{"id": "SECURITYVULNS:DOC:12662", "bulletinFamily": "software", "title": "[Full-disclosure] Multiple vulnerabilities in Outgun 1.0.3 bot 2", "description": "\r\n#######################################################################\r\n\r\n Luigi Auriemma\r\n\r\nApplication: Outgun\r\n http://koti.mbnet.fi/outgun/\r\nVersions: <= 1.0.3 bot 2\r\nPlatforms: Windows, *nix, *BSD and more\r\nBugs: A] data_file_request buffer-overflow\r\n B] exception with big data\r\n C] invalid memory access in messages handling\r\n D] harmless buffer-overflow on a global variable in\r\n changeRegistration\r\nExploitation: remote, versus server\r\nDate: 12 May 2006\r\nAuthor: Luigi Auriemma\r\n e-mail: aluigi@autistici.org\r\n web: aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1) Introduction\r\n2) Bugs\r\n3) The Code\r\n4) Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\n\r\nOutgun is an open source 2D capture-the-flag game with multiplayer\r\nsupport for LAN and Internet through a centralized master server.\r\n\r\n\r\n#######################################################################\r\n\r\n=======\r\n2) Bugs\r\n=======\r\n\r\n--------------------------------------------\r\nA] data_file_request command buffer-overflow\r\n--------------------------------------------\r\n\r\nThe game supports the downloading of map files directly from the server\r\nin which the clients want to play.\r\nThe request for the downloading of the map is composed by the command\r\ndata_file_request and two text strings for the type and name of the\r\nrequested file.\r\nThe buffers in which the server stores these two strings have a size of\r\n64 and 256 bytes and the function readString doesn't check the length\r\nof the destination buffer during the copying.\r\n\r\n>From src/servnet.cpp:\r\n\r\nvoid ServerNetworking::incoming_client_data(int id, char *data, int length) {\r\n ...\r\n else if (code == data_file_request) {\r\n char ftype[64];\r\n char fname[256];\r\n readString(msg, count, ftype);\r\n readString(msg, count, fname);\r\n ...\r\n\r\n\r\n--------------------------\r\nB] exception with big data\r\n--------------------------\r\n\r\nThe leetnet functions used in the game for handling the packets\r\nautomatically raise an exception (throw) if a data bigger than 512\r\n(DATA_BUF_SIZE) bytes is received.\r\nThe effect is the immediate interruption of the game.\r\n\r\n>From src/leetnet/rudp.cpp:\r\n\r\nclass data_ci : public data_c {\r\npublic:\r\n\r\n //allocated length, used length\r\n int alen, ulen;\r\n\r\n //data buffer\r\n char buf[DATA_BUF_SIZE];\r\n\r\n //extend buffer to fit additional len\r\n void extend(int len) {\r\n if (len + ulen > DATA_BUF_SIZE) {\r\n throw 66677;\r\n }\r\n ...\r\n\r\n\r\n---------------------------------------------\r\nC] invalid memory access in messages handling\r\n---------------------------------------------\r\n\r\nThe leetnet functions support a maximum amount of 64 messages in each\r\nincoming packet but no checks are made for avoiding the reading of the\r\nunallocated memory after the packet if an attacker uses wrong message\r\nsizes.\r\n\r\n>From src/leetnet/rudp.cpp:\r\n\r\n virtual char* process_incoming_packet(int *size, bool *special) {\r\n ...\r\n NLulong msgid;\r\n NLshort msgsize;\r\n for (i=0; i<nreliable; i++) { // read all reliable msgs\r\n readLong(udp_data, count, msgid); //id\r\n readShort(udp_data, count, msgsize); //size\r\n\r\n //if (debug) printf("(%i,%i)", msgid, msgsize);\r\n\r\n // station will process the incoming reliable message\r\n process_incoming_message(msgid, (udp_data + count), msgsize);\r\n\r\n //advance count since we didn't "readBlock"\r\n count += msgsize;\r\n\r\n //p->add_reliable(msgid, (udp_data + count), msgsize); //data\r\n }\r\n ...\r\n\r\n\r\n----------------------------------------------------------------------\r\nD] harmless buffer-overflow on a global variable in changeRegistration\r\n----------------------------------------------------------------------\r\n\r\nchangeRegistration is the function for handling the changing of the\r\nregistration informations of the clients.\r\nThis function uses strcpy for copying the client's token in a buffer of\r\n64 bytes located in the global array of the clients informations.\r\nDuring my tests (limited by the problem described in bug B) was not\r\npossible to exploit this bug for crashing the server but I was only\r\nable to modify some of the informations of the other players in the\r\nserver.\r\n\r\n>From src/servernet.cpp:\r\n\r\nbool Server::changeRegistration(int id, const string& token) {\r\n const int intoken = atoi(token.c_str());\r\n if (intoken == client[id].intoken)\r\n return false;\r\n\r\n // v0.4.9 FIX : IF HAD previous token have/valid, then FLUSH his stats\r\n network.client_report_status(id);\r\n\r\n strcpy(client[id].token, token.c_str());\r\n ...\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3) The Code\r\n===========\r\n\r\n\r\nhttp://aluigi.org/poc/outgunx.zip\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4) Fix\r\n======\r\n\r\n\r\nSome of the bugs will be fixed in the next "bot" release.