{"cve": [{"lastseen": "2018-11-01T05:13:15", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.", "modified": "2018-10-30T12:27:02", "published": "2011-07-08T16:55:00", "id": "CVE-2011-2464", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2464", "title": "CVE-2011-2464", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-10T11:34:12", "bulletinFamily": "NVD", "description": "Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.", "modified": "2018-10-09T15:32:26", "published": "2011-07-08T16:55:00", "id": "CVE-2011-2465", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2465", "title": "CVE-2011-2465", "type": "cve", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\nISC BIND 9 Remote Crash with Certain RPZ Configurations\r\n\r\nTwo defects were discovered in ISC's BIND 9 code. These defects only affect\r\nBIND 9 servers which have recursion enabled and which use a specific\r\nfeature of the software known as Response Policy Zones (RPZ) and where the\r\nRPZ zone contains a specific rule/action pattern.\r\n\r\nCVE: CVE-2011-2465\r\n\r\nDocument Version: 2.0\r\n\r\nPosting date: 05 Jul 2011\r\n\r\nProgram Impacted: BIND\r\n\r\nVersions affected: 9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 Other versions of\r\nBIND 9 not listed here are not vulnerable to this problem.\r\n\r\nSeverity: High\r\n\r\nExploitable: Remotely\r\n\r\nDescription: \r\n\r\nA defect in the affected versions of BIND could cause the "named" process\r\nto exit when queried, if the server has recursion enabled and was\r\nconfigured with an RPZ zone containing certain types of records.\r\nSpecifically, these are any DNAME record and certain kinds of CNAME\r\nrecords.\r\n\r\nThe patch release of BIND 9.8.0-P4 alters the behavior of RPZ zones by\r\nignoring any DNAME records in an RPZ zone, and correctly returning CNAME\r\nrecords from RPZ zones.\r\n\r\nNote that DNAME has no defined effect on the RPZ engine and its presence in\r\nan RPZ zone is ignored. The definitive list of meaningful patterns in an\r\nRPZ zone is given in the BIND 9 Administrative Reference Manual and also in\r\nISC Technical Note 2010-1.\r\n\r\nCVSS Score: 7.8\r\n\r\nCVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)\r\n\r\nFor more information on the Common Vulnerability Scoring System and to\r\nobtain your specific environmental score please visit:\r\nhttp://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\r\n\r\nWorkarounds: \r\n\r\nDo not put certain CNAME or any DNAME records into an RPZ zone file until\r\nyour software can be patched. If you subscribe to a service which supplies\r\nyour RPZ zone data, ensure that it does not contain any DNAME or certain\r\nCNAME records. The CNAME records which must not be used are those which\r\nsignal the RPZ engine to rewrite query names. CNAME records which signal\r\nthe RPZ engine to forge an NXDOMAIN response are not affected by this\r\ndefect.\r\n\r\nAn example of an RPZ rule which causes a query name to be rewritten is:\r\n\r\n*.malicious-domain.com CNAME walled-garden.isp.net\r\n\r\nAn example of an RPZ rule which causes an NXDOMAIN response to be returned\r\nis:\r\n\r\n*.malicious-domain.com CNAME .\r\n\r\nPlease refer to the BIND 9 Administrative Reference Manual or to ISC\r\nTechnical Note 2010-1 for more information about the Response Policy Zone\r\n(RPZ) feature which was added to BIND 9 in Version 9.8.0.\r\n\r\nActive exploits: \r\n\r\nISC received reports of this software flaw and verified the report's\r\naccuracy.\r\n\r\nSolution: \r\n\r\nUpgrade to: 9.8.0-P4. (Note that 9.8.0-P3 is not affected but has been\r\nreplaced by 9.8.0-P4 due to CVE-2011-2464)\r\n\r\nDownload this version from the following location:\r\n\r\nISC releases of BIND 9 software may be downloaded from\r\nhttp://www.isc.org/software/bind\r\n\r\nIf you do not obtain your BIND software directly from ISC, contact your\r\noperating system or software vendor for an update.\r\n\r\nIf you are participating in ISC's Beta or release candidate (RC) program,\r\nplease upgrade. ISC Beta/RC testers are expected to remove vulnerable\r\nversions and upgrade. No security advisories are issued for beta / release\r\ncandidates once the corresponding final release is made.\r\n\r\nAcknowledgement: ISC thanks Bryce Moore from TELUS Security Labs for\r\nfinding and reporting this issue.\r\n\r\nDocument Revision History\r\n\r\nVersion 1.0 - 14 June 2011: Phase One Disclosure Date\r\nVersion 1.1 - 20 June 2011: Phase Two Disclosure Date with updates.\r\nVersion 1.2 - 21 June 2011: Updates on beta, RC, and clarity editing\r\nVersion 1.3 - 24 June 2011: Added document URL\r\nVersion 1.4 - 28 June 2011: Updated Solution and description (revised to\r\nrecommend 9.8.0-P4 per CVE-2011-2464)\r\nVersion 1.5 - 4 July 2011: Phase Three and Four Disclosure Date\r\nVersion 2.0 - 5 July 2011: Public Disclosure\r\n\r\nReferences:\r\n\r\nDo you have Questions? Questions regarding this advisory should go to\r\nsecurity-officer@isc.org.\r\n\r\nDo you need Software Support? Questions on ISC's Support services or other\r\nofferings should be sent to sales@isc.org. More information on \r\n\r\nISC's support and other offerings are available at:\r\nhttp://www.isc.org/community/blog/201102/BIND-support\r\n\r\nISC Security Vulnerability Disclosure Policy Details of our current\r\nsecurity advisory policy and practice can be found here:\r\nhttps://www.isc.org/security-vulnerability-disclosure-policy\r\n\r\n\r\nLegal Disclaimer:: \r\n\r\nInternet Systems Consortium (ISC) is providing this notice on an "AS IS"\r\nbasis. No warranty or guarantee of any kind is expressed in this notice and\r\nnone should be implied. ISC expressly excludes and disclaims any warranties\r\nregarding this notice or materials referred to in this notice, including,\r\nwithout limitation, any implied warranty of merchantability, fitness for a\r\nparticular purpose, absence of hidden defects, or of non-infringement. Your\r\nuse or reliance on this notice or materials referred to in this notice is\r\nat your own risk. ISC may change this notice at any time.\r\n\r\nA stand-alone copy or paraphrase of the text of this document that omits\r\nthe document URL is an uncontrolled copy. Uncontrolled copies may lack\r\nimportant information, be out of date, or contain factual errors.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: 10.1.0.860\r\n\r\nwsBVAwUBThMPGr2X3GOe6MR7AQp2AggAmi2YDtTTWeR+xn7RDRAZEY9OTO6yUUQI\r\nvSgsOgwaeRKBdHf+PJiKFC8cd6wqSPyWH0QEUXhP4Rsh15ZUfLYJ4ELjSHDh70V6\r\nuO5sXpJKkxxXZegoUAd8Hz2OzAYJkQkPfugP3K/8t8rSRjjtcyv+307q3I0zWvpO\r\nX1UwBUA8w3AH+82zApAwNwBLBXo3auy93l89yERDVqIfEUkrbIZ7XkSWCs7bSRkE\r\nJQMgvGscyqmHP4jXvWjI7IjK9Kpou67JRt2MXamuvJIhT4EHj7pMUPEa/RM+JjuJ\r\ncV/70jhhFbhCP99UNf7uhFuWMjSmIPqugWYm7r/98afNyUxqIJSD/A==\r\n=fTgK\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-07-09T00:00:00", "published": "2011-07-09T00:00:00", "id": "SECURITYVULNS:DOC:26629", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26629", "title": "Security Advisory: CVE-2011-2465 ISC BIND 9 Remote Crash with Certain RPZ Configurations", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\nISC BIND 9 Remote packet Denial of Service against Authoritative and\r\nRecursive Servers\r\n\r\nA specially constructed packet will cause BIND 9 ("named") to exit,\r\naffecting DNS service.\r\n\r\nCVE: CVE-2011-2464\r\n\r\nDocument Version: 2.0\r\n\r\nPosting date: 05 Jul 2011\r\n\r\nProgram Impacted: BIND\r\n\r\nVersions affected: 9.6.3, 9.6-ESV-R4, 9.6-ESV-R4-P1, 9.6-ESV-R5b1 9.7.0,\r\n9.7.0-P1, 9.7.0-P2, 9.7.1, 9.7.1-P1, 9.7.1-P2, 9.7.2, 9.7.2-P1, 9.7.2-P2,\r\n9.7.2-P3, 9.7.3, 9.7.3-P1, 9.7.3-P2, 9.7.4b1 9.8.0, 9.8.0-P1, 9.8.0-P2,\r\n9.8.0-P3, 9.8.1b1\r\n\r\nSeverity: High\r\n\r\nExploitable: Remotely\r\n\r\nDescription: \r\n\r\nA defect in the affected BIND 9 versions allows an attacker to remotely\r\ncause the "named" process to exit using a specially crafted packet. This\r\ndefect affects both recursive and authoritative servers. The code location\r\nof the defect makes it impossible to protect BIND using ACLs configured\r\nwithin named.conf or by disabling any features at compile-time or run-time.\r\n\r\nA remote attacker would need to be able to send a specially crafted packet\r\ndirectly to a server running a vulnerable version of BIND. There is also\r\nthe potential for an indirect attack via malware that is inadvertently\r\ninstalled and run, where infected machines have direct access to an\r\norganization's nameservers.\r\n\r\nCVSS Score: 7.8\r\n\r\n(AV:N/AC:L/Au:N/C:N/I:N/A:C)\r\n\r\nFor more information on the Common Vulnerability Scoring System and to\r\nobtain your specific environmental score please visit:\r\nhttp://nvd.nist.gov/cvss.cfm?calculator&adv&version=2\r\n\r\nWorkarounds: \r\n\r\nThere are no known workarounds for publicly available servers.\r\nAdministrators of servers that are not publicly available may be able to\r\nlimit exposure via firewalls and packet filters.\r\n\r\nActive exploits: \r\n\r\nISC knows of no public tools to exploit this defect at the time of this\r\nadvisory.\r\n\r\nSolution: \r\n\r\nUpgrade to: 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.\r\n\r\nDownload these versions from the following locations:\r\n\r\nISC releases of BIND 9 software may be downloaded from\r\nhttp://www.isc.org/software/bind\r\n\r\nIf you do not obtain your BIND software directly from ISC, contact your\r\noperating system or software vendor for an update.\r\n\r\nIf you are participating in ISC's beta or release candidate (RC) programs,\r\nplease upgrade. ISC Beta/RC testers are expected to remove vulnerable\r\nversions and upgrade. No security advisories are issued for beta / release\r\ncandidates once the corresponding final release is made.\r\n\r\nIn addition, 9.5.3b1 and 9.5.3rc1 are affected although ISC has not\r\nreleased a final production version of 9.5.3. Note that BIND 9.5 is\r\nEnd-of-Life, therefore if you are running a pre-release version of 9.5.3 we\r\nrecommend upgrading to a supported production version of BIND.\r\n\r\n9.6-ESV-R4-P2 is not affected by any known attack vectors, but has been\r\nreplaced by 9.6-ESV-R4-P3 which carries a more complete fix\r\n\r\nOther versions of BIND 9 not listed in this advisory are not vulnerable to\r\nthis problem.\r\n\r\nAcknowledgements: \r\n\r\nISC thanks Roy Arends from Nominet for pin-pointing the exact nature of the\r\nvulnerability. We also thank Ramesh Damodaran of Infoblox for finding a\r\nvariation of the attack vector and Mats Dufberg of TeliaSonera Sweden for\r\nconfirming additional variants.\r\n\r\nDocument Revision History:\r\n\r\nVersion 1.0 - 14 June 2011: Phase One Disclosure Date\r\nVersion 1.1 - 20 June 2011: Phase Two Disclosure Date with updates.\r\nVersion 1.2 - 21 June 2011: Updates on beta, RC, and clarity editing\r\nVerison 1.3 - 21 June 2011: Sent Hold Notices to Phase I constituents,\r\nextended Acknowledgments\r\nVersion 1.4 - 23 June 2011: Updated -P versions to include Advanced\r\nSecurity Patches release to Phase I, and "Upgrade to:" versions\r\nVersion 1.5 - 24 June 2011: Added document URL, sent schedule update to\r\nPhase I constituents.\r\nVersion 1.6 - 28 June 2011: Updated Versions Affected, extended\r\nAcknowledgments, sent Phase I updates\r\nVersion 1.7 - 30 June 2011: Updated attribution text.\r\nVersion 1.8 - 4 July 2011: Phase Three and Four Disclosure Date\r\nversion 2.0 - 5 July 2011: Public Disclosure\r\n\r\nDo you have Questions? Questions regarding this advisory should go to\r\nsecurity-officer@isc.org.\r\n\r\nDo you need Software Support? Questions on ISC's Support services or other\r\nofferings should be sent to sales@isc.org. More information on ISC's\r\nsupport and other offerings are available at:\r\nhttp://www.isc.org/community/blog/201102/BIND-support\r\n\r\nISC Security Vulnerability Disclosure Policy: Details of our current\r\nsecurity advisory policy and practice can be found here:\r\nhttps://www.isc.org/security-vulnerability-disclosure-policy\r\n\r\n\r\n\r\nLegal Disclaimer:: \r\n\r\nInternet Systems Consortium (ISC) is providing this notice on an "AS IS"\r\nbasis. No warranty or guarantee of any kind is expressed in this notice and\r\nnone should be implied. ISC expressly excludes and disclaims any warranties\r\nregarding this notice or materials referred to in this notice, including,\r\nwithout limitation, any implied warranty of merchantability, fitness for a\r\nparticular purpose, absence of hidden defects, or of non-infringement. Your\r\nuse or reliance on this notice or materials referred to in this notice is\r\nat your own risk. ISC may change this notice at any time. \r\n\r\nA stand-alone copy or paraphrase of the text of this document that omits\r\nthe document URL is an uncontrolled copy. Uncontrolled copies may lack\r\nimportant information, be out of date, or contain factual errors.