fix to omit the listen-on lines from log at startup, unless verbose.\n - Fix #97: EDNS unknown version: query not in response.\n - Fix #99: Fix copying of socket properties with reuseport enabled.\n - Document default value for tcp-timeout.\n - Merge PR#102 from and0x000: add missing default in documentation for\n drop-updates.\n - Fix unlink of pidfile warning if not possible due to permissions, nsd\n can display the message at high verbosity levels.\n - Removed contrib/nsd.service, example is too complicated and not useful.\n - Merge #108 from Nomis: Make the max-retry-time description clearer.\n - Retry when udp send buffer is full to wait until buffer space is\n available.\n - Remove errno reset behaviour from sendmmsg and recvmmsg replacement\n functions.\n - Fix unit test for different nsd-control-setup -h exit code.\n - Merge #112 from jaredmauch: log old and new serials when NSD rejects an\n IXFR due to an old serial number.\n - Fix #106: Adhere better to xfrd bounds. Refresh and retry times.\n - Fix #105: Clearing hash_tree means just emptying the tree.\n\n New upstream release 4.3.1\n\n BUG FIXES:\n - Merge PR #91 by gearnode: nsd-control-setup recreate certificates. The\n '-r' option recreates certificates. Without it it creates them if they\n do not exist, and does not modify them otherwise.\n\n New upstream release 4.3.0\n\n FEATURES:\n\n - Fix to use getrandom() for randomness, if available.\n - Fix #56: Drop sparse TSIG signing support in NSD. Sign every axfr packet\n with TSIG, according to the latest draft-ietf-dnsop-rfc2845bis-06,\n Section 5.3.1.\n - Merge pull request #59 from buddyns: add FreeBSD support for conf key\n ip-transparent.\n - Add feature to pin server processes to specific cpus.\n - Add feature to pin IP addresses to selected server processes.\n - Set process title to identify individual processes.\n - Merge PR#22: minimise-any: prefer polular and not large RRset, from\n Daisuke Higashi.\n - Add support for SO_BINDTODEVICE on Linux.\n - Add feature to drop queries with opcode UPDATE.\n\n BUG FIXES:\n\n - Fix whitespace in nsd.conf.sample.in, patch from Paul Wouters.\n - use-systemd is ignored in nsd.conf, when NSD is compiled with libsystemd\n it always signals readiness, if possible.\n - Note that use-systemd is not necessary and ignored in man page.\n - Fix responses for IXFR so that the authority section is not echoed in\n the response.\n - Fix that the retry wait does not exceed one day for zone transfers.\n\n - Update keyring as per https://nlnetlabs.nl/people/\n\n New upstream release 4.2.3:\n\n * confine-to-zone configures NSD to not return out-of-zone additional\n information.\n * pidfile \"\" allows to run NSD without a pidfile\n * adds support for readiness notification with READY_FD\n * fix excessive logging of ixfr failures, it stops the log when fallback\n to axfr is possible. log is enabled at high verbosity.\n * The nsd.conf includes are sorted ascending, for include statements\n with a '*' from glob.\n * Fix log address and failure reason with tls handshake errors,\n squelches (the same as unbound) some unless high verbosity is used.\n * Number of different UDP handlers has been reduced to one. recvmmsg and\n sendmmsg implementations are now used on all platforms.\n * Socket options are now set in designated functions for easy reuse.\n * Socket setup has been simplified for easy reuse.\n * Configuration parser is now aware of the context in which an option\n was specified.\n * document that remote-control is a top-level nsd.conf attribute.\n\n - Remove legacy upgrade of nsd users in %post (boo#1157331)\n\n New upstream release 4.2.2:\n\n * Fix #20: CVE-2019-13207 Stack-based Buffer Overflow in the\n dname_concatenate() function. Reported by Frederic Cambus. It causes\n the zone parser to crash on a malformed zone file, with assertions\n enabled, an assertion catches it.\n * Fix #19: Out-of-bounds read caused by improper validation of array\n index. Reported by Frederic Cambus. The zone parser fails on type\n SIG because of mismatched definition with RRSIG.\n * PR #23: Fix typo in nsd.conf man-page.\n * Fix that NSD warns for wrong length of the hash in SSHFP records.\n * Fix #25: NSD doesn't refresh zones after extended downtime, it\n refreshes the old zones.\n * Set no renegotiation on the SSL context to stop client session\n renegotiation.\n * Fix #29: SSHFP check NULL pointer dereference.\n * Fix #30: SSHFP check failure due to missing domain name.\n * Fix to timeval_add in minievent for remaining second in microseconds.\n * PR #31: nsd-control: Add missing stdio header.\n * PR #32: tsig: Fix compilation without HAVE_SSL.\n * Cleanup tls context on xfrd exit.\n * Fix #33: Fix segfault in service of remaining streams on exit.\n * Fix error message for out of zone data to have more information.\n\n New upstream release 4.2.1:\n\n * FEATURES:\n\n - Added num.tls and num.tls6 stat counters.