\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n--- \r\nLuigi Auriemma\r\nhttp://aluigi.org\r\nhttp://mirror.aluigi.org\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "published": "2006-05-13T00:00:00", "modified": "2006-05-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:12662", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:17", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2018-08-31T11:10:17", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB317244", "KB980408", "KB981401", "KB2785908", "KB953331", "KB2404575", "KB2510690", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:17", "rev": 2}, "vulnersScore": -0.2}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-03-04T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **192[.]162.132.51** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-31T03:00:00, Last seen: 2021-03-04T03:00:00.\n IOC tags: **generic**.\nASN 12662: (First IP 192.162.132.0, Last IP 192.162.135.255).\nASN Name \"NEMIAS\" and Organisation \"\".\nASN hosts 4 domains.\nGEO IP information: City \"Borodianka\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-31T00:00:00", "id": "RST:DC31C0D8-9BC3-3CD3-9C9F-585D36C82620", "href": "", "published": "2021-03-05T00:00:00", "title": "RST Threat feed. IOC: 192.162.132.51", "type": "rst", "cvss": {}}, {"lastseen": "2020-12-10T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **192[.]162.132.95** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **6**.\n First seen: 2020-06-06T03:00:00, Last seen: 2020-12-10T03:00:00.\n IOC tags: **generic**.\nASN 12662: (First IP 192.162.132.0, Last IP 192.162.135.255).\nASN Name \"NEMIAS\" and Organisation \"\".\nASN hosts 4 domains.\nGEO IP information: City \"Borodianka\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-06T00:00:00", "id": "RST:2D2058A9-CA8D-3DF4-B120-144FFFFEB1AC", "href": "", "published": "2020-12-11T00:00:00", "title": "RST Threat feed. IOC: 192.162.132.95", "type": "rst", "cvss": {}}, {"lastseen": "2020-08-12T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **192[.]162.135.245** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **21**.\n First seen: 2020-06-24T03:00:00, Last seen: 2020-08-12T03:00:00.\n IOC tags: **generic**.\nASN 12662: (First IP 192.162.132.0, Last IP 192.162.135.255).\nASN Name \"NEMIAS\" and Organisation \"\".\nASN hosts 3 domains.\nGEO IP information: City \"Borodianka\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-24T00:00:00", "id": "RST:B2940C90-DA69-3D85-B498-ADB7324371D2", "href": "", "published": "2020-09-21T00:00:00", "title": "RST Threat feed. IOC: 192.162.135.245", "type": "rst", "cvss": {}}, {"lastseen": "2020-08-12T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **192[.]162.132.18** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **21**.\n First seen: 2020-06-24T03:00:00, Last seen: 2020-08-12T03:00:00.\n IOC tags: **generic**.\nASN 12662: (First IP 192.162.132.0, Last IP 192.162.135.255).\nASN Name \"NEMIAS\" and Organisation \"\".\nASN hosts 3 domains.\nGEO IP information: City \"Borodianka\", Country \"Ukraine\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-06-24T00:00:00", "id": "RST:0E5F2240-AD7A-370C-9EA0-7EC712D23358", "href": "", "published": "2020-09-21T00:00:00", "title": "RST Threat feed. IOC: 192.162.132.18", "type": "rst", "cvss": {}}], "nessus": [{"lastseen": "2021-02-20T09:47:25", "description": "Several security vulnerabilities have been corrected in unbound, a\nvalidating, recursive, caching DNS resolver. Support for the unbound\nDNS server has been resumed, the sources can be found in the\nunbound1.9 source package.\n\nCVE-2020-12662\n\nUnbound has Insufficient Control of Network Message Volume, aka an\n'NXNSAttack' issue. This is triggered by random subdomains in the\nNSDNAME in NS records.\n\nCVE-2020-12663\n\nUnbound has an infinite loop via malformed DNS answers received from\nupstream servers.\n\nCVE-2020-28935\n\nUnbound contains a local vulnerability that would allow for a local\nsymlink attack. When writing the PID file Unbound creates the file if\nit is not there, or opens an existing file for writing. In case the\nfile was already present, it would follow symlinks if the file\nhappened to be a symlink instead of a regular file. \n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u1.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-02-16T00:00:00", "title": "Debian DLA-2556-1 : unbound1.9 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-28935", "CVE-2020-12662", "CVE-2020-12663"], "modified": "2021-02-16T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:unbound", "p-cpe:/a:debian:debian_linux:libunbound8", "p-cpe:/a:debian:debian_linux:unbound-anchor", "p-cpe:/a:debian:debian_linux:unbound-host", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2556.NASL", "href": "https://www.tenable.com/plugins/nessus/146527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2556-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146527);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/19\");\n\n script_cve_id(\"CVE-2020-12662\", \"CVE-2020-12663\", \"CVE-2020-28935\");\n\n script_name(english:\"Debian DLA-2556-1 : unbound1.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several security vulnerabilities have been corrected in unbound, a\nvalidating, recursive, caching DNS resolver. Support for the unbound\nDNS server has been resumed, the sources can be found in the\nunbound1.9 source package.