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: 10.1.0.860\r\n\r\nwsBVAwUBThMO/b2X3GOe6MR7AQrt6wf/bj9Cs1WtItSnQ37bSaCjh+FmVJSZLK/L\r\npzwTKR1Z4NS9riwDHRUgDtSHryT9fQfs4Nt8znpLUe9hyCXcMNy2uYScwyt9Rp1H\r\nhbhauZkQFOQntHP7jc9X4Z6BrySk/YWhfWa2X74CGbt0dYKkpuxIXhfolzTCZ4C2\r\nCK/M8Xgy6669F565GiAgUZu+AGPL3/uutvgCT0ywZXWojpAnkPMxKPNTU690+aQH\r\nbUMVbIZ1HqwNHqFsu4DbGoPzFoSZuW6AyB1L7HNOt+Zt2dnL/ExxfpGi0VP+PAxm\r\na7Gg3aeC/qktygL3eRxeZ9p/ST8kp6vfSrdrHx3ovdn3ZeRsoiZDtA==\r\n=ARbT\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-07-09T00:00:00", "published": "2011-07-09T00:00:00", "id": "SECURITYVULNS:DOC:26628", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26628", "title": "Security Advisory: CVE-2011-2464 - ISC BIND 9 Remote packet Denial of Service against Authoritative and Recursive Servers", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "description": "==========================================================================\r\nUbuntu Security Notice USN-1163-1\r\nJuly 05, 2011\r\n\r\nbind9 vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n- Ubuntu 8.04 LTS\r\n\r\nSummary:\r\n\r\nAn attacker could send crafted input to Bind and cause it to crash.\r\n\r\nSoftware Description:\r\n- bind9: Internet Domain Name Server\r\n\r\nDetails:\r\n\r\nIt was discovered that Bind incorrectly handled certain specially crafted\r\npackets. A remote attacker could use this flaw to cause Bind to stop\r\nresponding, resulting in a denial of service.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n libdns69 1:9.7.3.dfsg-1ubuntu2.2\r\n\r\nUbuntu 10.10:\r\n libdns66 1:9.7.1.dfsg.P2-2ubuntu0.4\r\n\r\nUbuntu 10.04 LTS:\r\n libdns64 1:9.7.0.dfsg.P1-1ubuntu0.3\r\n\r\nUbuntu 8.04 LTS:\r\n libdns36 1:9.4.2.dfsg.P2-2ubuntu0.8\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1163-1\r\n CVE-2011-2464\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/bind9/1:9.7.3.dfsg-1ubuntu2.2\r\n https://launchpad.net/ubuntu/+source/bind9/1:9.7.1.dfsg.P2-2ubuntu0.4\r\n https://launchpad.net/ubuntu/+source/bind9/1:9.7.0.dfsg.P1-1ubuntu0.3\r\n https://launchpad.net/ubuntu/+source/bind9/1:9.4.2.dfsg.P2-2ubuntu0.8\r\n\r\n", "modified": "2011-07-06T00:00:00", "published": "2011-07-06T00:00:00", "id": "SECURITYVULNS:DOC:26605", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26605", "title": "[USN-1163-1] Bind vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 is now available and\r\naddresses the following:\r\n\r\nApache\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in Apache\r\nDescription: Apache is updated to version 2.2.20 to address several\r\nvulnerabilities, the most serious of which may lead to a denial of\r\nservice. CVE-2011-0419 does not affect OS X Lion systems. Further\r\ninformation is available via the Apache web site at\r\nhttp://httpd.apache.org/\r\nCVE-ID\r\nCVE-2011-0419\r\nCVE-2011-3192\r\n\r\nApplication Firewall\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Executing a binary with a maliciously crafted name may lead\r\nto arbitrary code execution with elevated privileges\r\nDescription: A format string vulnerability existed in Application\r\nFirewall's debug logging.\r\nCVE-ID\r\nCVE-2011-0185 : an anonymous reporter\r\n\r\nATS\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: A signedness issue existed in ATS' handling of Type 1\r\nfonts. This issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3437\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing or downloading a document containing a maliciously\r\ncrafted embedded font may lead to arbitrary code execution\r\nDescription: An out of bounds memory access issue existed in ATS'\r\nhandling of Type 1 fonts. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0229 : Will Dormann of the CERT/CC\r\n\r\nATS\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Applications which use the ATSFontDeactivate API may be\r\nvulnerable to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A buffer overflow issue existed in the\r\nATSFontDeactivate API.\r\nCVE-ID\r\nCVE-2011-0230 : Steven Michaud of Mozilla\r\n\r\nBIND\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in BIND 9.7.3\r\nDescription: Multiple denial of service issues existed in BIND\r\n9.7.3. These issues are addressed by updating BIND to version\r\n9.7.3-P3.\r\nCVE-ID\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nBIND\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in BIND\r\nDescription: Multiple denial of service issues existed in BIND.\r\nThese issues are addressed by updating BIND to version 9.6-ESV-R4-P3.\r\nCVE-ID\r\nCVE-2009-4022\r\nCVE-2010-0097\r\nCVE-2010-3613\r\nCVE-2010-3614\r\nCVE-2011-1910\r\nCVE-2011-2464\r\n\r\nCertificate Trust Policy\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1.\r\nImpact: Root certificates have been updated\r\nDescription: Several trusted certificates were added to the list of\r\nsystem roots. Several existing certificates were updated to their\r\nmost recent version. The complete list of recognized system roots may\r\nbe viewed via the Keychain Access application.\r\n\r\nCFNetwork\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Safari may store cookies it is not configured to accept\r\nDescription: A synchronization issue existed in CFNetwork's handling\r\nof cookie policies. Safari's cookie preferences may not be honored,\r\nallowing websites to set cookies that would be blocked were the\r\npreference enforced. This update addresses the issue through improved\r\nhandling of cookie storage.\r\nCVE-ID\r\nCVE-2011-0231 : Martin Tessarek, Steve Riggins of Geeks R Us, Justin\r\nC. Walker, and Stephen Creswell\r\n\r\nCFNetwork\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of sensitive information\r\nDescription: An issue existed in CFNetwork's handling of HTTP\r\ncookies. When accessing a maliciously crafted HTTP or HTTPS URL,\r\nCFNetwork could incorrectly send the cookies for a domain to a server\r\noutside that domain. This issue does not affect systems prior to OS X\r\nLion.\r\nCVE-ID\r\nCVE-2011-3246 : Erling Ellingsen of Facebook\r\n\r\nCoreFoundation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: A memory corruption issue existed in CoreFoundation's\r\nhandling of string tokenization. This issue does not affect OS X Lion\r\nsystems. This update addresses the issue through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2011-0259 : Apple\r\n\r\nCoreMedia\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Visiting a maliciously crafted website may lead to the\r\ndisclosure of video data from another site\r\nDescription: A cross-origin issue existed in CoreMedia's handling of\r\ncross-site redirects. This issue is addressed through improved origin\r\ntracking.\r\nCVE-ID\r\nCVE-2011-0187 : Nirankush Panchbhai and Microsoft Vulnerability\r\nResearch (MSVR)\r\n\r\nCoreMedia\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of QuickTime movie files. These issues do not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0224 : Apple\r\n\r\nCoreProcesses\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access to a system may partially\r\nbypass the screen lock\r\nDescription: A system window, such as a VPN password prompt, that\r\nappeared while the screen was locked may have accepted keystrokes\r\nwhile the screen was locked. This issue is addressed by preventing\r\nsystem windows from requesting keystrokes while the screen is locked.\r\nThis issue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-0260 : Clint Tseng of the University of Washington, Michael\r\nKobb, and Adam Kemp\r\n\r\nCoreStorage\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Converting to FileVault does not erase all existing data\r\nDescription: After enabling FileVault, approximately 250MB at the\r\nstart of the volume was left unencrypted on the disk in an unused\r\narea. Only data which was present on the volume before FileVault was\r\nenabled was left unencrypted. This issue is addressed by erasing this\r\narea when enabling FileVault, and on the first use of an encrypted\r\nvolume affected by this issue. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3212 : Judson Powers of ATC-NY\r\n\r\nFile Systems\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: An attacker in a privileged network position may manipulate\r\nHTTPS server certificates, leading to the disclosure of sensitive\r\ninformation\r\nDescription: An issue existed in the handling of WebDAV volumes on\r\nHTTPS servers. If the server presented a certificate chain that could\r\nnot be automatically verified, a warning was displayed and the\r\nconnection was closed. If the user clicked the "Continue" button in\r\nthe warning dialog, any certificate was accepted on the following\r\nconnection to that server. An attacker in a privileged network\r\nposition may have manipulated the connection to obtain sensitive\r\ninformation or take action on the server on the user's behalf. This\r\nupdate addresses the issue by validating that the certificate\r\nreceived on the second connection is the same certificate originally\r\npresented to the user.\r\nCVE-ID\r\nCVE-2011-3213 : Apple\r\n\r\nIOGraphics\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: A person with physical access may be able to bypass the\r\nscreen lock\r\nDescription: An issue existed with the screen lock when used with\r\nApple Cinema Displays. When a password is required to wake from\r\nsleep, a person with physical access may be able to access the system\r\nwithout entering a password if the system is in display sleep mode.\r\nThis update addresses the issue by ensuring that the lock screen is\r\ncorrectly activated in display sleep mode. This issue does not affect\r\nOS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3214 : Apple\r\n\r\niChat Server\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: A remote attacker may cause the Jabber server to consume\r\nsystem resources disproportionately\r\nDescription: An issue existed in the handling of XML external\r\nentities in jabberd2, a server for the Extensible Messaging and\r\nPresence Protocol (XMPP). jabberd2 expands external entities in\r\nincoming requests. This allows an attacker to consume system\r\nresources very quickly, denying service to legitimate users of the\r\nserver. This update addresses the issue by disabling entity expansion\r\nin incoming requests.\r\nCVE-ID\r\nCVE-2011-1755\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A person with physical access may be able to access the\r\nuser's password\r\nDescription: A logic error in the kernel's DMA protection permitted\r\nfirewire DMA at loginwindow, boot, and shutdown, although not at\r\nscreen lock. This update addresses the issue by preventing firewire\r\nDMA at all states where the user is not logged in.\r\nCVE-ID\r\nCVE-2011-3215 : Passware, Inc.\r\n\r\nKernel\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An unprivileged user may be able to delete another user's\r\nfiles in a shared directory\r\nDescription: A logic error existed in the kernel's handling of file\r\ndeletions in directories with the sticky bit.\r\nCVE-ID\r\nCVE-2011-3216 : Gordon Davisson of Crywolf, Linc Davis, R. Dormer,\r\nand Allan Schmid and Oliver Jeckel of brainworks Training\r\n\r\nlibsecurity\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted website or e-mail message may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An error handling issue existed when parsing a\r\nnonstandard certificate revocation list extension.\r\nCVE-ID\r\nCVE-2011-3227 : Richard Godbee of Virginia Tech\r\n\r\nMailman\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Mailman 2.1.14\r\nDescription: Multiple cross-site scripting issues existed in Mailman\r\n2.1.14. These issues are addressed by improved encoding of characters\r\nin HTML output. Further information is available via the Mailman site\r\nat http://mail.python.org/pipermail/mailman-\r\nannounce/2011-February/000158.html This issue does not affect OS X\r\nLion systems.