\n - PR #12: send-buffer-size, receive-buffer-size, tcp-reject-overflow\n options for nsd.conf, from Jeroen Koekkoek.\n - Fix #14, tcp connections have 1/10 to be active and have to work\n every second, and then they get time to complete during a reload,\n this is a process that lingers with the old version during a version\n update.\n\n * BUG FIXES:\n\n - Fix #13: Stray dot at the end of some log entries, removes dot after\n updated serial number in log entry.\n - Fix TLS cipher selection, the previous was redundant, prefers\n CHACHA20-POLY1305 over AESGCM and was not as readable as it could be.\n - Fix #15: crash in SSL library, initialize variables for TCP access\n when TLS is configured.\n - Fix tls handshake event callback function mistake, reported by\n Mykhailo Danylenko.\n - Fix output of nsd-checkconf -h.\n\n New upstream release 4.2.0:\n\n * Implement TCP fast open\n * Added DNS over TLS\n * TLS OCSP stapling support with the tls-service-ocsp option\n * New option hide-identity can be used in nsd.conf to stop NSD from\n responding with the hostname for probe queries that elicit the chaos\n class response, this is conform RFC4892\n * Disable TLS1.0, TLS1.1 and weak ciphers, enable\n CIPHER_SERVER_PREFERENCE\n\n Update to upstream release 4.1.27:\n\n * FEATURES:\n\n - Deny ANY with only one RR in response, by default. Patch from\n Daisuke Higashi. The deny-any statement in nsd.conf sets ANY\n queries over UDP to be further moved to TCP as well. Also no\n additional section processig for type ANY, reducing the response\n size.\n - Fix #4215: on-the-fly change of TSIG keys with patch from Igor, adds\n nsd-control print_tsig, update_tsig, add_tsig, assoc_tsig and\n del_tsig. These changes are gone after reload, edit the config file\n (or a file included from it) to make changes that last after restart.\n\n * BUG FIXES:\n\n Update to upstream release 4.1.26:\n\n * FEATURES:\n\n - DNSTAP support for NSD, --enable-dnstap and then config in nsd.conf.\n - Support SO_REUSEPORT_LB in FreeBSD 12 with the reuseport: yes\n option in nsd.conf.\n - Added nsd-control changezone. nsd-control changezone name pattern\n allows the change of a zone pattern option without downtime for the\n zone, in one operation.\n\n * BUG FIXES:\n\n - Fix #4194: Zone file parser derailed by non-FQDN names in RHS of\n DNSSEC RRs.\n - Fix #4202: nsd-control delzone incorrect exit code on error.\n - Fix to not set GLOB_NOSORT so the nsd.conf include: files are sorted\n and in a predictable order.\n - Fix #3433: document that reconfig does not change per-zone stats.\n\n Update to upstream release 4.1.25:\n\n * FEATURES:\n\n - nsd-control prints neater errors for file failures.\n\n * BUG FIXES:\n\n - Fix that nsec3 precompile deletion happens before the RRs of the\n zone are deleted.\n - Fix printout of accepted remote control connection for unix sockets.\n - Fix use_systemd typo/leftover in remote.c.\n - Fix codingstyle in nsd-checkconf.c in patch from Sharp Liu.\n - append_trailing_slash has one implementation and is not repeated\n differently.\n - Fix coding style in nsd.c\n - Fix to combine the same error function into one, from Xiaobo Liu.\n - Fix initialisation in remote.c.\n - please clang analyzer and fix parse of IPSECKEY with bad gateway.\n - Fix nsd-checkconf fail on bad zone name.\n - Annotate exit functions with noreturn.\n - Remove unused if clause during server service startup.\n - Fix #4156: Fix systemd service manager state change notification\n When it is compiled, systemd readiness signalling is enabled. The\n option in nsd.conf is not used, it is ignored when read.\n\n Update to upstream release 4.1.24:\n\n - Features\n\n * #4102: control interface via local socket\n * configure --enable-systemd (needs pkg-config and libsystemd) can be\n used to then use-systemd: yes in nsd.conf and have readiness\n signalling with systemd.\n * RFC8162 support, for record type SMIMEA.\n - Bug Fixes\n * Patch to fix openwrt for mac os build darwin detection in configure.\n * Fix that first control-interface determines if TLS is used. Warn\n when IP address interfaces are used without TLS.\n * #4106: Fix that stats printed from nsd-control are recast from\n unsigned long to unsigned (remote.c).\n * Fix that type CAA (and URI) in the zone file can contain dots when\n not in quotes.\n * #4133: Fix that when IXFR contains a zone with broken NSEC3PARAM\n chain, NSD leniently attempts to find a working NSEC3PARAM.\n\n Update to upstream release 4.1.23:\n\n - Fix NSD time sensitive TSIG compare vulnerability.\n\n Update to upstream release 4.1.22:\n\n - Features:\n * refuse-any sends truncation (+TC) in reply to ANY queries\n over UDP, and allows TCP queries like normal.\n * Use accept4 to speed up answer of TCP queries\n - Bug fixes:\n * Fix nsec3 hash of parent and child co-hosted nsec3 enabled zones.