\n\nCVE-2020-12662\n\nUnbound has Insufficient Control of Network Message Volume, aka an\n'NXNSAttack' issue. This is triggered by random subdomains in the\nNSDNAME in NS records.\n\nCVE-2020-12663\n\nUnbound has an infinite loop via malformed DNS answers received from\nupstream servers.\n\nCVE-2020-28935\n\nUnbound contains a local vulnerability that would allow for a local\nsymlink attack. When writing the PID file Unbound creates the file if\nit is not there, or opens an existing file for writing. In case the\nfile was already present, it would follow symlinks if the file\nhappened to be a symlink instead of a regular file. \n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u1.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/unbound1.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/unbound1.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libunbound8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-anchor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:unbound-host\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libunbound8\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-anchor\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"unbound-host\", reference:\"1.9.0-2+deb10u2~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-06T13:29:09", "description": "According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.5-p1. It is,\ntherefore, affected by the following vulnerabilities in its subcomponents:\n\n - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue. This is\n triggered by random subdomains in the NSDNAME in NS records. (CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.\n (CVE-2020-12663)\n\n - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by\n printbuf_memappend. (CVE-2020-12762)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-04T00:00:00", "title": "pfSense 2.4.x < 2.4.5-p1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12662", "CVE-2020-12762", "CVE-2020-12663"], "modified": "2021-02-04T00:00:00", "cpe": ["cpe:/a:pfsense:pfsense", "cpe:/a:bsdperimeter:pfsense", "cpe:/a:netgate:pfsense"], "id": "PFSENSE_2_4_5_P1.NASL", "href": "https://www.tenable.com/plugins/nessus/146206", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146206);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2020-12662\", \"CVE-2020-12663\", \"CVE-2020-12762\");\n\n script_name(english:\"pfSense 2.4.x < 2.4.5-p1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote firewall host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.5-p1. It is,\ntherefore, affected by the following vulnerabilities in its subcomponents:\n\n - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue. This is\n triggered by random subdomains in the NSDNAME in NS records. (CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.\n (CVE-2020-12663)\n\n - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by\n printbuf_memappend. (CVE-2020-12762)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.netgate.com/pfsense/en/latest/releases/2-4-5-p1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to pfSense version 2.4.5-p1 or later, or apply patches as noted in the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12762\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:pfsense:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:bsdperimeter:pfsense\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:netgate:pfsense\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Firewalls\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"pfsense_detect.nbin\");\n script_require_keys(\"Host/pfSense\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nif (!get_kb_item('Host/pfSense')) audit(AUDIT_HOST_NOT, 'pfSense');\n\napp_info = vcf::pfsense::get_app_info();\nconstraints = [\n {'min_version':'2.4.0', 'max_version':'2.4.5', 'fixed_version':'2.4.5-p1'}\n];\n\nvcf::pfsense::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING\n);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-04T09:22:55", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:2416 advisory.\n\n - unbound: amplification of an incoming query into a large number of queries directed to a target\n (CVE-2020-12662)\n\n - unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-02-01T00:00:00", "title": "CentOS 8 : unbound (CESA-2020:2416)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12662", "CVE-2020-12663"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:unbound-devel", "cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:unbound", "p-cpe:/a:centos:centos:unbound-libs", "p-cpe:/a:centos:centos:python3-unbound", "cpe:/a:centos:centos:8::appstream"], "id": "CENTOS8_RHSA-2020-2416.NASL", "href": "https://www.tenable.com/plugins/nessus/145822", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:2416. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145822);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/03\");\n\n script_cve_id(\"CVE-2020-12662\", \"CVE-2020-12663\");\n script_xref(name:\"RHSA\", value:\"2020:2416\");\n\n script_name(english:\"CentOS 8 : unbound (CESA-2020:2416)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2020:2416 advisory.\n\n - unbound: amplification of an incoming query into a large number of queries directed to a target\n (CVE-2020-12662)\n\n - unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2416\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:unbound-libs\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'python3-unbound-1.7.3-11.