\r\nCVE-ID\r\nCVE-2011-0707\r\n\r\nMediaKit\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Opening a maliciously crafted disk image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in the\r\nhandling of disk images. These issues do not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-3217 : Apple\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Any user may read another local user's password data\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3435 : Arek Dreyer of Dreyer Network Consultants, Inc, and\r\nPatrick Dunstan at defenseindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: An authenticated user may change that account's password\r\nwithout providing the current password\r\nDescription: An access control issue existed in Open Directory. This\r\nissue does not affect systems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3436 : Patrick Dunstan at defenceindepth.net\r\n\r\nOpen Directory\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A user may be able to log in without a password\r\nDescription: When Open Directory is bound to an LDAPv3 server using\r\nRFC2307 or custom mappings, such that there is no\r\nAuthenticationAuthority attribute for a user, an LDAP user may be\r\nallowed to log in without a password. This issue does not affect\r\nsystems prior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3226 : Jeffry Strunk of The University of Texas at Austin,\r\nSteven Eppler of Colorado Mesa University, Hugh Cole-Baker, and\r\nFrederic Metoz of Institut de Biologie Structurale\r\n\r\nPHP\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted PDF file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A signedness issue existed in FreeType's handling of\r\nType 1 fonts. This issue is addressed by updating FreeType to version\r\n2.4.6. This issue does not affect systems prior to OS X Lion. Further\r\ninformation is available via the FreeType site at\r\nhttp://www.freetype.org/\r\nCVE-ID\r\nCVE-2011-0226\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng 1.4.3\r\nDescription: libpng is updated to version 1.5.4 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. Further information is available via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nPHP\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in PHP 5.3.4\r\nDescription: PHP is updated to version 5.3.6 to address multiple\r\nvulnerabilities, the most serious of which may lead to arbitrary code\r\nexecution. This issues do not affect OS X Lion systems. Further\r\ninformation is available via the PHP website at http://www.php.net/\r\nCVE-ID\r\nCVE-2010-3436\r\nCVE-2010-4645\r\nCVE-2011-0420\r\nCVE-2011-0421\r\nCVE-2011-0708\r\nCVE-2011-1092\r\nCVE-2011-1153\r\nCVE-2011-1466\r\nCVE-2011-1467\r\nCVE-2011-1468\r\nCVE-2011-1469\r\nCVE-2011-1470\r\nCVE-2011-1471\r\n\r\npostfix\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nmail sessions, resulting in the disclosure of sensitive information\r\nDescription: A logic issue existed in Postfix in the handling of the\r\nSTARTTLS command. After receiving a STARTTLS command, Postfix may\r\nprocess other plain-text commands. An attacker in a privileged\r\nnetwork position may manipulate the mail session to obtain sensitive\r\ninformation from the encrypted traffic. This update addresses the\r\nissue by clearing the command queue after processing a STARTTLS\r\ncommand. This issue does not affect OS X Lion systems. Further\r\ninformation is available via the Postfix site at\r\nhttp://www.postfix.org/announcements/postfix-2.7.3.html\r\nCVE-ID\r\nCVE-2011-0411\r\n\r\npython\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in python\r\nDescription: Multiple vulnerabilities existed in python, the most\r\nserious of which may lead to arbitrary code execution. This update\r\naddresses the issues by applying patches from the python project.\r\nFurther information is available via the python site at\r\nhttp://www.python.org/download/releases/\r\nCVE-ID\r\nCVE-2010-1634\r\nCVE-2010-2089\r\nCVE-2011-1521\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in\r\nQuickTime's handling of movie files.\r\nCVE-ID\r\nCVE-2011-3228 : Apple\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSC\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0249 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0250 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STSZ\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0251 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A heap buffer overflow existed in the handling of STTS\r\natoms in QuickTime movie files. This issue does not affect OS X Lion\r\nsystems.\r\nCVE-ID\r\nCVE-2011-0252 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may inject\r\nscript in the local domain when viewing template HTML\r\nDescription: A cross-site scripting issue existed in QuickTime\r\nPlayer's "Save for Web" export. The template HTML files generated by\r\nthis feature referenced a script file from a non-encrypted origin. An\r\nattacker in a privileged network position may be able to inject\r\nmalicious scripts in the local domain if the user views a template\r\nfile locally. This issue is resolved by removing the reference to an\r\nonline script. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3218 : Aaron Sigel of vtty.com\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nH.264 encoded movie files.\r\nCVE-ID\r\nCVE-2011-3219 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to the\r\ndisclosure of memory contents\r\nDescription: An uninitialized memory access issue existed in\r\nQuickTime's handling of URL data handlers within movie files.\r\nCVE-ID\r\nCVE-2011-3220 : Luigi Auriemma working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: An implementation issue existed in QuickTime's handling\r\nof the atom hierarchy within a movie file.\r\nCVE-ID\r\nCVE-2011-3221 : an anonymous researcher working with TippingPoint's\r\nZero Day Initiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted FlashPix file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFlashPix files.\r\nCVE-ID\r\nCVE-2011-3222 : Damian Put working with TippingPoint's Zero Day\r\nInitiative\r\n\r\nQuickTime\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow existed in QuickTime's handling of\r\nFLIC files.\r\nCVE-ID\r\nCVE-2011-3223 : Matt 'j00ru' Jurczyk working with TippingPoint's Zero\r\nDay Initiative\r\n\r\nSMB File Server\r\nAvailable for: OS X Lion v10.7 and v10.7.1,\r\nOS X Lion Server v10.7 and v10.7.1\r\nImpact: A guest user may browse shared folders\r\nDescription: An access control issue existed in the SMB File Server.\r\nDisallowing guest access to the share point record for a folder\r\nprevented the '_unknown' user from browsing the share point but not\r\nguests (user 'nobody'). This issue is addressed by applying the\r\naccess control to the guest user. This issue does not affect systems\r\nprior to OS X Lion.\r\nCVE-ID\r\nCVE-2011-3225\r\n\r\nTomcat\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: Multiple vulnerabilities in Tomcat 6.0.24\r\nDescription: Tomcat is updated to version 6.0.32 to address multiple\r\nvulnerabilities, the most serious of which may lead to a cross site\r\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\r\nThis issue does not affect OS X Lion systems. Further information is\r\navailable via the Tomcat site at http://tomcat.apache.org/\r\nCVE-ID\r\nCVE-2010-1157\r\nCVE-2010-2227\r\nCVE-2010-3718\r\nCVE-2010-4172\r\nCVE-2011-0013\r\nCVE-2011-0534\r\n\r\nUser Documentation\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8\r\nImpact: An attacker in a privileged network position may manipulate\r\nApp Store help content, leading to arbitrary code execution\r\nDescription: App Store help content was updated over HTTP. This\r\nupdate addresses the issue by updating App Store help content over\r\nHTTPS. This issue does not affect OS X Lion systems.\r\nCVE-ID\r\nCVE-2011-3224 : Aaron Sigel of vtty.com\r\n\r\nWeb Server\r\nAvailable for: Mac OS X Server v10.6.8\r\nImpact: Clients may be unable to access web services that require\r\ndigest authentication\r\nDescription: An issue in the handling of HTTP Digest authentication\r\nwas addressed. Users may be denied access to the server's resources,\r\nwhen the server configuration should have allowed the access. This\r\nissue does not represent a security risk, and was addressed to\r\nfacilitate the use of stronger authentication mechanisms. Systems\r\nrunning OS X Lion Server are not affected by this issue.\r\n\r\nX11\r\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\r\nOS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1\r\nImpact: Multiple vulnerabilities in libpng\r\nDescription: Multiple vulnerabilities existed in libpng, the most\r\nserious of which may lead to arbitrary code execution. These issues\r\nare addressed by updating libpng to version 1.5.4 on OS Lion systems,\r\nand to 1.2.46 on Mac OS X v10.6 systems. Further information is\r\navailable via the libpng website at\r\nhttp://www.libpng.org/pub/png/libpng.html\r\nCVE-ID\r\nCVE-2011-2690\r\nCVE-2011-2691\r\nCVE-2011-2692\r\n\r\nOS X Lion v10.7.2 also includes Safari 5.1.1. For information on\r\nthe security content of Safari 5.1.1, please visit:\r\nhttp://support.apple.com/kb/HT5000\r\n\r\nOS X Lion v10.7.2 and Security Update 2011-006 may be obtained from\r\nthe Software Update pane in System Preferences, or Apple's Software\r\nDownloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nThe Software Update utility will present the update that applies\r\nto your system configuration. Only one is needed, either\r\nSecurity Update 2011-006 or OS X v10.7.2.\r\n\r\nFor OS X Lion v10.7.1\r\nThe download file is named: MacOSXUpd10.7.2.dmg\r\nIts SHA-1 digest is: 37f784e08d4461e83a891a7f8b8af24c2ceb8229\r\n\r\nFor OS X Lion v10.7\r\nThe download file is named: MacOSXUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: accd06d610af57df24f62ce7af261395944620eb\r\n\r\nFor OS X Lion Server v10.7.1\r\nThe download file is named: MacOSXServerUpd10.7.2.dmg\r\nIts SHA-1 digest is: e4084bf1dfa295a42f619224d149e515317955da\r\n\r\nFor OS X Lion Server v10.7\r\nThe download file is named: MacOSXServerUpdCombo10.7.2.dmg\r\nIts SHA-1 digest is: 25e86f5cf97b6644c7a025230431b1992962ec4a\r\n\r\nFor Mac OS X v10.6.8\r\nThe download file is named: SecUpd2011-006Snow.dmg\r\nIts SHA-1 digest is: 0f9c29610a06370d0c85a4c92dc278a48ba17a84\r\n\r\nFor Mac OS X Server v10.6.8\r\nThe download file is named: SecUpdSrvr2011-006.dmg\r\nIts SHA-1 digest is: 12de3732710bb03059f93527189d221c97ef8a06\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.16 (Darwin)\r\n\r\niQEcBAEBAgAGBQJOlc/zAAoJEGnF2JsdZQeeWFcH/RDHS+dCP8T4a92uYRIbs9T3\r\nTFbT7hnOoTB0H+2eN3oziLNime2N4mO921heHobiAKSXv/luU41ZPHxVd6rE77Md\r\n/BHDqLv65RA0XFTIPmrTcfpLhI5UgXDLfOLrsmdwTm52l5zQZkoxufYFf3mB3h7U\r\nZJUD1s081Pjy45/Cbao097+JrDwS7ahhgkvTmpmSvJK/wWRz4JtZkvIYcQ2uQFR4\r\nsTg4l6pmi3d8sJJ4wzrEaxDpclRjvjURI4DiBMYwGAXeCMRgYi0y03tYtkjXoaSG\r\n69h2yD8EXQBuJkDyouak7/M/eMwUfb2S6o1HyXTldjdvFBFvvwvl+Y3xp8YmDzU=\r\n=gsvn\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2011-10-16T00:00:00", "published": "2011-10-16T00:00:00", "id": "SECURITYVULNS:DOC:27155", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27155", "title": "APPLE-SA-2011-10-12-3 OS X Lion v10.7.2 and Security Update 2011-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:44", "bulletinFamily": "software", "description": "Multiple vulnerabilities in different system components.", "modified": "2011-10-24T00:00:00", "published": "2011-10-24T00:00:00", "id": "SECURITYVULNS:VULN:11973", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11973", "title": "Apple OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "f5": [{"lastseen": "2017-06-08T00:16:37", "bulletinFamily": "software", "description": "", "modified": "2016-01-09T02:27:00", "published": "2011-07-28T02:54:00", "href": "https://support.f5.com/csp/article/K12986", "id": "F5:K12986", "type": "f5", "title": "BIND vulnerability CVE-2011-2464", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:07", "bulletinFamily": "software", "description": "Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a Denial of Service (DoS) (named daemon crash) by way of a crafted UPDATE request.\n\nInformation about this advisory is available at the following location: [CVE-2011-2464](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464>) \n\n\n**Note**: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.\n\nF5 Product Development tracked this issue as ID 363310 for the BIG-IP system, and it was fixed in BIG-IP 10.2.3 and 11.0.0. For more information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, WebAccelerator, PSM, WOM, APM and Edge Gateway release notes.\n\nAdditionally, this issue was fixed in Hotfix-BIGIP-10.2.2-HF1 issued for BIG-IP 10.2.2. You may download this hotfix, or later versions of the hotfix, from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nFor information about downloading software, refer to SOL167: Downloading software and firmware from F5.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL10025: Managing BIG-IP product hotfixes (10.x) and SOL6845: Managing BIG-IP product hotfixes (9.x). \n\n", "modified": "2013-09-10T00:00:00", "published": "2011-07-27T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/12000/900/sol12986.html", "id": "SOL12986", "type": "f5", "title": "SOL12986 - BIND vulnerability CVE-2011-2464", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-26T17:23:10", "bulletinFamily": "software", "description": "Recommended Action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-10-23T00:00:00", "published": "2014-10-23T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15743.html", "id": "SOL15743", "title": "SOL15743 - BIND vulnerability CVE-2011-2465", "type": "f5", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T12:38:48", "bulletinFamily": "unix", "description": "A remote Denial of Service vulnerability has been fixed in\n bind. Specially crafted packets could cause bind servers\n (recursive as well as authoritative) to exit.\n CVE-2011-2464 has been assigned to this issue.\n\n", "modified": "2011-07-19T01:06:51", "published": "2011-07-19T01:06:51", "id": "OPENSUSE-SU-2011:0788-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00006.html", "title": "bind: fixing remote Denial of Service (CVE-2011-2464) (important)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:43:37", "bulletinFamily": "unix", "description": "A remote Denial of Service vulnerability has been fixed in the BIND DNS nameserver.\n#### Solution\nThere is no known workaround, please install the update packages.", "modified": "2011-07-08T16:20:26", "published": "2011-07-08T16:20:26", "id": "SUSE-SA:2011:029", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html", "type": "suse", "title": "remote denial of service in bind", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:56:41", "bulletinFamily": "unix", "description": "A remote Denial of Service vulnerability has been fixed in\n bind. Specially crafted packets could cause bind servers\n (recursive as well as authoritative) to exit.