\n * Fix to use same condition for nsec3 hash allocation and free.\n\n - Changes in version 4.1.21:\n\n - Features:\n * --enable-memclean cleans up memory for use with memory checkers, eg.\n valgrind.\n * refuse-any nsd.conf option that refuses queries of type ANY.\n * lower memory usage for tcp connections, so tcp-count can be higher.\n - Bug fixes:\n * Fix spelling error in xfr-inspect.\n * Fix buffer size warnings from compiler on filename lengths.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2020-2222=1\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-2222=1\n\n - openSUSE Backports SLE-15-SP2:\n\n zypper in -t patch openSUSE-2020-2222=1\n\n - openSUSE Backports SLE-15-SP1:\n\n zypper in -t patch openSUSE-2020-2222=1\n\n - SUSE Package Hub for SUSE Linux Enterprise 12:\n\n zypper in -t patch openSUSE-2020-2222=1", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-12-10T00:00:00", "type": "suse", "title": "Security update for nsd (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13207", "CVE-2020-28935"], "modified": "2020-12-10T00:00:00", "id": "OPENSUSE-SU-2020:2222-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FTW5CJUTFYDW2AXXAB7XZT77YJPEM7HY/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2022-01-05T14:34:07", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2652-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nMay 06, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : unbound1.9\nVersion : 1.9.0-2+deb10u2~deb9u2\nCVE ID : CVE-2019-25031 CVE-2019-25032 CVE-2019-25033 CVE-2019-25034 \n CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 \n CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042\n\nSeveral security vulnerabilities have been discovered in Unbound, a validating,\nrecursive, caching DNS resolver, by security researchers of X41 D-SEC located\nin Aachen, Germany. Integer overflows, assertion failures, an out-of-bound\nwrite and an infinite loop vulnerability may lead to a denial-of-service or\nhave a negative impact on data confidentiality.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u2.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T21:58:25", "type": "debian", "title": "[SECURITY] [DLA 2652-1] unbound1.9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042"], "modified": "2021-05-06T21:58:25", "id": "DEBIAN:DLA-2652-1:FFCF4", "href": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T02:39:51", "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2556-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nFebruary 12, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : unbound1.9\nVersion : 1.9.0-2+deb10u2~deb9u1\nCVE ID : CVE-2020-12662 CVE-2020-12663 CVE-2020-28935\nDebian Bug : 977165\n\nSeveral security vulnerabilities have been corrected in unbound, a\nvalidating, recursive, caching DNS resolver. Support for the unbound DNS server\nhas been resumed, the sources can be found in the unbound1.9 source package.\n\nCVE-2020-12662\n\n Unbound has Insufficient Control of Network Message\n Volume, aka an &quot;NXNSAttack&quot; issue. This is triggered by random\n subdomains in the NSDNAME in NS records.\n\nCVE-2020-12663\n\n Unbound has an infinite loop via malformed DNS answers received from\n upstream servers.\n\nCVE-2020-28935\n\n Unbound contains a local vulnerability that would allow for a local symlink\n attack. When writing the PID file Unbound creates the file if it is not\n there, or opens an existing file for writing. In case the file was already\n present, it would follow symlinks if the file happened to be a symlink\n instead of a regular file. \n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u1.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-12T16:37:36", "type": "debian", "title": "[SECURITY] [DLA 2556-1] unbound1.9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12662", "CVE-2020-12663", "CVE-2020-28935"], "modified": "2021-02-12T16:37:36", "id": "DEBIAN:DLA-2556-1:967CA", "href": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-07-21T11:13:55", "description": "\nSeveral security vulnerabilities have been discovered in Unbound, a validating,\nrecursive, caching DNS resolver, by security researchers of X41 D-SEC located\nin Aachen, Germany. Integer overflows, assertion failures, an out-of-bound\nwrite and an infinite loop vulnerability may lead to a denial-of-service or\nhave a negative impact on data confidentiality.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u2.\n\n\nWe recommend that you upgrade your unbound1.9 packages.