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-unbound-1.7.3-11.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-11.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-1.7.3-11.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-11.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-devel-1.7.3-11.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-11.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'unbound-libs-1.7.3-11.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-unbound / unbound / unbound-devel / unbound-libs');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-11T11:58:09", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unbound packages installed that are affected\nby a vulnerability:\n\n - An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of\n erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large\n number of queries directed to a target, even with a lower amplification ratio compared to versions of\n Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for\n CVE-2020-12662, and it does not affect upstream versions of Unbound. (CVE-2020-10772)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : unbound Vulnerability (NS-SA-2020-0084)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12662", "CVE-2020-10772"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0084_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/143945", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0084. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143945);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2020-10772\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : unbound Vulnerability (NS-SA-2020-0084)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unbound packages installed that are affected\nby a vulnerability:\n\n - An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of\n erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large\n number of queries directed to a target, even with a lower amplification ratio compared to versions of\n Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for\n CVE-2020-12662, and it does not affect upstream versions of Unbound. (CVE-2020-10772)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0084\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL unbound packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10772\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'unbound-1.6.6-5.el7_8',\n 'unbound-debuginfo-1.6.6-5.el7_8',\n 'unbound-devel-1.6.6-5.el7_8',\n 'unbound-libs-1.6.6-5.el7_8',\n 'unbound-python-1.6.6-5.el7_8'\n ],\n 'CGSL MAIN 5.04': [\n 'unbound-1.6.6-5.el7_8',\n 'unbound-debuginfo-1.6.6-5.el7_8',\n 'unbound-devel-1.6.6-5.el7_8',\n 'unbound-libs-1.6.6-5.el7_8',\n 'unbound-python-1.6.6-5.el7_8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-11T11:58:08", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unbound packages installed that are affected\nby multiple vulnerabilities:\n\n - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an NXNSAttack issue. This\n is triggered by random subdomains in the NSDNAME in NS records. (CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.\n (CVE-2020-12663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-09T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : unbound Multiple Vulnerabilities (NS-SA-2020-0079)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12662", "CVE-2020-12663"], "modified": "2020-12-09T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0079_UNBOUND.NASL", "href": "https://www.tenable.com/plugins/nessus/143965", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0079. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143965);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/10\");\n\n script_cve_id(\"CVE-2020-12662\", \"CVE-2020-12663\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : unbound Multiple Vulnerabilities (NS-SA-2020-0079)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unbound packages installed that are affected\nby multiple vulnerabilities:\n\n - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an NXNSAttack issue. This\n is triggered by random subdomains in the NSDNAME in NS records. (CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.\n (CVE-2020-12663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0079\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL unbound packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'unbound-1.6.6-4.el7_8',\n 'unbound-debuginfo-1.6.6-4.el7_8',\n 'unbound-devel-1.6.6-4.el7_8',\n 'unbound-libs-1.6.6-4.el7_8',\n 'unbound-python-1.6.6-4.el7_8'\n ],\n 'CGSL MAIN 5.04': [\n 'unbound-1.6.6-4.el7_8',\n 'unbound-debuginfo-1.6.6-4.el7_8',\n 'unbound-devel-1.6.6-4.el7_8',\n 'unbound-libs-1.6.6-4.el7_8',\n 'unbound-python-1.6.6-4.el7_8'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:07:03", "description": "According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Unbound before 1.10.1 has an infinite loop via\n malformed DNS answers received from upstream\n servers.(CVE-2020-12663)\n\n - Unbound before 1.10.1 has Insufficient Control of\n Network Message Volume, aka an 'NXNSAttack' issue. This\n is triggered by random subdomains in the NSDNAME in NS\n records.