\n", "modified": "2011-07-19T01:05:59", "published": "2011-07-19T01:05:59", "id": "SUSE-SU-2011:0759-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00004.html", "type": "suse", "title": "Security update for bind (important)", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:15:09", "bulletinFamily": "scanner", "description": "Update to the 9.8.0-P4 security release.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2011-9146.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55562", "published": "2011-07-12T00:00:00", "title": "Fedora 15 : bind-9.8.0-7.P4.fc15 (2011-9146)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9146.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55562);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2011-2464\", \"CVE-2011-2465\");\n script_bugtraq_id(48565, 48566);\n script_xref(name:\"FEDORA\", value:\"2011-9146\");\n\n script_name(english:\"Fedora 15 : bind-9.8.0-7.P4.fc15 (2011-9146)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to the 9.8.0-P4 security release.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=718971\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cfe01447\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"bind-9.8.0-7.P4.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:09", "bulletinFamily": "scanner", "description": "A remote Denial of Service vulnerability has been fixed in bind.\nSpecially crafted packets could cause bind servers (recursive as well as authoritative) to exit.", "modified": "2013-10-25T00:00:00", "id": "SUSE_11_BIND-110706.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55547", "published": "2011-07-11T00:00:00", "title": "SuSE 11.1 Security Update : bind (SAT Patch Number 4846)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55547);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:41:52 $\");\n\n script_cve_id(\"CVE-2011-2464\");\n\n script_name(english:\"SuSE 11.1 Security Update : bind (SAT Patch Number 4846)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A remote Denial of Service vulnerability has been fixed in bind.\nSpecially crafted packets could cause bind servers (recursive as well\nas authoritative) to exit.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=703907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2464.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4846.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-chrootenv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"bind-libs-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"bind-utils-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"bind-libs-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"bind-utils-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"bind-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"bind-chrootenv-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"bind-doc-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"bind-libs-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"bind-utils-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"bind-libs-32bit-9.6ESVR4P3-0.2.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"bind-libs-32bit-9.6ESVR4P3-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:09", "bulletinFamily": "scanner", "description": "Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2011-0926.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55536", "published": "2011-07-08T00:00:00", "title": "CentOS 5 : bind97 (CESA-2011:0926)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0926 and \n# CentOS Errata and Security Advisory 2011:0926 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55536);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:29\");\n\n script_cve_id(\"CVE-2011-2464\");\n script_bugtraq_id(48566);\n script_xref(name:\"RHSA\", value:\"2011:0926\");\n\n script_name(english:\"CentOS 5 : bind97 (CESA-2011:0926)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind and bind97 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A\nremote attacker could use this flaw to send a specially crafted DNS\nrequest packet to BIND, causing it to exit unexpectedly due to a\nfailed assertion. (CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat\nEnterprise Linux 6, are advised to upgrade to these updated packages,\nwhich resolve this issue. After installing the update, the BIND daemon\n(named) will be restarted automatically.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017643.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1f9e9d2d\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2011-July/017644.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5777ab8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected bind97 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-chroot-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-devel-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-libs-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"bind97-utils-9.7.0-6.P2.el5_6.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:09", "bulletinFamily": "scanner", "description": "Updated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2011-0926.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55539", "published": "2011-07-08T00:00:00", "title": "RHEL 5 / 6 : bind (RHSA-2011:0926)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0926. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55539);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2011-2464\");\n script_bugtraq_id(48566);\n script_xref(name:\"RHSA\", value:\"2011:0926\");\n\n script_name(english:\"RHEL 5 / 6 : bind (RHSA-2011:0926)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated bind and bind97 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A\nremote attacker could use this flaw to send a specially crafted DNS\nrequest packet to BIND, causing it to exit unexpectedly due to a\nfailed assertion. (CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat\nEnterprise Linux 6, are advised to upgrade to these updated packages,\nwhich resolve this issue. After installing the update, the BIND daemon\n(named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2464\"\n );\n # http://www.isc.org/software/bind/advisories/cve-2011-2464\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5a526026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0926\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0926\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-chroot-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-chroot-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-chroot-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-devel-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"bind97-libs-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"bind97-utils-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"bind97-utils-9.7.0-6.P2.el5_6.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"bind97-utils-9.7.0-6.P2.el5_6.3\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-chroot-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-chroot-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-chroot-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-debuginfo-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-devel-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"bind-libs-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-sdb-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-sdb-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-sdb-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"bind-utils-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"bind-utils-9.7.3-2.el6_1.P3.2\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"bind-utils-9.7.3-2.el6_1.P3.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-debuginfo / bind-devel / bind-libs / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:17:19", "bulletinFamily": "scanner", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464)\n\nAfter installing the update, the BIND daemon (named) will be restarted automatically.", "modified": "2018-12-31T00:00:00", "id": "SL_20110707_BIND_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=61080", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(61080);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/31 11:35:00\");\n\n script_cve_id(\"CVE-2011-2464\");\n\n script_name(english:\"Scientific Linux Security Update : bind on SL5.x, SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A\nremote attacker could use this flaw to send a specially crafted DNS\nrequest packet to BIND, causing it to exit unexpectedly due to a\nfailed assertion. (CVE-2011-2464)\n\nAfter installing the update, the BIND daemon (named) will be restarted\nautomatically.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=781\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf016d97\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"bind97-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-chroot-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-devel-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-libs-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"bind97-utils-9.7.0-6.P2.el5_6.3\")) flag++;\n\nif (rpm_check(release:\"SL6\", reference:\"bind-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-chroot-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-devel-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-libs-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-sdb-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"bind-utils-9.7.3-2.el6_1.P3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:22:30", "bulletinFamily": "scanner", "description": "Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a Denial of Service (DoS) (named daemon crash) by way of a crafted UPDATE request.", "modified": "2019-01-04T00:00:00", "id": "F5_BIGIP_SOL12986.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=78130", "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : BIND vulnerability (SOL12986)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL12986.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78130);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2011-2464\");\n script_bugtraq_id(48566);\n\n script_name(english:\"F5 Networks BIG-IP : BIND vulnerability (SOL12986)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3,\n9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote\nattackers to cause a Denial of Service (DoS) (named daemon crash) by\nway of a crafted UPDATE request.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K12986\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL12986.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL12986\";\nvmatrix = make_array();\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.1.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"9\",\"10.0.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"9\",\"10.0.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"9\",\"10.0.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"9\",\"10.0.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"9\",\"10.0.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"9\",\"10.0.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.2.1HF2\",\"10.2.1HF3\",\"10.2.2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.0.0-10.2.1\",\"10.2.1HF1\",\"10.2.2HF1\",\"10.2.3\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:08", "bulletinFamily": "scanner", "description": "ISC reports :\n\nA defect in the affected BIND 9 versions allows an attacker to remotely cause the 'named' process to exit using a specially crafted packet.\n\nThis defect affects both recursive and authoritative servers.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_FD64188DA71D11E089B4001EC9578670.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55518", "published": "2011-07-06T00:00:00", "title": "FreeBSD : BIND -- Remote DoS against authoritative and recursive servers (fd64188d-a71d-11e0-89b4-001ec9578670)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55518);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2011-2464\");\n\n script_name(english:\"FreeBSD : BIND -- Remote DoS against authoritative and recursive servers (fd64188d-a71d-11e0-89b4-001ec9578670)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC reports :\n\nA defect in the affected BIND 9 versions allows an attacker to\nremotely cause the 'named' process to exit using a specially crafted\npacket.\n\nThis defect affects both recursive and authoritative servers.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/software/bind/advisories/cve-2011-2464\"\n );\n # https://vuxml.freebsd.org/freebsd/fd64188d-a71d-11e0-89b4-001ec9578670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82473bdf\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind96\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind98\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind96<9.6.3.1.ESV.R4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind97<9.7.3.