\n\n\nFor the detailed security status of unbound1.9 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/unbound1.9>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T00:00:00", "type": "osv", "title": "unbound1.9 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25038", "CVE-2019-25041", "CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25042", "CVE-2019-25037", "CVE-2019-25036", "CVE-2019-25034", "CVE-2019-25039", "CVE-2019-25035", "CVE-2019-25040", "CVE-2019-25033"], "modified": "2021-05-06T22:41:07", "id": "OSV:DLA-2652-1", "href": "https://osv.dev/vulnerability/DLA-2652-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-12T17:30:47", "description": "NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-12-07T22:15:00", "type": "osv", "title": "CVE-2020-28935", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2022-10-12T14:29:00", "id": "OSV:CVE-2020-28935", "href": "https://osv.dev/vulnerability/CVE-2020-28935", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-07-11T05:29:44", "description": "\nSeveral security vulnerabilities have been corrected in unbound, a\nvalidating, recursive, caching DNS resolver. Support for the unbound DNS server\nhas been resumed, the sources can be found in the unbound1.9 source package.\n\n\n* [CVE-2020-12662](https://security-tracker.debian.org/tracker/CVE-2020-12662)\nUnbound has Insufficient Control of Network Message\n Volume, aka an NXNSAttack issue. This is triggered by random\n subdomains in the NSDNAME in NS records.\n* [CVE-2020-12663](https://security-tracker.debian.org/tracker/CVE-2020-12663)\nUnbound has an infinite loop via malformed DNS answers received from\n upstream servers.\n* [CVE-2020-28935](https://security-tracker.debian.org/tracker/CVE-2020-28935)\nUnbound contains a local vulnerability that would allow for a local symlink\n attack. When writing the PID file Unbound creates the file if it is not\n there, or opens an existing file for writing. In case the file was already\n present, it would follow symlinks if the file happened to be a symlink\n instead of a regular file.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u1.\n\n\nWe recommend that you upgrade your unbound1.9 packages.\n\n\nFor the detailed security status of unbound1.9 please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/unbound1.9>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-12T00:00:00", "type": "osv", "title": "unbound1.9 - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935", "CVE-2020-12662", "CVE-2020-12663"], "modified": "2021-02-14T23:58:37", "id": "OSV:DLA-2556-1", "href": "https://osv.dev/vulnerability/DLA-2556-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "photon": [{"lastseen": "2022-05-12T18:43:06", "description": "Updates of ['unbound', 'cifs-utils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-13T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0236", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2021-20208"], "modified": "2021-05-13T00:00:00", "id": "PHSA-2021-0236", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-236", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:57:15", "description": "Updates of ['unbound', 'cifs-utils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-13T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-3.0-0236", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041", "CVE-2019-25042", "CVE-2021-20208"], "modified": "2021-05-13T00:00:00", "id": "PHSA-2021-3.0-0236", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-236", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-09T02:35:24", "description": "Updates of ['unbound'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-05T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0342", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25042"], "modified": "2021-05-05T00:00:00", "id": "PHSA-2021-0342", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-342", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:11:46", "description": "Updates of ['unbound'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0441", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041"], "modified": "2022-02-15T00:00:00", "id": "PHSA-2022-0441", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-441", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T17:47:23", "description": "Updates of ['unbound'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-15T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0471", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25033", "CVE-2019-25038", "CVE-2019-25039", "CVE-2019-25040", "CVE-2019-25041"], "modified": "2022-02-15T00:00:00", "id": "PHSA-2022-0471", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-471", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T11:47:20", "description": "An update of {'unbound', 'cifs-utils', 'mysql'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-24T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0390", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25042", "CVE-2021-20208", "CVE-2021-2146", "CVE-2021-2154", "CVE-2021-2162", "CVE-2021-2166", "CVE-2021-2169", "CVE-2021-2171", "CVE-2021-2174", "CVE-2021-2179", "CVE-2021-2180", "CVE-2021-2194", "CVE-2021-2226", "CVE-2021-2307"], "modified": "2021-05-24T00:00:00", "id": "PHSA-2021-1.0-0390", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-390", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-28T17:50:50", "description": "Updates