(CVE-2020-12662)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-11-06T00:00:00", "title": "EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2020-2454)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12662", "CVE-2020-12663"], "modified": "2020-11-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2020-2454.NASL", "href": "https://www.tenable.com/plugins/nessus/142538", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142538);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12662\",\n \"CVE-2020-12663\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2020-2454)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Unbound before 1.10.1 has an infinite loop via\n malformed DNS answers received from upstream\n servers.(CVE-2020-12663)\n\n - Unbound before 1.10.1 has Insufficient Control of\n Network Message Volume, aka an 'NXNSAttack' issue. This\n is triggered by random subdomains in the NSDNAME in NS\n records.(CVE-2020-12662)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2454\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c39b2246\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12663\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h3.eulerosv2r7\",\n \"unbound-libs-1.6.6-1.h3.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:59", "description": "According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound 1.6.4 through 1.9.4 contain a vulnerability in\n the ipsec module that can cause shell code execution\n after receiving a specially crafted answer. This issue\n can only be triggered if unbound was compiled with\n `--enable-ipsecmod` support, and ipsecmod is enabled\n and used in the configuration.(CVE-2019-18934)\n\n - Unbound before 1.10.1 has Insufficient Control of\n Network Message Volume, aka an 'NXNSAttack' issue. This\n is triggered by random subdomains in the NSDNAME in NS\n records.(CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via\n malformed DNS answers received from upstream\n servers.(CVE-2020-12663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : unbound (EulerOS-SA-2020-2403)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18934", "CVE-2020-12662", "CVE-2020-12663"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2403.NASL", "href": "https://www.tenable.com/plugins/nessus/142292", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142292);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18934\",\n \"CVE-2020-12662\",\n \"CVE-2020-12663\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : unbound (EulerOS-SA-2020-2403)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound 1.6.4 through 1.9.4 contain a vulnerability in\n the ipsec module that can cause shell code execution\n after receiving a specially crafted answer. This issue\n can only be triggered if unbound was compiled with\n `--enable-ipsecmod` support, and ipsecmod is enabled\n and used in the configuration.(CVE-2019-18934)\n\n - Unbound before 1.10.1 has Insufficient Control of\n Network Message Volume, aka an 'NXNSAttack' issue. This\n is triggered by random subdomains in the NSDNAME in NS\n records.(CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via\n malformed DNS answers received from upstream\n servers.(CVE-2020-12663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2403\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a2d2c442\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h3\",\n \"unbound-libs-1.6.6-1.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-19T05:34:36", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4181 advisory.\n\n - unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662)\n\n - unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-10-06T00:00:00", "title": "RHEL 7 : unbound (RHSA-2020:4181)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12662", "CVE-2020-12663"], "modified": "2020-10-06T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:7.7::computenode", "cpe:/o:redhat:rhel_e4s:7.7::server", "cpe:/o:redhat:rhel_tus:7.7::computenode", "cpe:/o:redhat:rhel_eus:7.7::computenode", "p-cpe:/a:redhat:enterprise_linux:unbound-devel", "cpe:/o:redhat:rhel_tus:7.7", "cpe:/o:redhat:rhel_aus:7.7", "p-cpe:/a:redhat:enterprise_linux:unbound", "p-cpe:/a:redhat:enterprise_linux:unbound-libs", "p-cpe:/a:redhat:enterprise_linux:unbound-python", "cpe:/o:redhat:rhel_aus:7.7::computenode", "cpe:/o:redhat:rhel_eus:7.7::server", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_aus:7.7::server", "cpe:/o:redhat:rhel_tus:7.7::server"], "id": "REDHAT-RHSA-2020-4181.NASL", "href": "https://www.tenable.com/plugins/nessus/141196", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4181. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141196);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/18\");\n\n script_cve_id(\"CVE-2020-12662\", \"CVE-2020-12663\");\n script_xref(name:\"RHSA\", value:\"2020:4181\");\n\n script_name(english:\"RHEL 7 : unbound (RHSA-2020:4181)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4181 advisory.\n\n - unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662)\n\n - unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/406.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/835.