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"bind98<9.8.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:31", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2011:0926 :\n\nUpdated bind and bind97 packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2011-0926.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=68303", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 / 6 : bind (ELSA-2011-0926)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:0926 and \n# Oracle Linux Security Advisory ELSA-2011-0926 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(68303);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2011-2464\");\n script_bugtraq_id(48566);\n script_xref(name:\"RHSA\", value:\"2011:0926\");\n\n script_name(english:\"Oracle Linux 5 / 6 : bind (ELSA-2011-0926)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:0926 :\n\nUpdated bind and bind97 packages that fix one security issue are now\navailable for Red Hat Enterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the\nDomain Name System (DNS) protocols. BIND includes a DNS server\n(named); a resolver library (routines for applications to use when\ninterfacing with DNS); and tools for verifying that the DNS server is\noperating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A\nremote attacker could use this flaw to send a specially crafted DNS\nrequest packet to BIND, causing it to exit unexpectedly due to a\nfailed assertion. (CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat\nEnterprise Linux 6, are advised to upgrade to these updated packages,\nwhich resolve this issue. After installing the update, the BIND daemon\n(named) will be restarted automatically.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002222.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002223.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected bind packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-sdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-chroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bind97-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5 / 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"bind97-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-chroot-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-devel-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-libs-9.7.0-6.P2.el5_6.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"bind97-utils-9.7.0-6.P2.el5_6.3\")) flag++;\n\nif (rpm_check(release:\"EL6\", reference:\"bind-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-chroot-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-devel-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-libs-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-sdb-9.7.3-2.el6_1.P3.2\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"bind-utils-9.7.3-2.el6_1.P3.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bind / bind-chroot / bind-devel / bind-libs / bind-sdb / bind-utils / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:08", "bulletinFamily": "scanner", "description": "It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-1163-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55522", "published": "2011-07-06T00:00:00", "title": "Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : bind9 vulnerability (USN-1163-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1163-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55522);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/12/01 13:19:06\");\n\n script_cve_id(\"CVE-2011-2464\");\n script_xref(name:\"USN\", value:\"1163-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : bind9 vulnerability (USN-1163-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Bind incorrectly handled certain specially\ncrafted packets. A remote attacker could use this flaw to cause Bind\nto stop responding, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1163-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdns36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdns64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdns66\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdns69\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libdns36\", pkgver:\"1:9.4.2.dfsg.P2-2ubuntu0.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libdns64\", pkgver:\"1:9.7.0.dfsg.P1-1ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libdns66\", pkgver:\"1:9.7.1.dfsg.P2-2ubuntu0.4\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libdns69\", pkgver:\"1:9.7.3.dfsg-1ubuntu2.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libdns36 / libdns64 / libdns66 / libdns69\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:15:08", "bulletinFamily": "scanner", "description": "ISC reports :\n\nTwo defects were discovered in ISC's BIND 9.8 code. These defects only affect BIND 9.8 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones (RPZ) and where the RPZ zone contains a specific rule/action pattern.", "modified": "2018-11-10T00:00:00", "id": "FREEBSD_PKG_4CCEE784A72111E089B4001EC9578670.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=55517", "published": "2011-07-06T00:00:00", "title": "FreeBSD : BIND -- Remote DoS with certain RPZ configurations (4ccee784-a721-11e0-89b4-001ec9578670)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55517);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/10 11:49:42\");\n\n script_cve_id(\"CVE-2011-2465\");\n\n script_name(english:\"FreeBSD : BIND -- Remote DoS with certain RPZ configurations (4ccee784-a721-11e0-89b4-001ec9578670)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"ISC reports :\n\nTwo defects were discovered in ISC's BIND 9.8 code. These defects only\naffect BIND 9.8 servers which have recursion enabled and which use a\nspecific feature of the software known as Response Policy Zones (RPZ)\nand where the RPZ zone contains a specific rule/action pattern.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.isc.org/software/bind/advisories/cve-2011-2465\"\n );\n # https://vuxml.freebsd.org/freebsd/4ccee784-a721-11e0-89b4-001ec9578670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7f85833a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:bind98\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"bind98<9.8.0.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T23:05:18", "bulletinFamily": "info", "description": "[](<https://threatpost.com/new-bind-release-fixes-high-severity-remote-bugs-070611/>)The Internet Systems Consortium has released new versions of the ubiquitous BIND server software that fix a pair of vulnerabilities in existing releases, one of which enables an attacker to stop the software from running on remote DNS servers.\n\nThe high-severity vulnerability in many versions of the BIND software has the effect of causing the BIND server to exit when it receives a specially formatted packet. The ISC said that although it isn\u2019t aware of any public exploits for the bug, it still recommends that organizations upgrade to one of the newer versions of BIND, which include 9.6-ESV-R4-P3, 9.7.3-P3 or 9.8.0-P4.\n\nBIND is the standard for DNS servers and is far and away the most widely deployed DNS name server package. In [its advisory](<http://www.isc.org/software/bind/advisories/cve-2011-2464>), the ISC, which maintains BIND, said that there also is at least one scenario in which an attacker could exploit this vulnerability using malware.\n\n\u201cA defect in the affected BIND 9 versions allows an attacker to \nremotely cause the \u201cnamed\u201d process to exit using a specially crafted \npacket. This defect affects both recursive and authoritative servers. \nThe code location of the defect makes it impossible to protect BIND \nusing ACLs configured within named.conf or by disabling any features at \ncompile-time or run-time,\u201d the ISC advisory said.\n\n\u201cA remote attacker would need to be able to send a specially crafted \npacket directly to a server running a vulnerable version of BIND. There \nis also the potential for an indirect attack via malware that is \ninadvertently installed and run, where infected machines have direct \naccess to an organization\u2019s nameservers.\u201d\n\nISC officials said in the advisory that there aren\u2019t any known workarounds for this vulnerability and that ACLs would not work either because of the location of the vulnerable code.\n\nThe new versions of BIND also include a fix for a separate vulnerability that affects BIND servers that have a feature called Response Policy Zones enabled. That vulnerability also is listed as a high-severity bug and can be used by a remote attacker to cause the BIND process to exit. The [BIND RPZ crash vulnerability](<http://www.isc.org/software/bind/advisories/cve-2011-2465>) can be mitigated by not putting certain records in the RPZ zone.\n\n\u201cA defect in the affected versions of BIND could cause the \u201cnamed\u201d \nprocess to exit when queried, if the server has recursion enabled and \nwas configured with an RPZ zone containing certain types of records. \nSpecifically, these are any DNAME record and certain kinds of CNAME \nrecords,\u201d ISC said.\n", "modified": "2013-04-17T16:34:14", "published": "2011-07-06T19:42:07", "id": "THREATPOST:B10800CA8727ACCCEBAEC24EF4ED6E27", "href": "https://threatpost.com/new-bind-release-fixes-high-severity-remote-bugs-070611/75400/", "type": "threatpost", "title": "New BIND Release Fixes High-Severity Remote Bugs", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-11-19T13:07:29", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-08-18T00:00:00", "id": "OPENVAS:1361412562310850168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850168", "title": "SuSE Update for bind SUSE-SA:2011:029", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for bind SUSE-SA:2011:029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850168\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"SUSE-SA\", value:\"2011-029\");\n script_cve_id(\"CVE-2011-2464\", \"CVE-2011-2465\");\n script_name(\"SuSE Update for bind SUSE-SA:2011:029\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE11\\.3)\");\n script_tag(name:\"impact\", value:\"remote denial of service\");\n script_tag(name:\"affected\", value:\"bind on openSUSE 11.3, openSUSE 11.4\");\n script_tag(name:\"insight\", value:\"A remote Denial of Service vulnerability has been fixed in the BIND\n DNS nameserver.\n\n Specially crafted packets could cause bind servers (recursive as well\n as authoritative) to exit. CVE-2011-2464\n\n This issue affected bind 9.6 and later, so SUSE Linux Enterprise\n 10 SP4, SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 and 11.4\n were affected.\n\n Older service packs / products are not affected by CVE-2011-2464.\n\n\n Please also note that the other currently published security issue,\n CVE-2011-2465, affected only BIND versions 9.8.0 and later, which none\n of our current products include, making all of them not affected by\n this issue.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:18:46", "bulletinFamily": "scanner", "description": "Check for the Version of bind", "modified": "2017-12-08T00:00:00", "published": "2011-08-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850168", "id": "OPENVAS:850168", "title": "SuSE Update for bind SUSE-SA:2011:029", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for bind SUSE-SA:2011:029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A remote Denial of Service vulnerability has been fixed in the BIND\n DNS nameserver.\n\n Specially crafted packets could cause bind servers (recursive as well\n as authoritative) to exit. CVE-2011-2464\n\n This issue affected bind 9.6 and later, so SUSE Linux Enterprise\n 10 SP4, SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 and 11.4\n were affected.\n\n Older service packs / products are not affected by CVE-2011-2464.\n\n\n Please also note that the other currently published security issue,\n CVE-2011-2465, affected only BIND versions 9.8.0 and later, which none\n of our current products include, making all of them not affected by\n this issue.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote denial of service\";\ntag_affected = \"bind on openSUSE 11.3, openSUSE 11.4\";\n\n\nif(description)\n{\n script_id(850168);\n script_version(\"$Revision: 8041 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 08:28:21 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-18 14:57:45 +0200 (Thu, 18 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"SUSE-SA\", value: \"2011-029\");\n script_cve_id(\"CVE-2011-2464\", \"CVE-2011-2465\");\n script_name(\"SuSE Update for bind SUSE-SA:2011:029\");\n\n script_summary(\"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.7.3P3~0.2.