of ['cifs-utils', 'linux', 'unbound', 'mysql'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-24T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0390", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25031", "CVE-2019-25034", "CVE-2019-25035", "CVE-2019-25036", "CVE-2019-25037", "CVE-2019-25042", "CVE-2020-25670", "CVE-2020-25671", "CVE-2021-20208", "CVE-2021-2146", "CVE-2021-2154", "CVE-2021-2162", "CVE-2021-2166", "CVE-2021-2169", "CVE-2021-2171", "CVE-2021-2174", "CVE-2021-2179", "CVE-2021-2180", "CVE-2021-2194", "CVE-2021-2226", "CVE-2021-22555", "CVE-2021-2307", "CVE-2021-31916", "CVE-2021-33034"], "modified": "2021-05-24T00:00:00", "id": "PHSA-2021-0390", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-390", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T15:01:45", "description": "An update of {'unbound', 'mysql', 'glibc'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-19T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-2.0-0320", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2014", "CVE-2021-2022", "CVE-2021-2032", "CVE-2021-2060", "CVE-2021-3326"], "modified": "2021-02-19T00:00:00", "id": "PHSA-2021-2.0-0320", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-320", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-09T02:36:26", "description": "Updates of ['mysql', 'unbound', 'glibc'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-19T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0320", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2014", "CVE-2021-2022", "CVE-2021-2032", "CVE-2021-2060", "CVE-2021-3326"], "modified": "2021-02-19T00:00:00", "id": "PHSA-2021-0320", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-320", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-03T11:47:55", "description": "An update of {'mysql', 'unbound', 'binutils'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 4.2}, "published": "2021-02-24T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0362", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935", "CVE-2020-35493", "CVE-2020-35494", "CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2014", "CVE-2021-2022", "CVE-2021-2032", "CVE-2021-2060"], "modified": "2021-02-24T00:00:00", "id": "PHSA-2021-1.0-0362", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-362", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-28T17:52:19", "description": "Updates of ['unbound', 'binutils', 'mysql'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.2}, "published": "2021-02-24T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0362", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935", "CVE-2020-35493", "CVE-2020-35494", "CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2014", "CVE-2021-2022", "CVE-2021-2032", "CVE-2021-2060"], "modified": "2021-02-24T00:00:00", "id": "PHSA-2021-0362", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-362", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-16T05:36:09", "description": "Updates of ['mysql', 'unbound'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-02-21T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-3.0-0197", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15358", "CVE-2020-1971", "CVE-2020-28935", "CVE-2021-2002", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2024", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2046", "CVE-2021-2048", "CVE-2021-2056", "CVE-2021-2058", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2065", "CVE-2021-2070", "CVE-2021-2072", "CVE-2021-2076", "CVE-2021-2081", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2122"], "modified": "2021-02-21T00:00:00", "id": "PHSA-2021-3.0-0197", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-197", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-05-12T18:44:22", "description": "Updates of ['mysql', 'unbound'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-02-21T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0197", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15358", "CVE-2020-1971", "CVE-2020-28935", "CVE-2021-2002", "CVE-2021-2010", "CVE-2021-2011", "CVE-2021-2021", "CVE-2021-2022", "CVE-2021-2024", "CVE-2021-2031", "CVE-2021-2032", "CVE-2021-2036", "CVE-2021-2038", "CVE-2021-2046", "CVE-2021-2048", "CVE-2021-2056", "CVE-2021-2058", "CVE-2021-2060", "CVE-2021-2061", "CVE-2021-2065", "CVE-2021-2070", "CVE-2021-2072", "CVE-2021-2076", "CVE-2021-2081", "CVE-2021-2087", "CVE-2021-2088", "CVE-2021-2122"], "modified": "2021-02-21T00:00:00", "id": "PHSA-2021-0197", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-197", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2022-08-04T13:19:46", "description": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a\ncompressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a\nvulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | same commit as CVE-2019-25040\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25041", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25040", "CVE-2019-25041"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25041", "href": "https://ubuntu.com/security/CVE-2019-25041", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:19:46", "description": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size\ncalculation in respip/respip.c. NOTE: The vendor disputes that this is a\nvulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | same commit as CVE-2019-25038\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25039", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25038", "CVE-2019-25039"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25039", "href": "https://ubuntu.com/security/CVE-2019-25039", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:19:46", "description": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial\nof service in synth_cname. NOTE: The vendor disputes that this is a\nvulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25036", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25036"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25036", "href": "https://ubuntu.com/security/CVE-2019-25036", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:19:47", "description": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial\nof service in dname_pkt_copy via an invalid packet. NOTE: The vendor\ndisputes that this is a vulnerability. Although the code may be vulnerable,\na running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25037", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25037"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25037", "href": "https://ubuntu.com/security/CVE-2019-25037", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:19:46", "description": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size\ncalculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is\na vulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25038", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25038"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25038", "href": "https://ubuntu.com/security/CVE-2019-25038", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:19:47", "description": "** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in\nsldns_bget_token_par. NOTE: The vendor disputes that this is a\nvulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25035", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25035"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25035", "href": "https://ubuntu.com/security/CVE-2019-25035", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:19:47", "description": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in\nsldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE:\nThe vendor disputes that this is a vulnerability. Although the code may be\nvulnerable, a running Unbound installation cannot be remotely or locally\nexploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25034", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25034"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25034", "href": "https://ubuntu.com/security/CVE-2019-25034", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:19:47", "description": "** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a\ncompressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a\nvulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25040", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25040"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25040", "href": "https://ubuntu.com/security/CVE-2019-25040", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:19:46", "description": "** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a\ncompressed name in rdata_copy. NOTE: The vendor disputes that this is a\nvulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25042", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25042"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25042", "href": "https://ubuntu.com/security/CVE-2019-25042", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:24:13", "description": "NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD,\nup to and including version 4.3.3, contain a local vulnerability that would\nallow for a local symlink attack. When writing the PID file, Unbound and\nNSD create the file if it is not there, or open an existing file for\nwriting. In case the file was already present, they would follow symlinks\nif the file happened to be a symlink instead of a regular file. An\nadditional chown of the file would then take place after it was written,\nmaking the user Unbound/NSD is supposed to run as the new owner of the\nfile. If an attacker has local access to the user Unbound/NSD runs as, she\ncould create a symlink in place of the PID file pointing to a file that she\nwould like to erase. If then Unbound/NSD is killed and the PID file is not\ncleared, upon restarting with root privileges, Unbound/NSD will rewrite any\nfile pointed at by the symlink. This is a local vulnerability that could\ncreate a Denial of Service of the system Unbound/NSD is running on. It\nrequires an attacker having access to the limited permission user\nUnbound/NSD runs as and point through the symlink to a critical file on the\nsystem.