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-12663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837604\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 400, 406, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:unbound-python\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.7', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'rhel_e4s_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms'\n ],\n 'rhel_eus_7_7_computenode': [\n 'rhel-7-hpc-node-eus-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-debug-rpms',\n 'rhel-7-hpc-node-eus-optional-rpms',\n 'rhel-7-hpc-node-eus-optional-source-rpms',\n 'rhel-7-hpc-node-eus-rpms',\n 'rhel-7-hpc-node-eus-source-rpms'\n ],\n 'rhel_eus_7_7_server': [\n 'rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-debug-rpms',\n 'rhel-7-for-system-z-eus-optional-rpms',\n 'rhel-7-for-system-z-eus-optional-source-rpms',\n 'rhel-7-for-system-z-eus-rpms',\n 'rhel-7-for-system-z-eus-source-rpms',\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-eus-debug-rpms',\n 'rhel-7-server-eus-optional-debug-rpms',\n 'rhel-7-server-eus-optional-rpms',\n 'rhel-7-server-eus-optional-source-rpms',\n 'rhel-7-server-eus-rpms',\n 'rhel-7-server-eus-source-rpms',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-eus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-eus-rpms',\n 'rhel-ha-for-rhel-7-server-eus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-rs-for-rhel-7-server-eus-debug-rpms',\n 'rhel-rs-for-rhel-7-server-eus-rpms',\n 'rhel-rs-for-rhel-7-server-eus-source-rpms'\n ],\n 'rhel_tus_7_7_server': [\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4181');\n}\n\npkgs = [\n {'reference':'unbound-1.6.6-2.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-1.6.6-2.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-devel-1.6.6-2.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-devel-1.6.6-2.el7_7', 'sp':'7', 'cpu':'s390', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-devel-1.6.6-2.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-devel-1.6.6-2.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-libs-1.6.6-2.el7_7', 'sp':'7', 'cpu':'i686', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-libs-1.6.6-2.el7_7', 'sp':'7', 'cpu':'s390', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-libs-1.6.6-2.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-libs-1.6.6-2.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-python-1.6.6-2.el7_7', 'sp':'7', 'cpu':'s390x', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']},\n {'reference':'unbound-python-1.6.6-2.el7_7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_e4s_7_7_server', 'rhel_eus_7_7_computenode', 'rhel_eus_7_7_server', 'rhel_tus_7_7_server']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'unbound / unbound-devel / unbound-libs / unbound-python');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:06:17", "description": "According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound 1.6.4 through 1.9.4 contain a vulnerability in\n the ipsec module that can cause shell code execution\n after receiving a specially crafted answer. This issue\n can only be triggered if unbound was compiled with\n `--enable-ipsecmod` support, and ipsecmod is enabled\n and used in the configuration.(CVE-2019-18934)\n\n - Unbound before 1.10.1 has Insufficient Control of\n Network Message Volume, aka an 'NXNSAttack' issue. This\n is triggered by random subdomains in the NSDNAME in NS\n records.(CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via\n malformed DNS answers received from upstream\n servers.(CVE-2020-12663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2020-09-28T00:00:00", "title": "EulerOS 2.0 SP3 : unbound (EulerOS-SA-2020-2058)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18934", "CVE-2020-12662", "CVE-2020-12663"], "modified": "2020-09-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:unbound", "p-cpe:/a:huawei:euleros:unbound-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2058.NASL", "href": "https://www.tenable.com/plugins/nessus/140825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140825);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-18934\",\n \"CVE-2020-12662\",\n \"CVE-2020-12663\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : unbound (EulerOS-SA-2020-2058)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Unbound 1.6.4 through 1.9.4 contain a vulnerability in\n the ipsec module that can cause shell code execution\n after receiving a specially crafted answer. This issue\n can only be triggered if unbound was compiled with\n `--enable-ipsecmod` support, and ipsecmod is enabled\n and used in the configuration.(CVE-2019-18934)\n\n - Unbound before 1.10.1 has Insufficient Control of\n Network Message Volume, aka an 'NXNSAttack' issue. This\n is triggered by random subdomains in the NSDNAME in NS\n records.(CVE-2020-12662)\n\n - Unbound before 1.10.1 has an infinite loop via\n malformed DNS answers received from upstream\n servers.(CVE-2020-12663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2058\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74ab55e3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-1.6.6-1.h3\",\n \"unbound-libs-1.6.6-1.