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-chrootenv\", rpm:\"bind-chrootenv~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs\", rpm:\"bind-libs~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-libs-32bit\", rpm:\"bind-libs-32bit~9.7.3P3~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:03:11", "bulletinFamily": "scanner", "description": "Check for the Version of bind", "modified": "2018-04-06T00:00:00", "published": "2011-07-18T00:00:00", "id": "OPENVAS:1361412562310863351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863351", "title": "Fedora Update for bind FEDORA-2011-9146", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2011-9146\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bind on Fedora 15\";\ntag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n (Domain Name System) protocols. BIND includes a DNS server (named),\n which resolves host names to IP addresses; a resolver library\n (routines for applications to use when interfacing with DNS); and\n tools for verifying that the DNS server is operating properly.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863351\");\n script_version(\"$Revision: 9371 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:55:06 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9146\");\n script_cve_id(\"CVE-2011-1910\", \"CVE-2011-2464\", \"CVE-2011-2465\");\n script_name(\"Fedora Update for bind FEDORA-2011-9146\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.0~7.P4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:20", "bulletinFamily": "scanner", "description": "Check for the Version of bind", "modified": "2017-07-10T00:00:00", "published": "2011-07-18T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=863351", "id": "OPENVAS:863351", "title": "Fedora Update for bind FEDORA-2011-9146", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for bind FEDORA-2011-9146\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"bind on Fedora 15\";\ntag_insight = \"BIND (Berkeley Internet Name Domain) is an implementation of the DNS\n (Domain Name System) protocols. BIND includes a DNS server (named),\n which resolves host names to IP addresses; a resolver library\n (routines for applications to use when interfacing with DNS); and\n tools for verifying that the DNS server is operating properly.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html\");\n script_id(863351);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-18 15:23:56 +0200 (Mon, 18 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-9146\");\n script_cve_id(\"CVE-2011-1910\", \"CVE-2011-2464\", \"CVE-2011-2465\");\n script_name(\"Fedora Update for bind FEDORA-2011-9146\");\n\n script_summary(\"Check for the Version of bind\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.8.0~7.P4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:27:17", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1163-1", "modified": "2017-12-01T00:00:00", "published": "2011-07-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840694", "id": "OPENVAS:840694", "title": "Ubuntu Update for bind9 USN-1163-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1163_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for bind9 USN-1163-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Bind incorrectly handled certain specially crafted\n packets. A remote attacker could use this flaw to cause Bind to stop\n responding, resulting in a denial of service.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1163-1\";\ntag_affected = \"bind9 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1163-1/\");\n script_id(840694);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-08 16:31:28 +0200 (Fri, 08 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"USN\", value: \"1163-1\");\n script_cve_id(\"CVE-2011-2464\");\n script_name(\"Ubuntu Update for bind9 USN-1163-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libdns66\", ver:\"1:9.7.1.dfsg.P2-2ubuntu0.4\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libdns64\", ver:\"1:9.7.0.dfsg.P1-1ubuntu0.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libdns69\", ver:\"1:9.7.3.dfsg-1ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libdns36\", ver:\"1:9.4.2.dfsg.P2-2ubuntu0.8\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:02:03", "bulletinFamily": "scanner", "description": "Check for the Version of bind97", "modified": "2018-04-06T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310881240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881240", "title": "CentOS Update for bind97 CESA-2011:0926 centos5 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for bind97 CESA-2011:0926 centos5 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\n Name System (DNS) protocols. BIND includes a DNS server (named); a resolver\n library (routines for applications to use when interfacing with DNS); and\n tools for verifying that the DNS server is operating correctly.\n\n A flaw was discovered in the way BIND handled certain DNS requests. A\n remote attacker could use this flaw to send a specially-crafted DNS request\n packet to BIND, causing it to exit unexpectedly due to a failed assertion.\n (CVE-2011-2464)\n \n Users of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat\n Enterprise Linux 6, are advised to upgrade to these updated packages, which\n resolve this issue. After installing the update, the BIND daemon (named)\n will be restarted automatically.\";\n\ntag_affected = \"bind97 on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2011-July/017644.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881240\");\n script_version(\"$Revision: 9352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:13:02 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 17:08:03 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2011-2464\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"CESA\", value: \"2011:0926\");\n script_name(\"CentOS Update for bind97 CESA-2011:0926 centos5 x86_64\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of bind97\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind97\", rpm:\"bind97~9.7.0~6.P2.el5_6.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-chroot\", rpm:\"bind97-chroot~9.7.0~6.P2.el5_6.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-devel\", rpm:\"bind97-devel~9.7.0~6.P2.el5_6.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-libs\", rpm:\"bind97-libs~9.7.0~6.P2.el5_6.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind97-utils\", rpm:\"bind97-utils~9.7.0~6.P2.el5_6.3\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:55:36", "bulletinFamily": "scanner", "description": "The remote host is missing an update to bind9\nannounced via advisory DSA 2272-1.", "modified": "2017-07-07T00:00:00", "published": "2011-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69979", "id": "OPENVAS:69979", "title": "Debian Security Advisory DSA 2272-1 (bind9)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2272_1.nasl 6613 2017-07-07 12:08:40Z cfischer $\n# Description: Auto-generated from advisory DSA 2272-1 (bind9)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that BIND, a DNS server, does not correctly process\ncertain UPDATE requests, resulting in a server crash and a denial of\nservice. This vulnerability affects BIND installations even if they\ndo not actually use dynamic DNS updates.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1:9.6.ESV.R4+dfsg-0+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze3.\n\nThe testing distribution (wheezy) and the unstable distribution (sid)\nwill be fixed later.\n\nWe recommend that you upgrade your bind9 packages.\";\ntag_summary = \"The remote host is missing an update to bind9\nannounced via advisory DSA 2272-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202272-1\";\n\n\nif(description)\n{\n script_id(69979);\n script_version(\"$Revision: 6613 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:40 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-2464\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 2272-1 (bind9)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-50\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns58\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc50\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc50\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg50\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres50\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.6.ESV.R4+dfsg-0+lenny3\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-doc\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9-host\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"bind9utils\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dnsutils\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"host\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind-dev\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libbind9-60\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdns69\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisc62\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccc60\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libisccfg62\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"liblwres60\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"lwresd\", ver:\"1:9.7.3.dfsg-1~squeeze3\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:13:42", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-25T00:00:00", "published": "2011-08-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=69993", "id": "OPENVAS:69993", "title": "FreeBSD Ports: bind96", "type": "openvas", "sourceData": "#\n#VID fd64188d-a71d-11e0-89b4-001ec9578670\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID fd64188d-a71d-11e0-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n bind96\n bind97\n bind98\n\nCVE-2011-2464\nUnspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3,\n9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote\nattackers to cause a denial of service (named daemon crash) via a\ncrafted UPDATE request.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttps://www.isc.org/software/bind/advisories/cve-2011-2464\nhttp://www.vuxml.org/freebsd/fd64188d-a71d-11e0-89b4-001ec9578670.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(69993);\n script_version(\"$Revision: 5424 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-25 17:52:36 +0100 (Sat, 25 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-2464\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: bind96\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"bind96\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.6.3.1.ESV.R4.3\")<0) {\n txt += 'Package bind96 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"bind97\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.7.3.3\")<0) {\n txt += 'Package bind97 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"bind98\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.8.0.4\")<0) {\n txt += 'Package bind98 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-11-19T13:07:31", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2011-07-22T00:00:00", "id": "OPENVAS:1361412562310831426", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831426", "title": "Mandriva Update for bind MDVSA-2011:115 (bind)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for bind MDVSA-2011:115 (bind)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.mandriva.com/security-announce/2011-07/msg00004.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831426\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-07-22 14:44:51 +0200 (Fri, 22 Jul 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2011:115\");\n script_cve_id(\"CVE-2011-2464\");\n script_name(\"Mandriva Update for bind MDVSA-2011:115 (bind)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'bind'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(mes5|2010\\.1|2009\\.0)\");\n script_tag(name:\"affected\", value:\"bind on Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2010.1,\n Mandriva Linux 2010.1/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\");\n script_tag(name:\"insight\", value:\"A vulnerability was discovered and corrected in bind:\n\n Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3,\n 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote\n attackers to cause a denial of service (named daemon crash) via a\n crafted UPDATE request (CVE-2011-2464).\n\n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. The updated packages have been upgraded to bind 9.7.3-P3 which is\n not vulnerable to this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.7.3~0.0.P3.1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.7.3~0.0.P3.1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.7.3~0.0.P3.1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.7.3~0.0.P3.1.1mdvmes5.2\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.7.3~0.0.P3.1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.7.3~0.0.P3.1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.7.3~0.0.P3.1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.7.3~0.0.P3.1.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"bind\", rpm:\"bind~9.7.3~0.0.P3.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-devel\", rpm:\"bind-devel~9.7.3~0.0.P3.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-doc\", rpm:\"bind-doc~9.7.3~0.0.P3.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"bind-utils\", rpm:\"bind-utils~9.7.3~0.0.P3.1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-10-08T12:48:35", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-08-03T00:00:00", "id": "OPENVAS:136141256231069993", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069993", "title": "FreeBSD Ports: bind96", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_bind96.