\n\n#### Bugs\n\n * <https://github.com/NLnetLabs/unbound/issues/303>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-12-07T00:00:00", "type": "ubuntucve", "title": "CVE-2020-28935", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28935"], "modified": "2020-12-07T00:00:00", "id": "UB:CVE-2020-28935", "href": "https://ubuntu.com/security/CVE-2020-28935", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:19:48", "description": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the\nregional allocator via regional_alloc. NOTE: The vendor disputes that this\nis a vulnerability. Although the code may be vulnerable, a running Unbound\ninstallation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25032", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25032", "href": "https://ubuntu.com/security/CVE-2019-25032", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T13:19:47", "description": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the\nregional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that\nthis is a vulnerability. Although the code may be vulnerable, a running\nUnbound installation cannot be remotely or locally exploited.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | same commit as CVE-2019-25032\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T00:00:00", "type": "ubuntucve", "title": "CVE-2019-25033", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25032", "CVE-2019-25033"], "modified": "2021-04-27T00:00:00", "id": "UB:CVE-2019-25033", "href": "https://ubuntu.com/security/CVE-2019-25033", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2023-01-28T06:09:20", "description": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-27T06:15:00", "type": "debiancve", "title": "CVE-2019-25036", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25036"], "modified": "2021-04-27T06:15:00", "id": "DEBIANCVE:CVE-2019-25036", "href": "https://security-tracker.debian.org/tracker/CVE-2019-25036", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-28T06:09:20", "description": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-27T06:15:00", "type": "debiancve", "title": "CVE-2019-25041", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25041"], "modified": "2021-04-27T06:15:00", "id": "DEBIANCVE:CVE-2019-25041", "href": "https://security-tracker.debian.org/tracker/CVE-2019-25041", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-28T06:09:20", "description": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T06:15:00", "type": "debiancve", "title": "CVE-2019-25038", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25038"], "modified": "2021-04-27T06:15:00", "id": "DEBIANCVE:CVE-2019-25038", "href": "https://security-tracker.debian.org/tracker/CVE-2019-25038", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T06:09:20", "description": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-04-27T06:15:00", "type": "debiancve", "title": "CVE-2019-25037", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25037"], "modified": "2021-04-27T06:15:00", "id": "DEBIANCVE:CVE-2019-25037", "href": "https://security-tracker.debian.org/tracker/CVE-2019-25037", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-01-28T06:09:20", "description": "** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T06:15:00", "type": "debiancve", "title": "CVE-2019-25035", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25035"], "modified": "2021-04-27T06:15:00", "id": "DEBIANCVE:CVE-2019-25035", "href": "https://security-tracker.debian.org/tracker/CVE-2019-25035", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T06:09:20", "description": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T06:15:00", "type": "debiancve", "title": "CVE-2019-25034", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-25034"], "modified": "2021-04-27T06:15:00", "id": "DEBIANCVE:CVE-2019-25034", "href": "https://security-tracker.debian.org/tracker/CVE-2019-25034", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-28T06:09:20", "description": "** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-27T06:15:00", "type": "debiancve", "title": "CVE-2019-25042", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": f