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T09:06:07", "description": "According to the versions of the unbound package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in unbound in versions prior to\n 1.10.1. An infinite loop can be created when malformed\n DNS answers are received from upstream servers. The\n highest threat from this vulnerability is to system\n availability.(CVE-2020-12663)\n\n - A network amplification vulnerability was found in\n Unbound, in the way it processes delegation messages\n from one authoritative zone to another. This flaw\n allows an attacker to cause a denial of service or be\n part of an attack against another DNS server when\n Unbound is deployed as a recursive resolver or\n authoritative name server.(CVE-2020-12662)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-09-08T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2020-1971)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-12662", "CVE-2020-12663"], "modified": "2020-09-08T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.2.0", "p-cpe:/a:huawei:euleros:unbound-libs"], "id": "EULEROS_SA-2020-1971.NASL", "href": "https://www.tenable.com/plugins/nessus/140341", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140341);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-12662\",\n \"CVE-2020-12663\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : unbound (EulerOS-SA-2020-1971)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the unbound package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A flaw was found in unbound in versions prior to\n 1.10.1. An infinite loop can be created when malformed\n DNS answers are received from upstream servers. The\n highest threat from this vulnerability is to system\n availability.(CVE-2020-12663)\n\n - A network amplification vulnerability was found in\n Unbound, in the way it processes delegation messages\n from one authoritative zone to another. This flaw\n allows an attacker to cause a denial of service or be\n part of an attack against another DNS server when\n Unbound is deployed as a recursive resolver or\n authoritative name server.(CVE-2020-12662)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1971\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cd67ffa7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected unbound packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:unbound-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"unbound-libs-1.6.6-1.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unbound\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2021-02-13T01:25:43", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28935", "CVE-2020-12662", "CVE-2020-12663"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2556-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nFebruary 12, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : unbound1.9\nVersion : 1.9.0-2+deb10u2~deb9u1\nCVE ID : CVE-2020-12662 CVE-2020-12663 CVE-2020-28935\nDebian Bug : 977165\n\nSeveral security vulnerabilities have been corrected in unbound, a\nvalidating, recursive, caching DNS resolver. Support for the unbound DNS server\nhas been resumed, the sources can be found in the unbound1.9 source package.\n\nCVE-2020-12662\n\n Unbound has Insufficient Control of Network Message\n Volume, aka an &quot;NXNSAttack&quot; issue. This is triggered by random\n subdomains in the NSDNAME in NS records.\n\nCVE-2020-12663\n\n Unbound has an infinite loop via malformed DNS answers received from\n upstream servers.\n\nCVE-2020-28935\n\n Unbound contains a local vulnerability that would allow for a local symlink\n attack. When writing the PID file Unbound creates the file if it is not\n there, or opens an existing file for writing. In case the file was already\n present, it would follow symlinks if the file happened to be a symlink\n instead of a regular file. \n\nFor Debian 9 stretch, these problems have been fixed in version\n1.9.0-2+deb10u2~deb9u1.\n\nWe recommend that you upgrade your unbound1.9 packages.\n\nFor the detailed security status of unbound1.9 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/unbound1.9\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2021-02-12T16:37:52", "published": "2021-02-12T16:37:52", "id": "DEBIAN:DLA-2556-1:967CA", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202102/msg00017.html", "title": "[SECURITY] [DLA 2556-1] unbound1.9 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2021-02-02T07:36:55", "description": "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-27T18:15:00", "title": "CVE-2020-10772", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10772"], "modified": "2020-12-03T21:14:00", "cpe": ["cpe:/a:nlnetlabs:unbound:1.6.6-5"], "id": "CVE-2020-10772", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10772", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:nlnetlabs:unbound:1.6.6-5:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2020-10-07T18:05:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-12662", "CVE-2020-12663"], "description": "The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662)\n\n* unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-06T14:09:02", "published": "2020-10-06T13:53:56", "id": "RHSA-2020:4181", "href": "https://access.redhat.com/errata/RHSA-2020:4181", "type": "redhat", "title": "(RHSA-2020:4181) Important: unbound security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}