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID fd64188d-a71d-11e0-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69993\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-03 04:36:20 +0200 (Wed, 03 Aug 2011)\");\n script_cve_id(\"CVE-2011-2464\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: bind96\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n bind96\n bind97\n bind98\n\nCVE-2011-2464\nUnspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3,\n9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote\nattackers to cause a denial of service (named daemon crash) via a\ncrafted UPDATE request.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"https://www.isc.org/software/bind/advisories/cve-2011-2464\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/fd64188d-a71d-11e0-89b4-001ec9578670.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"bind96\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.6.3.1.ESV.R4.3\")<0) {\n txt += 'Package bind96 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"bind97\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.7.3.3\")<0) {\n txt += 'Package bind97 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\nbver = portver(pkg:\"bind98\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.8.0.4\")<0) {\n txt += 'Package bind98 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:15:04", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2272-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJuly 05, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : bind9\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-2464\n\nIt was discovered that BIND, a DNS server, does not correctly process\ncertain UPDATE requests, resulting in a server crash and a denial of\nservice. This vulnerability affects BIND installations even if they\ndo not actually use dynamic DNS updates.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1:9.6.ESV.R4+dfsg-0+lenny3.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1:9.7.3.dfsg-1~squeeze3.\n\nThe testing distribution (wheezy) and the unstable distribution (sid)\nwill be fixed later.\n\nWe recommend that you upgrade your bind9 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-07-05T18:46:33", "published": "2011-07-05T18:46:33", "id": "DEBIAN:DSA-2272-1:98389", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00144.html", "title": "[SECURITY] [DSA 2272-1] bind9 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2011:0926\n\n\nThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A\nremote attacker could use this flaw to send a specially-crafted DNS request\npacket to BIND, causing it to exit unexpectedly due to a failed assertion.\n(CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat\nEnterprise Linux 6, are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2011-July/017643.html\nhttp://lists.centos.org/pipermail/centos-announce/2011-July/017644.html\n\n**Affected packages:**\nbind97\nbind97-chroot\nbind97-devel\nbind97-libs\nbind97-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2011-0926.html", "modified": "2011-07-07T18:46:36", "published": "2011-07-07T18:46:35", "href": "http://lists.centos.org/pipermail/centos-announce/2011-July/017643.html", "id": "CESA-2011:0926", "title": "bind97 security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:42", "bulletinFamily": "unix", "description": "New bind packages are available for Slackware 13.37, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz: Upgraded.\n A specially constructed packet will cause BIND 9 ("named") to exit,\n affecting DNS service. The issue exists in BIND 9.6.3 and newer.\n "Change #2912 (see CHANGES) exposed a latent bug in the DNS message\n processing code that could allow certain UPDATE requests to crash\n named. This was fixed by disambiguating internal database\n representation vs DNS wire format data. [RT #24777] [CVE-2011-2464]"\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.7.3_P3-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.7.3_P3-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.7.3_P3-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.7.3_P3-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.37 package:\n6aa159ec74146d5794cd46075541405c bind-9.7.3_P3-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n08abf6bfffc52c0a392658ebd3fa046c bind-9.7.3_P3-x86_64-1_slack13.37.txz\n\nSlackware -current package:\ne5e1be017f8204ba3e3b4ad9e30f3714 n/bind-9.7.3_P3-i486-1.txz\n\nSlackware x86_64 -current package:\n3d1e556bc5a7646cf331398a8f09d582 n/bind-9.7.3_P3-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.7.3_P3-i486-1_slack13.37.txz\n\nThen, restart the name server:\n\n > /etc/rc.d/rc.bind restart", "modified": "2011-07-08T12:18:53", "published": "2011-07-08T12:18:53", "id": "SSA-2011-189-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.377171", "title": "bind", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T02:36:39", "bulletinFamily": "unix", "description": "New bind packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/bind-9.7.4-i486-1_slack13.37.txz: Upgraded.\n This BIND update addresses a couple of security issues:\n * named, set up to be a caching resolver, is vulnerable to a user\n querying a domain with very large resource record sets (RRSets)\n when trying to negatively cache the response. Due to an off-by-one\n error, caching the response could cause named to crash. [RT #24650]\n [CVE-2011-1910]\n * Change #2912 (see CHANGES) exposed a latent bug in the DNS message\n processing code that could allow certain UPDATE requests to crash\n named. [RT #24777] [CVE-2011-2464]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/bind-9.4_ESV_R5-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/bind-9.4_ESV_R5-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/bind-9.4_ESV_R5-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/bind-9.4_ESV_R5-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bind-9.4_ESV_R5-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bind-9.4_ESV_R5-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/bind-9.4_ESV_R5-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/bind-9.4_ESV_R5-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/bind-9.7.4-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/bind-9.7.4-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.7.4-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.7.4-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\ndc89ecedef601f734fd45daa5bdcd7d9 bind-9.4_ESV_R5-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\nd3bfca586ce41793538cec589ec5e885 bind-9.4_ESV_R5-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\nf515e3b8a2b22e1ba39735951f384bfe bind-9.4_ESV_R5-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\nbaefa4932cef962cd911dc4d963f014e bind-9.4_ESV_R5-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n8dabc6e5022b1135a9ba8a0aca654233 bind-9.4_ESV_R5-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nb956f174f5804d04afe9f922e6dce047 bind-9.4_ESV_R5-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n71b7dea3e090840d319ee14bae47066e bind-9.4_ESV_R5-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\na62f276534e0528ff72e619fd6693a9c bind-9.4_ESV_R5-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\n2687b1d88aa9098f8c2f17b0a2305922 bind-9.4_ESV_R5-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\n400f63e3904f17878ffcfb708dc2441e bind-9.4_ESV_R5-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\n09ef7f2dc543effe1c6867403f577c31 bind-9.4_ESV_R5-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n54a40e83d4fbdc6ad5cb6a6f675c32a5 bind-9.4_ESV_R5-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n892a69decaf20b0fdbb3c26e350f4091 bind-9.4_ESV_R5-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nc0455392827bbab32f2f61efad86d306 bind-9.4_ESV_R5-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\ndd9c61c7937d6962644f3ab3b6827e9c bind-9.7.4-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n5b1a647dbb9650dfcaf60e17c9de5c6b bind-9.7.4-x86_64-1_slack13.37.txz\n\nSlackware -current package:\n8de3690d50448e07641ab56781809fb3 n/bind-9.7.4-i486-1.txz\n\nSlackware x86_64 -current package:\n052dc19a356df332d355581aa1d798f6 n/bind-9.7.4-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg bind-9.7.4-i486-1_slack13.37.txz\n\nThen, restart the name server:\n\n > /etc/rc.d/rc.bind restart", "modified": "2011-08-12T17:34:14", "published": "2011-08-12T17:34:14", "id": "SSA-2011-224-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.662839", "title": "bind", "type": "slackware", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:14", "bulletinFamily": "unix", "description": "\nISC reports:\n\nA defect in the affected BIND 9 versions allows an attacker to\n\t remotely cause the \"named\" process to exit using a specially\n\t crafted packet.\nThis defect affects both recursive and authoritative servers.\n\n", "modified": "2011-07-05T00:00:00", "published": "2011-07-05T00:00:00", "id": "FD64188D-A71D-11E0-89B4-001EC9578670", "href": "https://vuxml.freebsd.org/freebsd/fd64188d-a71d-11e0-89b4-001ec9578670.html", "title": "BIND -- Remote DoS against authoritative and recursive servers", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:15:14", "bulletinFamily": "unix", "description": "\nISC reports:\n\nTwo defects were discovered in ISC's BIND 9.8 code. These\n\t defects only affect BIND 9.8 servers which have recursion\n\t enabled and which use a specific feature of the software known\n\t as Response Policy Zones (RPZ) and where the RPZ zone contains\n\t a specific rule/action pattern.\n\n", "modified": "2011-07-05T00:00:00", "published": "2011-07-05T00:00:00", "id": "4CCEE784-A721-11E0-89B4-001EC9578670", "href": "https://vuxml.freebsd.org/freebsd/4ccee784-a721-11e0-89b4-001ec9578670.html", "title": "BIND -- Remote DoS with certain RPZ configurations", "type": "freebsd", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T19:43:08", "bulletinFamily": "unix", "description": "The Berkeley Internet Name Domain (BIND) is an implementation of the Domain\nName System (DNS) protocols. BIND includes a DNS server (named); a resolver\nlibrary (routines for applications to use when interfacing with DNS); and\ntools for verifying that the DNS server is operating correctly.\n\nA flaw was discovered in the way BIND handled certain DNS requests. A\nremote attacker could use this flaw to send a specially-crafted DNS request\npacket to BIND, causing it to exit unexpectedly due to a failed assertion.\n(CVE-2011-2464)\n\nUsers of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat\nEnterprise Linux 6, are advised to upgrade to these updated packages, which\nresolve this issue. After installing the update, the BIND daemon (named)\nwill be restarted automatically.\n", "modified": "2018-06-06T20:24:06", "published": "2011-07-07T04:00:00", "id": "RHSA-2011:0926", "href": "https://access.redhat.com/errata/RHSA-2011:0926", "type": "redhat", "title": "(RHSA-2011:0926) Important: bind security update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:39:17", "bulletinFamily": "unix", "description": "[32:9.7.3-2.2.P3]\r\n- update to 9.7.3-P3 (CVE-2011-2464)", "modified": "2011-07-07T00:00:00", "published": "2011-07-07T00:00:00", "id": "ELSA-2011-0926", "href": "http://linux.oracle.com/errata/ELSA-2011-0926.html", "title": "bind security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:41:34", "bulletinFamily": "unix", "description": "[32:9.7.3-2.3.P3]\n- fix DOS against recursive servers (#754398)\n[32:9.7.3-2.2.P3]\n- update to 9.7.3-P3 (CVE-2011-2464)\n[32:9.7.3-2.1.P1]\n- update to 9.7.3-P1 (CVE-2011-1910)", "modified": "2011-11-17T00:00:00", "published": "2011-11-17T00:00:00", "id": "ELSA-2011-1458", "href": "http://linux.oracle.com/errata/ELSA-2011-1458.html", "title": "bind security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:09:32", "bulletinFamily": "unix", "description": "It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.", "modified": "2011-07-05T00:00:00", "published": "2011-07-05T00:00:00", "id": "USN-1163-1", "href": "https://usn.ubuntu.com/1163-1/", "title": "Bind vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T18:02:04", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 48566\r\nCVE ID: CVE-2011-2464\r\n\r\nBIND\u662f\u4e00\u4e2a\u5e94\u7528\u975e\u5e38\u5e7f\u6cdb\u7684DNS\u534f\u8bae\u7684\u5b9e\u73b0\uff0c\u7531ISC\u8d1f\u8d23\u7ef4\u62a4\uff0c\u5177\u4f53\u7684\u5f00\u53d1\u7531Nominum\u516c\u53f8\u5b8c\u6210\u3002\r\n\r\nISC BIND\u5728\u5904\u7406\u7279\u5236\u7684UPDATE\u8bf7\u6c42\u65f6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5f71\u54cd\u9012\u5f52\u548c\u6388\u6743\u670d\u52a1\u5668\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u6b64\u6f0f\u6d1e\u6e90\u4e8e\u5904\u7406UPDATE\u8bf7\u6c42\u65f6\u7684\u9519\u8bef\uff0c\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684UPDATE\u8bf7\u6c42\u9020\u6210named\u8fdb\u7a0b\u4e2d\u65ad\u3002\u56e0\u4e3a\u6f0f\u6d1e\u4ee3\u7801\u6240\u5728\u4f4d\u7f6e\uff0c\u4e0d\u53ef\u80fd\u901a\u8fc7named.conf\u4e2d\u914d\u7f6e\u7684ACL\u6216\u7981\u7528\u4e00\u4e9b\u529f\u80fd\uff08\u5728\u7f16\u8bd1\u65f6\u6216\u8fd0\u884c\u65f6\uff09\u6765\u4fdd\u62a4BIND\u3002\n\nISC BIND 9.7.1-P2\r\nISC BIND 9.7.1-P1\r\nISC BIND 9.7.1\r\nISC BIND 9.7.0 P2\r\nISC BIND 9.7.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nISC\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.isc.org/", "modified": "2011-07-07T00:00:00", "published": "2011-07-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20706", "id": "SSV:20706", "title": "ISC BIND UPDATE\u8bf7\u6c42\u5904\u7406\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:02:01", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 48565\r\nCVE ID: CVE-2011-2465\r\n\r\nBIND\u662f\u4e00\u4e2a\u5e94\u7528\u975e\u5e38\u5e7f\u6cdb\u7684DNS\u534f\u8bae\u7684\u5b9e\u73b0\uff0c\u7531ISC\u8d1f\u8d23\u7ef4\u62a4\uff0c\u5177\u4f53\u7684\u5f00\u53d1\u7531Nominum\u516c\u53f8\u5b8c\u6210\u3002\r\n\r\nISC BIND\u5728\u67d0\u4e9bRPZ\u914d\u7f6e\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\r\n\r\n\u5728\u5904\u7406DNAME\u548cCNAME\u8bb0\u5f55\u65f6\uff0cRPZ\u529f\u80fd\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u88ab\u5229\u7528\u7ec8\u6b62named\u8fdb\u7a0b\u3002\u5982\u679c\u670d\u52a1\u5668\u542f\u7528\u4e86\u9012\u5f52\u5e76\u7528\u5305\u542b\u67d0\u4e9b\u7c7b\u578b\u8bb0\u5f55\u7684RPZ\u533a\u57df\u914d\u7f6e\uff0c\u5219\u5728\u67e5\u8be2\u65f6\uff0cBIND\u53d7\u5f71\u54cd\u7248\u672c\u4e2d\u7684\u9519\u8bef\u53ef\u9020\u6210named\u8fdb\u7a0b\u9000\u51fa\u3002\n\nISC BIND 9.7.1-P2\r\nISC BIND 9.7.1-P1\r\nISC BIND 9.7.1\r\nISC BIND 9.7.0 P2\r\nISC BIND 9.7.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nISC\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.isc.org/", "modified": "2011-07-07T00:00:00", "published": "2011-07-07T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-20705", "id": "SSV:20705", "title": "ISC BIND 9 RPZ\u914d\u7f6e\u8fdc\u7a0b\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": ""}], "cert": [{"lastseen": "2018-12-25T20:18:02", "bulletinFamily": "info", "description": "### Overview \n\nISC BIND 9 contains a remote packet denial of service vulnerability when running as an authoritative or recursive server.\n\n### Description \n\nAccording to [ISC](<http://www.isc.org/software/bind/advisories/cve-2011-2464>):\n\n_A defect in the affected BIND 9 versions allows an attacker to remotely cause the \"named\" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. \n \nA remote attacker would need to be able to send a specially crafted packet directly to a server running a vulnerable version of BIND. There is also the potential for an indirect attack via malware that is inadvertently installed and run, where infected machines have direct access to an organization's nameservers._ \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker can cause the named daemon to crash creating a denial of service condition. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nUsers who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors. \n \nThis vulnerability is addressed in ISC BIND versions 9.6-ESV-R4-P3, 9.7.3-P3 and 9.8.0-P4. Users of BIND from the original source distribution should upgrade to this version. \n \nSee also <http://www.isc.org/software/bind/advisories/cve-2011-2464> \n \n--- \n \n### Vendor Information\n\n142646\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Debian GNU/Linux \n\nUpdated: July 07, 2011 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nFor the oldstable distribution (lenny), this problem has been fixed in\n\nversion 1:9.6.ESV.R4+dfsg-0+lenny3. \n \nFor the stable distribution (squeeze), this problem has been fixed in \nversion 1:9.7.3.dfsg-1~squeeze3. \n \nThe testing distribution (wheezy) and the unstable distribution (sid) \nwill be fixed later. \n \nWe recommend that you upgrade your bind9 packages.\n\n### __ Internet Systems Consortium \n\nNotified: June 16, 2011 Updated: July 05, 2011 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<http://www.isc.org/software/bind/advisories/cve-2011-2464>\n\n### __ __ Mandriva S. A. \n\nUpdated: July 20, 2011 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nMandriva Linux 2009.0:\n\nca6c480f7a3738227e5a7190ec1499b7 2009.0/i586/bind-9.7.3-0.0.P3.1.1mdv2009.0.i586.rpm \n09875b79c8645d5435ce653a7d2844b9 2009.0/i586/bind-devel-9.7.3-0.0.P3.1.1mdv2009.0.i586.rpm \nabb841d7abc6ac1a69cf28af7c2e5e19 2009.0/i586/bind-doc-9.7.3-0.0.P3.1.1mdv2009.0.i586.rpm \ndb42fa2094b45da2ead8c614ea8f39b0 2009.0/i586/bind-utils-9.7.3-0.0.P3.1.1mdv2009.0.i586.rpm \n2e3ba946b0a13c0a424a1597f255dcb5 2009.0/SRPMS/bind-9.7.3-0.0.P3.1.1mdv2009.0.src.rpm \n \nMandriva Linux 2009.0/X86_64: \nf58b8e207e209cef128693b7049d162f 2009.0/x86_64/bind-9.7.3-0.0.P3.1.1mdv2009.0.x86_64.rpm \ndc1085555707774e4e9709891aa79dd1 2009.0/x86_64/bind-devel-9.7.3-0.0.P3.1.1mdv2009.0.x86_64.rpm \n1e34f338c7ba785e0271859b22ab2c28 2009.0/x86_64/bind-doc-9.7.3-0.0.P3.1.1mdv2009.0.x86_64.rpm \n00dc003c8fe9c03c7122300d81d91905 2009.0/x86_64/bind-utils-9.7.3-0.0.P3.1.1mdv2009.0.x86_64.rpm \n2e3ba946b0a13c0a424a1597f255dcb5 2009.0/SRPMS/bind-9.7.3-0.0.P3.1.1mdv2009.0.src.rpm \n \nMandriva Linux 2010.1: \naeb3ed5e5f630ff5aac1429fe59907df 2010.1/i586/bind-9.7.3-0.0.P3.1.1mdv2010.2.i586.rpm \n10b785d8384c7f8f7b600cc36023446a 2010.1/i586/bind-devel-9.7.3-0.0.P3.1.1mdv2010.2.i586.rpm \n6afb5e313edd48b9c960ecebd73af92e 2010.1/i586/bind-doc-9.7.3-0.0.P3.1.1mdv2010.2.i586.rpm \nf135331906181bb6da064259ecbc647a 2010.1/i586/bind-utils-9.7.3-0.0.P3.1.1mdv2010.2.i586.rpm \nf130951f40fdbde979c9999f2bc29ccf 2010.1/SRPMS/bind-9.7.3-0.0.P3.1.1mdv2010.2.src.rpm \n \nMandriva Linux 2010.1/X86_64: \n7eeb4c6916e8dc5ecc2b7284c733ea8e 2010.1/x86_64/bind-9.7.3-0.0.P3.1.1mdv2010.2.x86_64.rpm \nf7687346e5c7072395a0d158f7070d9f 2010.1/x86_64/bind-devel-9.7.3-0.0.P3.1.1mdv2010.2.x86_64.rpm \n1e890bc2ba91af8d3fa57c7a7bd008c7 2010.1/x86_64/bind-doc-9.7.3-0.0.P3.1.1mdv2010.2.x86_64.rpm \nbdf6a36d8c002d6ad62eeb83b6dc54fc 2010.1/x86_64/bind-utils-9.7.3-0.0.P3.1.1mdv2010.2.x86_64.rpm \nf130951f40fdbde979c9999f2bc29ccf 2010.1/SRPMS/bind-9.7.3-0.0.P3.1.1mdv2010.2.src.rpm \n \nMandriva Enterprise Server 5: \n750c707ab5d471f54a2e62a265628b05 mes5/i586/bind-9.7.3-0.0.P3.1.1mdvmes5.2.i586.rpm \na4cc134f17c999467986e03e5a5caa18 mes5/i586/bind-devel-9.7.3-0.0.P3.1.1mdvmes5.2.i586.rpm \neb4cb65573546064202eda0a494de398 mes5/i586/bind-doc-9.7.3-0.0.P3.1.1mdvmes5.2.i586.rpm \nf5cad026fb2402b78be8d1eb340a9ef9 mes5/i586/bind-utils-9.7.3-0.0.P3.1.1mdvmes5.2.i586.rpm \n092f9de8063f70ced41bfdfb6c4edbad mes5/SRPMS/bind-9.7.3-0.0.P3.1.1mdvmes5.2.src.rpm \n \nMandriva Enterprise Server 5/X86_64: \n3b5a09e53f39c5135dd72638be00ba59 mes5/x86_64/bind-9.7.3-0.0.P3.1.1mdvmes5.2.x86_64.rpm \n61251e33bc1e649e7b5da91dcfd4c6b1 mes5/x86_64/bind-devel-9.7.3-0.0.P3.1.1mdvmes5.2.x86_64.rpm \n2b8bfeca87fb28326b4c2e76ae7dc920 mes5/x86_64/bind-doc-9.7.3-0.0.P3.1.1mdvmes5.2.x86_64.rpm \nceb92e09171cf5ef0eee8a04e4a52fec mes5/x86_64/bind-utils-9.7.3-0.0.P3.1.1mdvmes5.2.x86_64.rpm \n092f9de8063f70ced41bfdfb6c4edbad mes5/SRPMS/bind-9.7.3-0.0.P3.1.1mdvmes5.2.src.rpm\n\n### __ Red Hat, Inc. \n\nUpdated: July 07, 2011 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<https://bugzilla.redhat.com/CVE-2011-2464>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n<http://www.isc.org/software/bind/advisories/cve-2011-2464>\n\n### Credit\n\nThanks to Internet Systems Consortium for reporting this vulnerability. \n\nThis document was written by Michael Orlando. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2011-2464](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2464>) \n---|--- \n**Severity Metric:****** | 17.85 \n**Date Public:** | 2011-07-05 \n**Date First Published:** | 2011-07-05 \n**Date Last Updated: ** | 2011-07-20 18:57 UTC \n**Document Revision: ** | 14 \n", "modified": "2011-07-20T18:57:00", "published": "2011-07-05T00:00:00", "id": "VU:142646", "href": "https://www.kb.cert.org/vuls/id/142646", "type": "cert", "title": "ISC BIND 9 named denial of service vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-12-25T20:18:01", "bulletinFamily": "info", "description": "### Overview \n\nISC BIND 9 contains a remote crashing vulnerability when running with certain RPZ configurations.\n\n### Description \n\nAccording to [ISC](<http://www.isc.org/software/bind/advisories/cve-2011-2465>):\n\n_A defect in the affected versions of BIND could cause the \"named\" process to exit when queried, if the server has recursion enabled and was configured with an RPZ zone containing certain types of records. Specifically, these are any DNAME record and certain kinds of CNAME records. \n \nThe patch release of BIND 9.8.0-P4 alters the behavior of RPZ zones by ignoring any DNAME records in an RPZ zone, and correctly returning CNAME records from RPZ zones. \n \nNote that DNAME has no defined effect on the RPZ engine and its presence in an RPZ zone is ignored. The definitive list of meaningful patterns in an RPZ zone is given in the BIND 9 Administrative Reference Manual and also in _[_ISC Technical Note 2010-1_](<http://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt>)_._ \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker can cause the named daemon to crash creating a denial of service condition. \n \n--- \n \n### Solution \n\n**Apply an update** \n \nUsers who obtain BIND from a third-party vendor, such as their operating system vendor, should see the vendor information portion of this document for a partial list of affected vendors. \n \nThis vulnerability is addressed in ISC BIND version 9.8.0-P4. Users of BIND from the original source distribution should upgrade to this version. \n \nSee also <http://www.isc.org/software/bind/advisories/cve-2011-2465> \n \n--- \n \nAccording to [ISC](<http://www.isc.org/software/bind/advisories/cve-2011-2465>): \n_Do not put certain CNAME or any DNAME records into an RPZ zone file until your software can be patched. If you subscribe to a service which supplies your RPZ zone data, ensure that it does not contain any DNAME or certain CNAME records. The CNAME records which must not be used are those which signal the RPZ engine to rewrite query names. CNAME records which signal the RPZ engine to forge an NXDOMAIN response are not affected by this defect. \n \nAn example of an RPZ rule which causes a query name to be rewritten is: \n \n*.malicious-domain.com CNAME walled-garden.isp.net \n \nAn example of an RPZ rule which causes an NXDOMAIN response to be returned is: \n \n*.malicious-domain.com CNAME . \n \nPlease refer to the BIND 9 Administrative Reference Manual or to _[_ISC Technical Note 2010-1_](<http://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt>)_ for more information about the Response Policy Zone (RPZ) feature which was added to BIND 9 in Version 9.8.0._ \n \n--- \n \n### Vendor Information\n\n137968\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Internet Systems Consortium \n\nNotified: June 16, 2011 Updated: July 05, 2011 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<http://www.isc.org/software/bind/advisories/cve-2011-2465\nhttp://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt>\n\n### __ Red Hat, Inc. \n\nUpdated: July 07, 2011 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vendor References\n\n<https://bugzilla.redhat.com/CVE-2011-2465>\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://www.isc.org/software/bind/advisories/cve-2011-2465>\n * <http://ftp.isc.org/isc/dnsrpz/isc-tn-2010-1.txt>\n\n### Credit\n\nThanks to Internet Systems Consortium for reporting this vulnerability. \n\nThis document was written by Michael Orlando. \n\n### Other Information\n\n**CVE IDs:** | [CVE-2011-2465](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2465>) \n---|--- \n**Severity Metric:****** | 17.85 \n**Date Public:** | 2011-07-05 \n**Date First Published:** | 2011-07-05 \n**Date Last Updated: ** | 2011-07-07 14:21 UTC \n**Document Revision: ** | 14 \n", "modified": "2011-07-07T14:21:00", "published": "2011-07-05T00:00:00", "id": "VU:137968", "href": "https://www.kb.cert.org/vuls/id/137968", "type": "cert", "title": "ISC BIND 9 RPZ zone named denial-of-service vulnerability", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "description": "### Background\n\nBIND is the Berkeley Internet Name Domain Server.\n\n### Description\n\nMultiple vulnerabilities have been discovered in BIND. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nThe vulnerabilities allow remote attackers to cause a Denial of Service (daemon crash) via a DNS query, to bypass intended access restrictions, to incorrectly cache a ncache entry and a rrsig for the same type and to incorrectly mark zone data as insecure. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll bind users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-dns/bind-9.7.4_p1\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since December 22, 2011. It is likely that your system is already no longer affected by this issue.", "modified": "2012-06-02T00:00:00", "published": "2012-06-02T00:00:00", "id": "GLSA-201206-01", "href": "https://security.gentoo.org/glsa/201206-01", "type": "gentoo", "title": "BIND: Multiple vulnerabilities", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}
